user_groups: Add can_join_group setting for user group.

This field will be used to control permission for who can
join a user group.

Fixes part of #25938.
This commit is contained in:
Sahil Batra 2024-09-19 16:11:22 +05:30 committed by Tim Abbott
parent a073eaa534
commit e1d7f57da7
10 changed files with 183 additions and 5 deletions

View File

@ -20,6 +20,15 @@ format used by the Zulip server that they are interacting with.
## Changes in Zulip 10.0 ## Changes in Zulip 10.0
**Feature level 301**
* [`POST /user_groups/create`](/api/create-user-group): Added `can_join_group`
parameter to support setting the user group whose members can join the user
group.
* [`PATCH /user_groups/{user_group_id}`](/api/update-user-group): Added
`can_join_group` parameter to support changing the user group whose
members can join the specified user group.
**Feature level 300** **Feature level 300**
* [`GET /messages`](/api/get-message): Added a new message_ids parameter, * [`GET /messages`](/api/get-message): Added a new message_ids parameter,

View File

@ -757,6 +757,7 @@ def bulk_import_named_user_groups(data: TableData) -> None:
group["name"], group["name"],
group["description"], group["description"],
group["is_system_group"], group["is_system_group"],
group["can_join_group_id"],
group["can_manage_group_id"], group["can_manage_group_id"],
group["can_mention_group_id"], group["can_mention_group_id"],
group["deactivated"], group["deactivated"],
@ -767,7 +768,7 @@ def bulk_import_named_user_groups(data: TableData) -> None:
query = SQL( query = SQL(
""" """
INSERT INTO zerver_namedusergroup (usergroup_ptr_id, realm_id, name, description, is_system_group, can_manage_group_id, can_mention_group_id, deactivated, date_created) INSERT INTO zerver_namedusergroup (usergroup_ptr_id, realm_id, name, description, is_system_group, can_join_group_id, can_manage_group_id, can_mention_group_id, deactivated, date_created)
VALUES %s VALUES %s
""" """
) )

View File

@ -819,7 +819,7 @@ def bulk_create_system_user_groups(groups: list[dict[str, str]], realm: Realm) -
user_group_ids = [id for (id,) in cursor.fetchall()] user_group_ids = [id for (id,) in cursor.fetchall()]
rows = [ rows = [
SQL("({},{},{},{},{},{},{},{})").format( SQL("({},{},{},{},{},{},{},{},{})").format(
Literal(user_group_ids[idx]), Literal(user_group_ids[idx]),
Literal(realm.id), Literal(realm.id),
Literal(group["name"]), Literal(group["name"]),
@ -827,13 +827,14 @@ def bulk_create_system_user_groups(groups: list[dict[str, str]], realm: Realm) -
Literal(True), Literal(True),
Literal(initial_group_setting_value), Literal(initial_group_setting_value),
Literal(initial_group_setting_value), Literal(initial_group_setting_value),
Literal(initial_group_setting_value),
Literal(False), Literal(False),
) )
for idx, group in enumerate(groups) for idx, group in enumerate(groups)
] ]
query = SQL( query = SQL(
""" """
INSERT INTO zerver_namedusergroup (usergroup_ptr_id, realm_id, name, description, is_system_group, can_manage_group_id, can_mention_group_id, deactivated) INSERT INTO zerver_namedusergroup (usergroup_ptr_id, realm_id, name, description, is_system_group, can_join_group_id, can_manage_group_id, can_mention_group_id, deactivated)
VALUES {rows} VALUES {rows}
""" """
).format(rows=SQL(", ").join(rows)) ).format(rows=SQL(", ").join(rows))
@ -915,7 +916,7 @@ def create_system_user_groups_for_realm(realm: Realm) -> dict[int, NamedUserGrou
user_group = set_defaults_for_group_settings(group, {}, system_groups_name_dict) user_group = set_defaults_for_group_settings(group, {}, system_groups_name_dict)
groups_with_updated_settings.append(user_group) groups_with_updated_settings.append(user_group)
NamedUserGroup.objects.bulk_update( NamedUserGroup.objects.bulk_update(
groups_with_updated_settings, ["can_manage_group", "can_mention_group"] groups_with_updated_settings, ["can_join_group", "can_manage_group", "can_mention_group"]
) )
subgroup_objects: list[GroupGroupMembership] = [] subgroup_objects: list[GroupGroupMembership] = []

View File

@ -0,0 +1,23 @@
# Generated by Django 5.0.8 on 2024-09-19 10:34
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("zerver", "0595_add_realmexport_table_and_backfill"),
]
operations = [
migrations.AddField(
model_name="namedusergroup",
name="can_join_group",
field=models.ForeignKey(
null=True,
on_delete=django.db.models.deletion.RESTRICT,
related_name="+",
to="zerver.usergroup",
),
),
]

