mirror of https://github.com/zulip/zulip.git
groups: Accept anonymous groups for can_access_all_users_group.
On the frontend, the selection is still a dropdown of system groups but on the API level, we have started accepting anonymous groups similar to other settings We've kept require system groups true for now until we switch to group picker on the frontend.
This commit is contained in:
Shubham Padia
Tim Abbott
parent
ceb0197c1b
commit
9f9d5b2f98
|
|
@ -27,6 +27,11 @@ format used by the Zulip server that they are interacting with.
|
||||||
by `create_multiuse_invite_group` realm setting, which is a now a
|
by `create_multiuse_invite_group` realm setting, which is a now a
|
||||||
[group-setting value](/api/group-setting-values) instead of an
|
[group-setting value](/api/group-setting-values) instead of an
|
||||||
integer ID of the group.
|
integer ID of the group.
|
||||||
|
* `PATCH /realm`, [`POST /register`](/api/register-queue),
|
||||||
|
[`GET /events`](/api/get-events): Anonymous groups are now accepted
|
||||||
|
by `can_access_all_users_group` realm setting, which is a now a
|
||||||
|
[group-setting value](/api/group-setting-values) instead of an
|
||||||
|
integer ID of the group.
|
||||||
|
|
||||||
**Feature level 313**
|
**Feature level 313**
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1044,6 +1044,7 @@ export function populate_data_for_realm_settings_request(
|
||||||
}
|
}
|
||||||
|
|
||||||
const realm_group_settings_using_new_api_format = new Set([
|
const realm_group_settings_using_new_api_format = new Set([
|
||||||
|
"can_access_all_users_group",
|
||||||
"can_add_custom_emoji_group",
|
"can_add_custom_emoji_group",
|
||||||
"can_create_groups",
|
"can_create_groups",
|
||||||
"can_create_private_channel_group",
|
"can_create_private_channel_group",
|
||||||
|
|
|
||||||
|
|
@ -1067,7 +1067,7 @@ group_setting_update_data_type = DictType(
|
||||||
required_keys=[],
|
required_keys=[],
|
||||||
optional_keys=[
|
optional_keys=[
|
||||||
("create_multiuse_invite_group", group_setting_type),
|
("create_multiuse_invite_group", group_setting_type),
|
||||||
("can_access_all_users_group", int),
|
("can_access_all_users_group", group_setting_type),
|
||||||
("can_add_custom_emoji_group", group_setting_type),
|
("can_add_custom_emoji_group", group_setting_type),
|
||||||
("can_create_groups", group_setting_type),
|
("can_create_groups", group_setting_type),
|
||||||
("can_create_public_channel_group", group_setting_type),
|
("can_create_public_channel_group", group_setting_type),
|
||||||
|
|
|
||||||
|
|
@ -809,6 +809,7 @@ class Realm(models.Model): # type: ignore[django-manager-missing] # django-stub
|
||||||
|
|
||||||
REALM_PERMISSION_GROUP_SETTINGS_WITH_NEW_API_FORMAT = [
|
REALM_PERMISSION_GROUP_SETTINGS_WITH_NEW_API_FORMAT = [
|
||||||
"create_multiuse_invite_group",
|
"create_multiuse_invite_group",
|
||||||
|
"can_access_all_users_group",
|
||||||
"can_add_custom_emoji_group",
|
"can_add_custom_emoji_group",
|
||||||
"can_create_groups",
|
"can_create_groups",
|
||||||
"can_create_private_channel_group",
|
"can_create_private_channel_group",
|
||||||
|
|
@ -1190,10 +1191,10 @@ def get_realm_by_id(realm_id: int) -> Realm:
|
||||||
|
|
||||||
def get_realm_with_settings(realm_id: int) -> Realm:
|
def get_realm_with_settings(realm_id: int) -> Realm:
