streams: Restrict access to archived streams.

This commit is contained in:
sanchi-t 2024-06-05 20:15:52 +05:30 committed by Tim Abbott
parent 795b2ba14e
commit c73038edea
4 changed files with 75 additions and 4 deletions

View File

@ -386,6 +386,10 @@ def has_message_access(
# You can't access public stream messages in other realms
return False
if stream.deactivated:
# You can't access messages in deactivated streams
return False
def is_subscribed_helper() -> bool:
if is_subscribed is not None:
return is_subscribed

View File

@ -290,8 +290,13 @@ def access_stream_for_send_message(
else:
raise JsonableError(_("User not authorized for this query"))
# Deactivated streams are not accessible.
if stream.deactivated:
if archived_channel_notice:
return
raise JsonableError(
_("Not authorized to send to channel '{channel_name}'").format(channel_name=stream.name)
)
if is_cross_realm_bot_email(sender.delivery_email):
return
@ -431,7 +436,9 @@ def access_stream_common(
except Subscription.DoesNotExist:
sub = None
if check_basic_stream_access(user_profile, stream, sub, allow_realm_admin=allow_realm_admin):
if not stream.deactivated and check_basic_stream_access(
user_profile, stream, sub, allow_realm_admin=allow_realm_admin
):
return sub
# Otherwise it is a private stream and you're not on it, so throw
@ -667,6 +674,11 @@ def filter_stream_authorization(
unauthorized_streams: list[Stream] = []
for stream in streams:
# Deactivated streams are not accessible
if stream.deactivated:
unauthorized_streams.append(stream)
continue
# The user is authorized for their own streams
if stream.recipient_id in subscribed_recipient_ids:
continue

View File

@ -976,6 +976,33 @@ class EditMessageTest(ZulipTestCase):
set_message_editing_params(False, "unlimited", EditTopicPolicyEnum.ADMINS_ONLY)
do_edit_message_assert_success(id_, "G", True)
def test_edit_message_in_archived_stream(self) -> None:
user = self.example_user("hamlet")
self.login("hamlet")
stream_name = "archived stream"
archived_stream = self.make_stream(stream_name)
self.subscribe(user, stream_name)
msg_id = self.send_stream_message(
user, "archived stream", topic_name="editing", content="before edit"
)
result = self.client_patch(
f"/json/messages/{msg_id}",
{
"content": "content after edit",
},
)
self.assert_json_success(result)
do_deactivate_stream(archived_stream, acting_user=None)
result = self.client_patch(
f"/json/messages/{msg_id}",
{
"content": "editing second time",
},
)
self.assert_json_error(result, "Invalid message(s)")
def test_edit_topic_policy(self) -> None:
def set_message_editing_params(
allow_message_editing: bool,

View File

@ -30,7 +30,7 @@ from zerver.actions.realm_settings import (
do_change_realm_permission_group_setting,
do_set_realm_property,
)
from zerver.actions.streams import do_change_stream_post_policy
from zerver.actions.streams import do_change_stream_post_policy, do_deactivate_stream
from zerver.actions.user_groups import add_subgroups_to_user_group, check_add_user_group
from zerver.actions.user_settings import do_change_user_setting
from zerver.actions.users import do_change_can_forge_sender, do_deactivate_user
@ -1337,6 +1337,34 @@ class MessagePOSTTest(ZulipTestCase):
msg = self.get_last_message()
self.assertEqual(int(datetime_to_timestamp(msg.date_sent)), int(fake_timestamp))
def test_send_message_in_archived_stream(self) -> None:
self.login("hamlet")
stream_name = "archived stream"
stream = self.make_stream(stream_name)
result = self.client_post(
"/json/messages",
{
"type": "channel",
"to": orjson.dumps([stream.id]).decode(),
"content": "Test message",
"topic": "Test topic",
},
)
self.assert_json_success(result)
do_deactivate_stream(stream, acting_user=None)
result = self.client_post(
"/json/messages",
{
"type": "channel",
"to": orjson.dumps([stream.id]).decode(),
"content": "Second Test message",
"topic": "Test topic",
},
)
self.assert_json_error(result, f"Not authorized to send to channel '{stream.name}'")
def test_unsubscribed_can_forge_sender(self) -> None:
reset_email_visibility_to_everyone_in_zulip_realm()