group_setting_pill: Do not allow guest users for some settings.

For settings with allow_everyone_group is False, guest users
are not allowed to do the task controlled by that setting even
if the guest user is member of the group which is used for
that setting.

So, we do not show guest users in typeahead for such settings
and also not create a pill when someone types full email of
the guest user in the input.

There is no such restriction in the API and it is fine
since we eventually have the check to not give guest user
the permission.
And we still allow guests to be part of any group, so there is
no restriction on using groups containing guests as subgroups
of the anonymous groups and showing them in typeahead.
This commit is contained in:
Sahil Batra 2024-09-24 15:15:57 +05:30 committed by Tim Abbott
parent d0fbad3250
commit 758fdc87e0
3 changed files with 56 additions and 7 deletions

View File

@ -5,6 +5,7 @@ import render_input_pill from "../templates/input_pill.hbs";
import * as group_permission_settings from "./group_permission_settings"; import * as group_permission_settings from "./group_permission_settings";
import * as input_pill from "./input_pill"; import * as input_pill from "./input_pill";
import type {InputPillConfig} from "./input_pill"; import type {InputPillConfig} from "./input_pill";
import * as people from "./people";
import * as pill_typeahead from "./pill_typeahead"; import * as pill_typeahead from "./pill_typeahead";
import type {GroupSettingPill, GroupSettingPillContainer} from "./typeahead_helper"; import type {GroupSettingPill, GroupSettingPillContainer} from "./typeahead_helper";
import * as user_group_pill from "./user_group_pill"; import * as user_group_pill from "./user_group_pill";
@ -12,6 +13,7 @@ import type {UserGroupPill} from "./user_group_pill";
import * as user_groups from "./user_groups"; import * as user_groups from "./user_groups";
import type {UserGroup} from "./user_groups"; import type {UserGroup} from "./user_groups";
import * as user_pill from "./user_pill"; import * as user_pill from "./user_pill";
import type {UserPill} from "./user_pill";
function check_group_allowed_for_setting( function check_group_allowed_for_setting(
group_item: UserGroupPill, group_item: UserGroupPill,
@ -41,17 +43,37 @@ function check_group_allowed_for_setting(
); );
} }
function check_user_allowed_for_setting(
user_item: UserPill,
setting_name: string,
setting_type: "realm" | "stream" | "group",
): boolean {
const group_setting_config = group_permission_settings.get_group_permission_setting_config(
setting_name,
setting_type,
);
assert(group_setting_config !== undefined);
if (group_setting_config.allow_everyone_group) {
return true;
}
const user = people.get_by_email(user_item.email);
return user !== undefined && !user.is_guest;
}
export function create_item_from_text( export function create_item_from_text(
text: string, text: string,
current_items: GroupSettingPill[], current_items: GroupSettingPill[],
pill_config?: InputPillConfig, pill_config?: InputPillConfig,
): GroupSettingPill | undefined { ): GroupSettingPill | undefined {
const setting_name = pill_config?.setting_name;
assert(setting_name !== undefined);
const setting_type = pill_config?.setting_type;
assert(setting_type !== undefined);
const group_item = user_group_pill.create_item_from_group_name(text, current_items); const group_item = user_group_pill.create_item_from_group_name(text, current_items);
if (group_item) { if (group_item) {
const setting_name = pill_config?.setting_name;
assert(setting_name !== undefined);
const setting_type = pill_config?.setting_type;
assert(setting_type !== undefined);
if (check_group_allowed_for_setting(group_item, setting_name, setting_type)) { if (check_group_allowed_for_setting(group_item, setting_name, setting_type)) {
return group_item; return group_item;
} }
@ -59,7 +81,15 @@ export function create_item_from_text(
return undefined; return undefined;
} }
return user_pill.create_item_from_email(text, current_items); const user_item = user_pill.create_item_from_email(text, current_items);
if (user_item) {
if (check_user_allowed_for_setting(user_item, setting_name, setting_type)) {
return user_item;
}
return undefined;
}
return undefined;
} }
export function get_text_from_item(item: GroupSettingPill): string { export function get_text_from_item(item: GroupSettingPill): string {

View File

@ -148,7 +148,10 @@ export function set_up_group_setting_typeahead(
let source: GroupSettingTypeaheadItem[] = []; let source: GroupSettingTypeaheadItem[] = [];
source = user_group_pill.typeahead_source(pills, opts.setting_name, opts.setting_type); source = user_group_pill.typeahead_source(pills, opts.setting_name, opts.setting_type);
source = [...source, ...user_pill.typeahead_source(pills, true)]; source = [
...source,
...user_pill.typeahead_source(pills, true, opts.setting_name, opts.setting_type),
];
return source; return source;
}, },

View File

@ -1,7 +1,10 @@
import assert from "minimalistic-assert";
import render_input_pill from "../templates/input_pill.hbs"; import render_input_pill from "../templates/input_pill.hbs";
import * as blueslip from "./blueslip"; import * as blueslip from "./blueslip";
import type {EmojiRenderingDetails} from "./emoji"; import type {EmojiRenderingDetails} from "./emoji";
import * as group_permission_settings from "./group_permission_settings";
import type {InputPillConfig, InputPillContainer} from "./input_pill"; import type {InputPillConfig, InputPillContainer} from "./input_pill";
import * as input_pill from "./input_pill"; import * as input_pill from "./input_pill";
import type {User} from "./people"; import type {User} from "./people";
@ -146,8 +149,21 @@ export function has_unconverted_data(pill_widget: UserPillWidget): boolean {
export function typeahead_source( export function typeahead_source(
pill_widget: UserPillWidget | CombinedPillContainer | GroupSettingPillContainer, pill_widget: UserPillWidget | CombinedPillContainer | GroupSettingPillContainer,
exclude_bots?: boolean, exclude_bots?: boolean,
setting_name?: string,
setting_type?: "realm" | "stream" | "group",
): UserPillData[] { ): UserPillData[] {
const users = exclude_bots ? people.get_realm_active_human_users() : people.get_realm_users(); let users = exclude_bots ? people.get_realm_active_human_users() : people.get_realm_users();
if (setting_name !== undefined) {
assert(setting_type !== undefined);
const group_setting_config = group_permission_settings.get_group_permission_setting_config(
setting_name,
setting_type,
);
assert(group_setting_config !== undefined);
if (!group_setting_config.allow_everyone_group) {
users = users.filter((user) => !user.is_guest);
}
}
return filter_taken_users(users, pill_widget).map((user) => ({type: "user", user})); return filter_taken_users(users, pill_widget).map((user) => ({type: "user", user}));
} }