From 7e8f8551de7741260ab1864966110228a4dbc441 Mon Sep 17 00:00:00 2001 From: Tim Abbott Date: Tue, 13 Dec 2016 21:02:50 -0800 Subject: [PATCH] decorator: Change /activity to be gated on is_staff. Zulip doesn't previously make use of the standard Django is_staff flag (in that the Django admin site is disabled), but since conceptually the /activity page would be part of the Django admin site if we were using it (i.e. for server-level administrators), it makes sense to key off of that rather than the previous, fragile, check for the realm domain name. --- zerver/decorator.py | 2 +- zerver/tests/test_decorators.py | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/zerver/decorator.py b/zerver/decorator.py index 4ac2f95db8..4f6cb00a85 100644 --- a/zerver/decorator.py +++ b/zerver/decorator.py @@ -317,7 +317,7 @@ def zulip_internal(view_func): def _wrapped_view_func(request, *args, **kwargs): # type: (HttpRequest, *Any, **Any) -> HttpResponse request._query = view_func.__name__ - if request.user.realm.domain != 'zulip.com': + if not request.user.is_staff: return HttpResponseRedirect(settings.HOME_NOT_LOGGED_IN) request._email = request.user.email diff --git a/zerver/tests/test_decorators.py b/zerver/tests/test_decorators.py index 24fdf09510..e65bc9c1a1 100644 --- a/zerver/tests/test_decorators.py +++ b/zerver/tests/test_decorators.py @@ -877,6 +877,21 @@ class TestZulipLoginRequiredDecorator(ZulipTestCase): result = self.client_get('/accounts/accept_terms/') self.assertEqual(result.status_code, 302) +class TestZulipInternalDecorator(ZulipTestCase): + def test_zulip_internal_decorator(self): + user_email = 'hamlet@zulip.com' + self.login(user_email) + + result = self.client_get('/activity') + self.assertEqual(result.status_code, 302) + + user_profile = get_user_profile_by_email(user_email) + user_profile.is_staff = True + user_profile.save() + + result = self.client_get('/activity') + self.assertEqual(result.status_code, 200) + class ReturnSuccessOnHeadRequestDecorator(ZulipTestCase): def test_return_success_on_head_request_returns_200_if_request_method_is_head(self): class HeadRequest(object):