Add a decorator for checking whether a user is a realm administrator.

(imported from commit 8ba2c54ccd0a92e8c7ab8f1a8873e581f6cadd51)
2013-12-09 16:12:18 -05:00 · 2013-12-09 16:12:18 -05:00 · cd45cdd451
parent 8e0cf79f91
commit cd45cdd451
2 changed files with 12 additions and 7 deletions
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@ -86,6 +86,14 @@ def require_post(func):
        return func(request, *args, **kwargs)
    return wrapper

+def require_realm_admin(func):
+    @wraps(func)
+    def wrapper(request, user_profile, *args, **kwargs):
+        if not user_profile.has_perm('administer', user_profile.realm):
+            raise JsonableError("Must be a realm administrator")
+        return func(request, user_profile, *args, **kwargs)
+    return wrapper
+
 default_clients = {}

 def process_client(request, user_profile, default):
--- a/zerver/views/init.py
+++ b/zerver/views/init.py
@ -57,7 +57,8 @@ from zerver.decorator import require_post, \
    authenticated_api_view, authenticated_json_post_view, \
    has_request_variables, authenticated_json_view, \
    to_non_negative_int, json_to_dict, json_to_list, json_to_bool, \
-    JsonableError, get_user_profile_by_email, process_as_post, REQ
+    JsonableError, get_user_profile_by_email, process_as_post, REQ, \
+    require_realm_admin
 from zerver.lib.query import last_n
 from zerver.lib.avatar import avatar_url, get_avatar_url
 from zerver.lib.upload import upload_message_image_through_web_client, upload_avatar_image, \
@ -1536,10 +1537,8 @@ def get_public_streams_backend(request, user_profile):

@authenticated_json_post_view
@has_request_variables
+@require_realm_admin
 def json_rename_stream(request, user_profile, old_name=REQ, new_name=REQ):
-    if not user_profile.has_perm('administer', user_profile.realm):
-        return json_error("Insufficient permission to rename stream")
-
    return json_success(do_rename_stream(user_profile.realm, old_name, new_name))

@authenticated_api_view
@ -2132,15 +2131,13 @@ def reactivate_user_backend(request, user_profile, email):
    do_reactivate_user(target)
    return json_success({})

+@require_realm_admin
 def deactivate_stream_backend(request, user_profile, stream_name):
    try:
        target = get_stream(stream_name, user_profile.realm)
    except Stream.DoesNotExist:
        return json_error('No such stream name')

-    if not user_profile.is_admin():
-        return json_error('Insufficient permission')
-
    if target.invite_only:
        return json_error('Cannot administer invite-only streams this way')