Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

actions.py: Block client interaction with flags in the NON_API_FLAGS. 

Raise error if flag is present in NON_API_FLAGS or is not present in
UserMessage.flags.
This commit is contained in:
Shubham Padia 2018-08-10 03:47:36 +05:30 committed by Tim Abbott
parent fe9eeecda1
commit a524d425ad
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
zerver/lib/actions.py
View File

@ -3621,6 +3621,9 @@ def do_update_message_flags(user_profile: UserProfile,
operation: str, operation: str,
flag: str, flag: str,
messages: List[int]) -> int: messages: List[int]) -> int:
valid_flags = [item for item in UserMessage.flags if item not in UserMessage.NON_API_FLAGS]
if flag not in valid_flags:
raise JsonableError(_("Invalid flag: '%s'" % (flag,)))
flagattr = getattr(UserMessage.flags, flag) flagattr = getattr(UserMessage.flags, flag)
assert messages is not None assert messages is not None

26
zerver/tests/test_messages.py
View File

@ -2386,6 +2386,32 @@ class MirroredMessageUsersTest(ZulipTestCase):
self.assertTrue(bob.is_mirror_dummy) self.assertTrue(bob.is_mirror_dummy)
class MessageAccessTests(ZulipTestCase): class MessageAccessTests(ZulipTestCase):
def test_update_invalid_flags(self) -> None:
message = self.send_personal_message(
self.example_email("cordelia"),
self.example_email("hamlet"),
"hello",
)
self.login(self.example_email("hamlet"))
result = self.client_post("/json/messages/flags",
{"messages": ujson.dumps([message]),
"op": "add",
"flag": "invalid"})
self.assert_json_error(result, "Invalid flag: 'invalid'")
result = self.client_post("/json/messages/flags",
{"messages": ujson.dumps([message]),
"op": "add",
"flag": "is_private"})
self.assert_json_error(result, "Invalid flag: 'is_private'")
result = self.client_post("/json/messages/flags",
{"messages": ujson.dumps([message]),
"op": "add",
"flag": "active_mobile_push_notification"})
self.assert_json_error(result, "Invalid flag: 'active_mobile_push_notification'")
def change_star(self, messages: List[int], add: bool=True, **kwargs: Any) -> HttpResponse: def change_star(self, messages: List[int], add: bool=True, **kwargs: Any) -> HttpResponse:
return self.client_post("/json/messages/flags", return self.client_post("/json/messages/flags",
{"messages": ujson.dumps(messages), {"messages": ujson.dumps(messages),