decorator: Change /activity to be gated on is_staff.

Zulip doesn't previously make use of the standard Django is_staff flag (in that the Django admin site is disabled), but since conceptually the /activity page would be part of the Django admin site if we were using it (i.e. for server-level administrators), it makes sense to key off of that rather than the previous, fragile, check for the realm domain name.
2016-12-13 21:02:50 -08:00 · 2016-12-13 21:02:50 -08:00 · 7e8f8551de
parent 01a0d11705
commit 7e8f8551de
2 changed files with 16 additions and 1 deletions
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@ -317,7 +317,7 @@ def zulip_internal(view_func):
    def _wrapped_view_func(request, *args, **kwargs):
        # type: (HttpRequest, *Any, **Any) -> HttpResponse
        request._query = view_func.__name__
-        if request.user.realm.domain != 'zulip.com':
+        if not request.user.is_staff:
            return HttpResponseRedirect(settings.HOME_NOT_LOGGED_IN)

        request._email = request.user.email
--- a/zerver/tests/test_decorators.py
+++ b/zerver/tests/test_decorators.py
@ -877,6 +877,21 @@ class TestZulipLoginRequiredDecorator(ZulipTestCase):
                result = self.client_get('/accounts/accept_terms/')
                self.assertEqual(result.status_code, 302)

+class TestZulipInternalDecorator(ZulipTestCase):
+    def test_zulip_internal_decorator(self):
+        user_email = 'hamlet@zulip.com'
+        self.login(user_email)
+
+        result = self.client_get('/activity')
+        self.assertEqual(result.status_code, 302)
+
+        user_profile = get_user_profile_by_email(user_email)
+        user_profile.is_staff = True
+        user_profile.save()
+
+        result = self.client_get('/activity')
+        self.assertEqual(result.status_code, 200)
+
 class ReturnSuccessOnHeadRequestDecorator(ZulipTestCase):
    def test_return_success_on_head_request_returns_200_if_request_method_is_head(self):
        class HeadRequest(object):