From e1c809a71ea4d0efe2992a662d0802d362388a8c Mon Sep 17 00:00:00 2001
From: Lauryn Menard <lauryn@zulip.com>
Date: Tue, 13 Jun 2023 19:23:32 +0200
Subject: [PATCH] api-docs: Clarify what topics are returned by
 `get-stream-topics`.

Updates the main description for the `get-stream-topics` endpoint
so that it is clear that the topics for private streams with protected
history are limited to the topics / messages the user has access to.

And updates that documentation and the help center documentation for
bot permissions / abilities, to clarify that bots have the same
restriction and can only access messages / topics that are sent after
the bot (not the bot's owner) subscribed to the stream.
---
 help/bots-and-integrations.md | 5 +++++
 zerver/openapi/zulip.yaml     | 9 ++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/help/bots-and-integrations.md b/help/bots-and-integrations.md
index 24659e16f3..b4b6d9cd7f 100644
--- a/help/bots-and-integrations.md
+++ b/help/bots-and-integrations.md
@@ -55,6 +55,11 @@ A few more details:
 * Bots can be subscribed to streams, and their role can be modified if
   they need to have permission to do administrative actions.
 
+* [Stream permissions](/help/stream-permissions) are the same for bots
+  as for other users. Therefore, for private streams with protected
+  history, a bot can only access messages sent after it subscribed
+  to the stream.
+
 * **Generic**: A generic bot is like a normal Zulip user account that
   cannot log in via a browser.  Note that if you truly want to
   impersonate yourself (e.g. write messages that come from your Zulip
diff --git a/zerver/openapi/zulip.yaml b/zerver/openapi/zulip.yaml
index c869bd1857..1e864146a2 100644
--- a/zerver/openapi/zulip.yaml
+++ b/zerver/openapi/zulip.yaml
@@ -8283,7 +8283,14 @@ paths:
       summary: Get topics in a stream
       tags: ["streams"]
       description: |
-        Get all the topics in a specific stream
+        Get all topics the user has access to in a specific stream.
+
+        Note that for private streams with [protected
+        history](/help/stream-permissions), the user will only have access to
+        topics of messages sent after they [subscribed to](/api/subscribe) the
+        stream. Similarly, a user's [bot](/help/bots-and-integrations#bot-type)
+        will only have access to messages sent after the bot was subscribed to
+        the stream, instead of when the user subscribed.
       parameters:
         - $ref: "#/components/parameters/StreamIdInPath"
       responses: