Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

settings: Use `can_manage_all_groups` to control who can manage groups. 

We also add the exception for the group creator to be able to edit their
group in this commit. This exception was added in the backend in earlier
commits.
This commit is contained in:
Shubham Padia 2024-09-16 19:02:46 +00:00 committed by Tim Abbott
parent 6e9d56eaf4
commit f0b9d610a5
7 changed files with 52 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
web/src/settings_components.ts
View File

@ -484,6 +484,7 @@ const dropdown_widget_map = new Map<string, DropdownWidget | null>([
["realm_can_access_all_users_group", null],
["can_mention_group", null],
["realm_can_create_groups", null],
["realm_can_manage_all_groups", null],
["realm_can_create_public_channel_group", null],
["realm_can_create_private_channel_group", null],
["realm_can_create_web_public_channel_group", null],
@ -804,6 +805,7 @@ export function check_realm_settings_property_changed(elem: HTMLElement): boolea
case "realm_create_multiuse_invite_group":
case "realm_can_access_all_users_group":
case "realm_can_create_groups":
case "realm_can_manage_all_groups":
case "realm_can_create_public_channel_group":
case "realm_can_create_private_channel_group":
case "realm_can_create_web_public_channel_group":
@ -1040,6 +1042,7 @@ export function populate_data_for_realm_settings_request(
const realm_group_settings_using_new_api_format = new Set([
"can_create_groups",
"can_manage_all_groups",
"can_create_private_channel_group",
"can_create_public_channel_group",
"can_create_web_public_channel_group",

20
web/src/settings_data.ts
View File

@ -189,7 +189,14 @@ export function user_can_move_messages_between_streams(): boolean {
}
export function user_can_edit_all_user_groups(): boolean {
return user_has_permission(realm.realm_user_group_edit_policy);
if (page_params.is_spectator) {
return false;
}
return user_has_permission_for_group_setting(
realm.realm_can_manage_all_groups,
"can_manage_all_groups",
"realm",
);
}
export function can_edit_user_group(group_id: number): boolean {
@ -199,6 +206,16 @@ export function can_edit_user_group(group_id: number): boolean {
let can_edit_all_user_groups = user_can_edit_all_user_groups();
const group = user_groups.get_user_group_from_id(group_id);
// This is a temporary exception and this should be removed as soon
// as `group_creator` is set as a default for `can_manage_group`
// property of user groups. See this topic for more details:
// https://chat.zulip.org/#narrow/stream/3-backend/topic/Group.20creation.20-.20who.20can.20change.20the.20setting.2E/near/1943861
if (group.creator_id && group.creator_id === current_user.user_id) {
return true;
}
if (
!current_user.is_admin &&
!current_user.is_moderator &&
@ -211,7 +228,6 @@ export function can_edit_user_group(group_id: number): boolean {
return true;
}
const group = user_groups.get_user_group_from_id(group_id);
return user_has_permission_for_group_setting(
group.can_manage_group,
"can_manage_group",

7
web/src/settings_org.js
View File

@ -512,6 +512,7 @@ export function discard_realm_property_element_changes(elem) {
case "realm_direct_message_permission_group":
case "realm_can_access_all_users_group":
case "realm_can_create_groups":
case "realm_can_manage_all_groups":
case "realm_can_create_public_channel_group":
case "realm_can_create_private_channel_group":
case "realm_can_create_web_public_channel_group":
@ -845,12 +846,6 @@ export function set_up_dropdown_widget_for_realm_group_settings() {
dropdown_list_item_click_callback = check_disable_message_delete_limit_setting_dropdown;
}
if (setting_name === "can_manage_all_groups") {
// Temporarily skip this setting until further commits
// where this setting will be ready to use.
continue;
}
set_up_dropdown_widget(
"realm_" + setting_name,
get_setting_options,