View File

@ -0,0 +1,56 @@
# Generated by Django 5.0.8 on 2024-09-19 10:34
from django.db import migrations, transaction
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
from django.db.migrations.state import StateApps
from django.db.models import Max, Min, OuterRef
def set_default_value_for_can_join_group(
apps: StateApps, schema_editor: BaseDatabaseSchemaEditor
) -> None:
NamedUserGroup = apps.get_model("zerver", "NamedUserGroup")
BATCH_SIZE = 1000
max_id = NamedUserGroup.objects.filter(can_join_group=None).aggregate(Max("id"))["id__max"]
if max_id is None:
# Do nothing if there are no user groups on the server.
return
lower_bound = NamedUserGroup.objects.filter(can_join_group=None).aggregate(Min("id"))["id__min"]
while lower_bound <= max_id + BATCH_SIZE / 2:
upper_bound = lower_bound + BATCH_SIZE - 1
print(f"Processing batch {lower_bound} to {upper_bound} for NamedUserGroup")
with transaction.atomic():
# Owners will naturally have the permission to join the
# group via their permission to manage all groups or add
# anyone to this group.
NamedUserGroup.objects.filter(
id__range=(lower_bound, upper_bound),
can_join_group=None,
).update(
can_join_group=NamedUserGroup.objects.filter(
name="role:nobody",
realm_for_sharding=OuterRef("realm_for_sharding"),
is_system_group=True,
).values("pk")
)
lower_bound += BATCH_SIZE
class Migration(migrations.Migration):
atomic = False
dependencies = [
("zerver", "0596_namedusergroup_can_join_group"),
]
operations = [
migrations.RunPython(
set_default_value_for_can_join_group,
elidable=True,
reverse_code=migrations.RunPython.noop,
)
]

View File

@ -0,0 +1,22 @@
# Generated by Django 5.0.8 on 2024-09-19 10:40
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("zerver", "0597_set_default_value_for_can_join_group"),
]
operations = [
migrations.AlterField(
model_name="namedusergroup",
name="can_join_group",
field=models.ForeignKey(
on_delete=django.db.models.deletion.RESTRICT,
related_name="+",
to="zerver.usergroup",
),
),
]

View File

@ -59,6 +59,7 @@ class NamedUserGroup(UserGroup): # type: ignore[django-manager-missing] # djang
) )
is_system_group = models.BooleanField(default=False, db_column="is_system_group") is_system_group = models.BooleanField(default=False, db_column="is_system_group")
can_join_group = models.ForeignKey(UserGroup, on_delete=models.RESTRICT, related_name="+")
can_manage_group = models.ForeignKey(UserGroup, on_delete=models.RESTRICT, related_name="+") can_manage_group = models.ForeignKey(UserGroup, on_delete=models.RESTRICT, related_name="+")
can_mention_group = models.ForeignKey( can_mention_group = models.ForeignKey(
UserGroup, on_delete=models.RESTRICT, db_column="can_mention_group_id" UserGroup, on_delete=models.RESTRICT, db_column="can_mention_group_id"
@ -94,6 +95,16 @@ class NamedUserGroup(UserGroup): # type: ignore[django-manager-missing] # djang
} }
GROUP_PERMISSION_SETTINGS = { GROUP_PERMISSION_SETTINGS = {
"can_join_group": GroupPermissionSetting(
require_system_group=False,
allow_internet_group=False,
allow_owners_group=True,
allow_nobody_group=True,
allow_everyone_group=False,
default_group_name=SystemGroups.NOBODY,
default_for_system_groups=SystemGroups.NOBODY,
id_field_name="can_join_group_id",
),
"can_manage_group": GroupPermissionSetting( "can_manage_group": GroupPermissionSetting(
require_system_group=False, require_system_group=False,
allow_internet_group=False, allow_internet_group=False,

View File

@ -264,6 +264,7 @@ def get_temp_user_group_id() -> dict[str, object]:
user_group, _ = NamedUserGroup.objects.get_or_create( user_group, _ = NamedUserGroup.objects.get_or_create(
name="temp", name="temp",
realm=get_realm("zulip"), realm=get_realm("zulip"),
can_join_group_id=11,
can_manage_group_id=11, can_manage_group_id=11,
can_mention_group_id=11, can_mention_group_id=11,
realm_for_sharding=get_realm("zulip"), realm_for_sharding=get_realm("zulip"),
@ -278,6 +279,7 @@ def get_temp_user_group_id_for_deactivation() -> dict[str, object]:
user_group, _ = NamedUserGroup.objects.get_or_create( user_group, _ = NamedUserGroup.objects.get_or_create(
name="temp-deactivation", name="temp-deactivation",
realm=get_realm("zulip"), realm=get_realm("zulip"),
can_join_group_id=11,
can_manage_group_id=11, can_manage_group_id=11,
can_mention_group_id=11, can_mention_group_id=11,
realm_for_sharding=get_realm("zulip"), realm_for_sharding=get_realm("zulip"),

View File

@ -20081,6 +20081,18 @@ paths:
items: items:
type: integer type: integer
example: [1, 2, 3, 4] example: [1, 2, 3, 4]
can_join_group:
allOf:
- description: |
A [group-setting value][setting-values] defining the set of users who
have permission to join this user group.
**Changes**: New in Zulip 10.0 (feature level 301).
[setting-values]: /api/group-setting-values
[system-groups]: /api/group-setting-values#system-groups
- $ref: "#/components/schemas/GroupSettingValue"
example: 11
can_manage_group: can_manage_group:
allOf: allOf:
- description: | - description: |
@ -20127,6 +20139,8 @@ paths:
encoding: encoding:
members: members:
contentType: application/json contentType: application/json
can_join_group:
contentType: application/json
can_manage_group: can_manage_group:
contentType: application/json contentType: application/json
can_mention_group: can_mention_group:
@ -20257,6 +20271,37 @@ paths:
a required field. a required field.
type: string type: string
example: The marketing team. example: The marketing team.
can_join_group:
description: |
The set of users who have permission to join this user group
expressed as an [update to a group-setting value][update-group-setting].
**Changes**: New in Zulip 10.0 (feature level 301).
[update-group-setting]: /api/group-setting-values#updating-group-setting-values
[system-groups]: /api/group-setting-values#system-groups
type: object
additionalProperties: false
properties:
new:
allOf:
- description: |
The new [group-setting value](/api/group-setting-values) for who would
have the permission to join the group.
- $ref: "#/components/schemas/GroupSettingValue"
old:
allOf:
- description: |
The expected current [group-setting value](/api/group-setting-values)
for who has the permission to join the group.
- $ref: "#/components/schemas/GroupSettingValue"
required:
- new
example:
{
"new": {"direct_members": [10], "direct_subgroups": [11]},
"old": 11,
}
can_manage_group: can_manage_group:
description: | description: |
The set of users who have permission to [manage this user group][manage-user-groups] The set of users who have permission to [manage this user group][manage-user-groups]
@ -20341,6 +20386,8 @@ paths:
"old": 11, "old": 11,
} }
encoding: encoding:
can_join_group:
contentType: application/json
can_manage_group: can_manage_group:
contentType: application/json contentType: application/json
can_mention_group: can_mention_group:

View File

@ -57,6 +57,7 @@ def add_user_group(
name: str, name: str,
members: Json[list[int]], members: Json[list[int]],
description: str, description: str,
can_join_group: Json[int | AnonymousSettingGroupDict] | None = None,
can_manage_group: Json[int | AnonymousSettingGroupDict] | None = None, can_manage_group: Json[int | AnonymousSettingGroupDict] | None = None,
can_mention_group: Json[int | AnonymousSettingGroupDict] | None = None, can_mention_group: Json[int | AnonymousSettingGroupDict] | None = None,
) -> HttpResponse: ) -> HttpResponse:
@ -116,12 +117,14 @@ def edit_user_group(
user_group_id: PathOnly[int], user_group_id: PathOnly[int],
name: str | None = None, name: str | None = None,
description: str | None = None, description: str | None = None,
can_join_group: Json[GroupSettingChangeRequest] | None = None,
can_manage_group: Json[GroupSettingChangeRequest] | None = None, can_manage_group: Json[GroupSettingChangeRequest] | None = None,
can_mention_group: Json[GroupSettingChangeRequest] | None = None, can_mention_group: Json[GroupSettingChangeRequest] | None = None,
) -> HttpResponse: ) -> HttpResponse:
if ( if (
name is None name is None
and description is None and description is None
and can_join_group is None
and can_manage_group is None and can_manage_group is None
and can_mention_group is None and can_mention_group is None
): ):
@ -132,7 +135,10 @@ def edit_user_group(
) )
if user_group.deactivated and ( if user_group.deactivated and (
description is not None or can_mention_group is not None or can_manage_group is not None description is not None
or can_join_group is not None
or can_mention_group is not None
or can_manage_group is not None
): ):
raise JsonableError(_("You can only change name of deactivated user groups")) raise JsonableError(_("You can only change name of deactivated user groups"))