|
||||||
# Prefetch the following settings:
|
# Prefetch the following settings:
|
||||||
# * All the settings that can be set to anonymous groups.
|
|
||||||
# This also prefetches can_access_all_users_group setting,
|
# This also prefetches can_access_all_users_group setting,
|
||||||
# even when it cannot be set to anonymous groups because
|
# even when it cannot be set to anonymous groups because
|
||||||
# the setting is used when fetching users in the realm.
|
# the setting is used when fetching users in the realm.
|
||||||
|
# * All the settings that can be set to anonymous groups.
|
||||||
# * Announcements streams.
|
# * Announcements streams.
|
||||||
return Realm.objects.select_related(
|
return Realm.objects.select_related(
|
||||||
"create_multiuse_invite_group",
|
"create_multiuse_invite_group",
|
||||||
|
|
|
||||||
|
|
@ -4401,15 +4401,17 @@ paths:
|
||||||
The [policy](/api/roles-and-permissions#permission-levels)
|
The [policy](/api/roles-and-permissions#permission-levels)
|
||||||
for which users can create bot users in this organization.
|
for which users can create bot users in this organization.
|
||||||
can_access_all_users_group:
|
can_access_all_users_group:
|
||||||
type: integer
|
allOf:
|
||||||
description: |
|
- $ref: "#/components/schemas/GroupSettingValue"
|
||||||
The ID of the [user group](/api/get-user-groups) whose members
|
- description: |
|
||||||
are allowed to access all users in the organization.
|
A [group-setting value](/api/group-setting-values) defining the
|
||||||
|
set of users who are allowed to access all users in the
|
||||||
|
organization.
|
||||||
|
|
||||||
This setting can currently only be set to `"role:everyone"`
|
**Changes**: Prior to Zulip 10.0 (feature level 314), this value used
|
||||||
system group.
|
to be of type integer and did not accept anonymous user groups.
|
||||||
|
|
||||||
**Changes**: New in Zulip 8.0 (feature level 225).
|
New in Zulip 8.0 (feature level 225).
|
||||||
can_create_groups:
|
can_create_groups:
|
||||||
allOf:
|
allOf:
|
||||||
- $ref: "#/components/schemas/GroupSettingValue"
|
- $ref: "#/components/schemas/GroupSettingValue"
|
||||||
|
|
@ -17227,15 +17229,17 @@ paths:
|
||||||
|
|
||||||
**Changes**: New in Zulip 8.0 (feature level 216).
|
**Changes**: New in Zulip 8.0 (feature level 216).
|
||||||
realm_can_access_all_users_group:
|
realm_can_access_all_users_group:
|
||||||
type: integer
|
allOf:
|
||||||
description: |
|
- $ref: "#/components/schemas/GroupSettingValue"
|
||||||
The ID of the [user group](/api/get-user-groups) whose members
|
- description: |
|
||||||
are allowed to access all users in the organization.
|
A [group-setting value](/api/group-setting-values) defining the
|
||||||
|
set of users who are allowed to access all users in the
|
||||||
|
organization.
|
||||||
|
|
||||||
This setting can currently only be set to `"role:members"`
|
**Changes**: Prior to Zulip 10.0 (feature level 314), this value used
|
||||||
and `"role:everyone"` system groups.
|
to be of type integer and did not accept anonymous user groups.
|
||||||
|
|
||||||
**Changes**: New in Zulip 8.0 (feature level 225).
|
New in Zulip 8.0 (feature level 225).
|
||||||
zulip_plan_is_not_limited:
|
zulip_plan_is_not_limited:
|
||||||
type: boolean
|
type: boolean
|
||||||
description: |
|
description: |
|
||||||
|
|
|
||||||
|
|
@ -1828,16 +1828,22 @@ class RealmAPITest(ZulipTestCase):
|
||||||
result = self.client_patch("/json/realm", {setting_name: value})
|
result = self.client_patch("/json/realm", {setting_name: value})
|
||||||
self.assert_json_error(result, f"'{setting_name}' must be a system user group.")
|
self.assert_json_error(result, f"'{setting_name}' must be a system user group.")
