Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

realm: Only owners should be able to configure `can_manage_all_groups`.

This commit is contained in:
Shubham Padia 2024-09-13 18:37:43 +00:00 committed by Tim Abbott
parent 2b6414acfb
commit 91953eca28
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
zerver/tests/test_realm.py
View File

@ -2401,7 +2401,7 @@ class RealmAPITest(ZulipTestCase):
self.do_test_changing_settings_by_owners_only("disallow_disposable_email_addresses") self.do_test_changing_settings_by_owners_only("disallow_disposable_email_addresses")
self.do_test_changing_settings_by_owners_only("waiting_period_threshold") self.do_test_changing_settings_by_owners_only("waiting_period_threshold")
def test_can_create_groups_setting_requires_owner(self) -> None: def do_test_changing_groups_setting_by_owners_only(self, setting_name: str) -> None:
realm = get_realm("zulip") realm = get_realm("zulip")
admins_group = NamedUserGroup.objects.get( admins_group = NamedUserGroup.objects.get(
name=SystemGroups.ADMINISTRATORS, realm=realm, is_system_group=True name=SystemGroups.ADMINISTRATORS, realm=realm, is_system_group=True
@ -2409,17 +2409,23 @@ class RealmAPITest(ZulipTestCase):
self.login("iago") self.login("iago")
result = self.client_patch( result = self.client_patch(
"/json/realm", {"can_create_groups": orjson.dumps({"new": admins_group.id}).decode()} "/json/realm", {setting_name: orjson.dumps({"new": admins_group.id}).decode()}
) )
self.assert_json_error(result, "Must be an organization owner") self.assert_json_error(result, "Must be an organization owner")
self.login("desdemona") self.login("desdemona")
result = self.client_patch( result = self.client_patch(
"/json/realm", {"can_create_groups": orjson.dumps({"new": admins_group.id}).decode()} "/json/realm", {setting_name: orjson.dumps({"new": admins_group.id}).decode()}
) )
self.assert_json_success(result) self.assert_json_success(result)
realm = get_realm("zulip") realm = get_realm("zulip")
self.assertEqual(realm.can_create_groups.id, admins_group.id) self.assertEqual(getattr(realm, setting_name).id, admins_group.id)
def test_can_create_groups_setting_requires_owner(self) -> None:
self.do_test_changing_groups_setting_by_owners_only("can_create_groups")
def test_can_manage_all_groups_setting_requires_owner(self) -> None:
self.do_test_changing_groups_setting_by_owners_only("can_manage_all_groups")
def test_enable_spectator_access_for_limited_plan_realms(self) -> None: def test_enable_spectator_access_for_limited_plan_realms(self) -> None:
self.login("iago") self.login("iago")

1
zerver/views/realm.py
View File

@ -230,6 +230,7 @@ def update_realm(
or invite_required is not None or invite_required is not None
or create_multiuse_invite_group_id is not None or create_multiuse_invite_group_id is not None
or can_create_groups is not None or can_create_groups is not None
or can_manage_all_groups is not None
) and not user_profile.is_realm_owner: ) and not user_profile.is_realm_owner:
raise OrganizationOwnerRequiredError raise OrganizationOwnerRequiredError