invitations: Move resend/revoke error handling out of actions.py.

zerver/lib/actions.py

@@ -4011,15 +4011,7 @@ def do_get_user_invites(user_profile: UserProfile) -> List[Dict[str, Any]]:
 
     return invites
 
-def do_revoke_user_invite(invite_id: int, realm_id: int) -> None:
-    try:
-        prereg_user = PreregistrationUser.objects.get(id=invite_id)
-    except PreregistrationUser.DoesNotExist:
-        raise JsonableError(_("Invalid invitation ID."))
-
-    if prereg_user.referred_by.realm_id != realm_id:
-        raise JsonableError(_("Invalid invitation ID."))
-
+def do_revoke_user_invite(prereg_user: PreregistrationUser) -> None:
     email = prereg_user.email
 
     # Delete both the confirmation objects and the prereg_user object.
@@ -4032,15 +4024,7 @@ def do_revoke_user_invite(invite_id: int, realm_id: int) -> None:
     prereg_user.delete()
     clear_scheduled_invitation_emails(email)
 
-def do_resend_user_invite_email(invite_id: int, realm_id: int) -> str:
-    try:
-        prereg_user = PreregistrationUser.objects.get(id=invite_id)
-    except PreregistrationUser.DoesNotExist:
-        raise JsonableError(_("Invalid invitation ID."))
-
-    if (prereg_user.referred_by.realm_id != realm_id):
-        raise JsonableError(_("Invalid invitation ID."))
-
+def do_resend_user_invite_email(prereg_user: PreregistrationUser) -> str:
     check_invite_limit(prereg_user.referred_by, 1)
 
     prereg_user.invited_at = timezone_now()

zerver/tests/test_signup.py

@@ -1003,6 +1003,16 @@ class InvitationsTestCase(InviteUserBase):
 
         self.check_sent_emails([invitee], custom_from_name="Zulip")
 
+    def test_accessing_invites_in_another_realm(self) -> None:
+        invitor = UserProfile.objects.exclude(realm=get_realm('zulip')).first()
+        prereg_user = PreregistrationUser.objects.create(
+            email='email', referred_by=invitor, realm=invitor.realm)
+        self.login(self.example_email("iago"))
+        error_result = self.client_post('/json/invites/' + str(prereg_user.id) + '/resend')
+        self.assert_json_error(error_result, "Invalid invitation ID.")
+        error_result = self.client_delete('/json/invites/' + str(prereg_user.id))
+        self.assert_json_error(error_result, "Invalid invitation ID.")
+
 class InviteeEmailsParserTests(TestCase):
     def setUp(self) -> None:
         self.email1 = "email1@zulip.com"

zerver/views/invite.py

@@ -74,12 +74,28 @@ def get_user_invites(request: HttpRequest, user_profile: UserProfile) -> HttpRes
 @has_request_variables
 def revoke_user_invite(request: HttpRequest, user_profile: UserProfile,
                        prereg_id: int) -> HttpResponse:
-    do_revoke_user_invite(prereg_id, user_profile.realm_id)
+    try:
+        prereg_user = PreregistrationUser.objects.get(id=prereg_id)
+    except PreregistrationUser.DoesNotExist:
+        raise JsonableError(_("Invalid invitation ID."))
+
+    if prereg_user.referred_by.realm != user_profile.realm:
+        raise JsonableError(_("Invalid invitation ID."))
+
+    do_revoke_user_invite(prereg_user)
     return json_success()
 
 @require_realm_admin
 @has_request_variables
 def resend_user_invite_email(request: HttpRequest, user_profile: UserProfile,
                              prereg_id: int) -> HttpResponse:
-    timestamp = do_resend_user_invite_email(prereg_id, user_profile.realm_id)
+    try:
+        prereg_user = PreregistrationUser.objects.get(id=prereg_id)
+    except PreregistrationUser.DoesNotExist:
+        raise JsonableError(_("Invalid invitation ID."))
+
+    if (prereg_user.referred_by.realm != user_profile.realm):
+        raise JsonableError(_("Invalid invitation ID."))
+
+    timestamp = do_resend_user_invite_email(prereg_user)
     return json_success({'timestamp': timestamp})