|
||||||
|
|
||||||
|
group = admins_group
|
||||||
|
if setting_permission_configuration.allowed_system_groups:
|
||||||
|
group = NamedUserGroup.objects.get(
|
||||||
|
name=setting_permission_configuration.allowed_system_groups[0], realm=realm
|
||||||
|
)
|
||||||
|
|
||||||
value = orjson.dumps(
|
value = orjson.dumps(
|
||||||
{
|
{
|
||||||
"new": {
|
"new": {
|
||||||
"direct_members": [],
|
"direct_members": [],
|
||||||
"direct_subgroups": [admins_group.id],
|
"direct_subgroups": [group.id],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
).decode()
|
).decode()
|
||||||
realm = self.update_with_api(setting_name, value)
|
realm = self.update_with_api(setting_name, value)
|
||||||
self.assertEqual(getattr(realm, setting_name), admins_group.usergroup_ptr)
|
self.assertEqual(getattr(realm, setting_name), group.usergroup_ptr)
|
||||||
|
|
||||||
def do_test_realm_permission_group_setting_update_api_with_anonymous_groups(
|
def do_test_realm_permission_group_setting_update_api_with_anonymous_groups(
|
||||||
self, setting_name: str
|
self, setting_name: str
|
||||||
|
|
@ -2377,12 +2383,12 @@ class RealmAPITest(ZulipTestCase):
|
||||||
self.login("iago")
|
self.login("iago")
|
||||||
|
|
||||||
members_group = NamedUserGroup.objects.get(name="role:members", realm=realm)
|
members_group = NamedUserGroup.objects.get(name="role:members", realm=realm)
|
||||||
req = {"can_access_all_users_group": orjson.dumps(members_group.id).decode()}
|
req = {"can_access_all_users_group": orjson.dumps({"new": members_group.id}).decode()}
|
||||||
result = self.client_patch("/json/realm", req)
|
result = self.client_patch("/json/realm", req)
|
||||||
self.assert_json_error(result, "Available on Zulip Cloud Plus. Upgrade to access.")
|
self.assert_json_error(result, "Available on Zulip Cloud Plus. Upgrade to access.")
|
||||||
|
|
||||||
do_change_realm_plan_type(realm, Realm.PLAN_TYPE_STANDARD, acting_user=None)
|
do_change_realm_plan_type(realm, Realm.PLAN_TYPE_STANDARD, acting_user=None)
|
||||||
req = {"can_access_all_users_group": orjson.dumps(members_group.id).decode()}
|
req = {"can_access_all_users_group": orjson.dumps({"new": members_group.id}).decode()}
|
||||||
result = self.client_patch("/json/realm", req)
|
result = self.client_patch("/json/realm", req)
|
||||||
self.assert_json_error(result, "Available on Zulip Cloud Plus. Upgrade to access.")
|
self.assert_json_error(result, "Available on Zulip Cloud Plus. Upgrade to access.")
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -172,9 +172,7 @@ def update_realm(
|
||||||
ApiParamConfig("move_messages_between_streams_limit_seconds"),
|
ApiParamConfig("move_messages_between_streams_limit_seconds"),
|
||||||
] = None,
|
] = None,
|
||||||
enable_guest_user_indicator: Json[bool] | None = None,
|
enable_guest_user_indicator: Json[bool] | None = None,
|
||||||
can_access_all_users_group_id: Annotated[
|
can_access_all_users_group: Json[GroupSettingChangeRequest] | None = None,
|
||||||
Json[int] | None, ApiParamConfig("can_access_all_users_group")
|
|
||||||
] = None,
|
|
||||||
) -> HttpResponse:
|
) -> HttpResponse:
|
||||||
# Realm object is being refetched here to make sure that we
|
# Realm object is being refetched here to make sure that we
|
||||||
# do not use stale object from cache which can happen when a
|
# do not use stale object from cache which can happen when a
|
||||||
|
|
@ -241,7 +239,7 @@ def update_realm(
|
||||||
if enable_spectator_access:
|
if enable_spectator_access:
|
||||||
realm.ensure_not_on_limited_plan()
|
realm.ensure_not_on_limited_plan()
|
||||||
|
|
||||||
if can_access_all_users_group_id is not None:
|
if can_access_all_users_group is not None:
|
||||||
realm.can_enable_restricted_user_access_for_guests()
|
realm.can_enable_restricted_user_access_for_guests()
|
||||||
|
|
||||||
data: dict[str, Any] = {}
|
data: dict[str, Any] = {}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue