users: Add ROLE_TO_ACCESSIBLE_EMAIL_ADDRESS_VISIBILITY_IDS dict.

This is helpful for taking an "acting user" and getting the list of email_address_visibility values such that the UserProfiles with those values of the setting permit the acting user to view their deliver_email. This can be used for a query "all users whose delivery_email is viewable by <requester>" in an upcoming commit. The added code is ugly, but at least it lets us simplify some similarly ugly logic in can_access_delivery_email.
2024-09-28 23:03:55 +02:00 · 2024-09-28 23:03:55 +02:00 · 8e51442043
parent 6c62ce567f
commit 8e51442043
2 changed files with 33 additions and 14 deletions
--- a/zerver/lib/users.py
+++ b/zerver/lib/users.py
@ -510,20 +510,10 @@ def can_access_delivery_email(
    if target_user_id == user_profile.id:
        return True

-    # Bots always have email_address_visibility as EMAIL_ADDRESS_VISIBILITY_EVERYONE.
-    if email_address_visibility == UserProfile.EMAIL_ADDRESS_VISIBILITY_EVERYONE:
-        return True
-
-    if email_address_visibility == UserProfile.EMAIL_ADDRESS_VISIBILITY_ADMINS:
-        return user_profile.is_realm_admin
-
-    if email_address_visibility == UserProfile.EMAIL_ADDRESS_VISIBILITY_MODERATORS:
-        return user_profile.is_realm_admin or user_profile.is_moderator
-
-    if email_address_visibility == UserProfile.EMAIL_ADDRESS_VISIBILITY_MEMBERS:
-        return not user_profile.is_guest
-
-    return False
+    return (
+        email_address_visibility
+        in UserProfile.ROLE_TO_ACCESSIBLE_EMAIL_ADDRESS_VISIBILITY_IDS[user_profile.role]
+    )


 class APIUserDict(TypedDict):
--- a/zerver/models/users.py
+++ b/zerver/models/users.py
@ -523,6 +523,35 @@ class UserProfile(AbstractBaseUser, PermissionsMixin, UserBaseSettings):
        ROLE_GUEST,
    ]

+    # Maps: user_profile.role -> which email_address_visibility values
+    # allow user_profile to see their email address.
+    ROLE_TO_ACCESSIBLE_EMAIL_ADDRESS_VISIBILITY_IDS = {
+        ROLE_REALM_OWNER: [
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_ADMINS,
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_MODERATORS,
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_MEMBERS,
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_EVERYONE,
+        ],
+        ROLE_REALM_ADMINISTRATOR: [
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_ADMINS,
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_MODERATORS,
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_MEMBERS,
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_EVERYONE,
+        ],
+        ROLE_MODERATOR: [
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_MODERATORS,
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_MEMBERS,
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_EVERYONE,
+        ],
+        ROLE_MEMBER: [
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_MEMBERS,
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_EVERYONE,
+        ],
+        ROLE_GUEST: [
+            UserBaseSettings.EMAIL_ADDRESS_VISIBILITY_EVERYONE,
+        ],
+    }
+
    # Whether the user has been "soft-deactivated" due to weeks of inactivity.
    # For these users we avoid doing UserMessage table work, as an optimization
    # for large Zulip organizations with lots of single-visit users.