1
web/src/state_data.ts
View File

@ -286,6 +286,7 @@ const realm_schema = z.object({
realm_bot_domain: z.string(),
realm_can_access_all_users_group: z.number(),
realm_can_create_groups: z.number(),
realm_can_manage_all_groups: z.number(),
realm_can_create_public_channel_group: z.number(),
realm_can_create_private_channel_group: z.number(),
realm_can_create_web_public_channel_group: z.number(),

2
web/src/user_group_edit_members.ts
View File

@ -356,7 +356,7 @@ function remove_member({
});
}
if (people.is_my_user_id(target_user_id) && !current_user.is_admin) {
if (people.is_my_user_id(target_user_id) && !settings_data.can_edit_user_group(group_id)) {
const html_body = render_leave_user_group_modal({
message: $t({
defaultMessage: "Once you leave this group, you will not be able to rejoin.",

6
web/templates/settings/organization_permissions_admin.hbs
View File

@ -344,6 +344,12 @@
value_type="number"
is_setting_disabled=(not is_owner)}}
{{> ../dropdown_widget_with_label
widget_name="realm_can_manage_all_groups"
label=(t 'Who can manage user groups')
value_type="number"
is_setting_disabled=(not is_owner)}}
<div class="input-group">
<label for="realm_user_group_edit_policy" class="settings-field-label">{{t "Who can create and manage user groups" }}</label>
<select name="realm_user_group_edit_policy" id="id_realm_user_group_edit_policy" class="prop-element settings_select bootstrap-focus-style" data-setting-widget-type="number">

36
web/tests/settings_data.test.js
View File

@ -158,11 +158,6 @@ test_policy(
"realm_move_messages_between_streams_policy",
settings_data.user_can_move_messages_between_streams,
);
test_policy(
"user_can_edit_all_user_groups",
"realm_user_group_edit_policy",
settings_data.user_can_edit_all_user_groups,
);
test_policy(
"user_can_add_custom_emoji",
"realm_add_custom_emoji_policy",
@ -369,7 +364,7 @@ run_test("can_edit_user_group", () => {
description: "Members",
name: "role:members",
id: 3,
members: new Set([3]),
members: new Set([3, 4]),
is_system_group: true,
direct_subgroup_ids: new Set([1, 2]),
can_manage_group: 4,
@ -394,6 +389,7 @@ run_test("can_edit_user_group", () => {
direct_subgroup_ids: new Set([4, 5]),
can_manage_group: 4,
can_mention_group: 3,
creator_id: 4,
};
user_groups.initialize({
realm_user_groups: [admins, moderators, members, nobody, students],
@ -403,26 +399,31 @@ run_test("can_edit_user_group", () => {
assert.ok(!settings_data.can_edit_user_group(students.id));
page_params.is_spectator = false;
realm.realm_user_group_edit_policy = settings_config.common_policy_values.by_admins_only.code;
realm.realm_can_manage_all_groups = admins.id;
current_user.user_id = 3;
assert.ok(!settings_data.can_edit_user_group(students.id));
current_user.is_admin = true;
// non-admin group_creator
current_user.user_id = 4;
assert.ok(settings_data.can_manage_user_group(students.id));
// admin user
current_user.user_id = 1;
assert.ok(settings_data.can_edit_user_group(students.id));
current_user.is_admin = false;
current_user.is_moderator = true;
// moderator user
current_user.user_id = 2;
assert.ok(!settings_data.can_edit_user_group(students.id));
realm.realm_user_group_edit_policy = settings_config.common_policy_values.by_members.code;
current_user.is_moderator = false;
current_user.is_guest = false;
realm.realm_can_manage_all_groups = members.id;
current_user.user_id = 3;
assert.ok(!settings_data.can_edit_user_group(students.id));
current_user.user_id = 2;
assert.ok(settings_data.can_edit_user_group(students.id));
realm.realm_user_group_edit_policy = settings_config.common_policy_values.by_admins_only.code;
realm.realm_can_manage_all_groups = admins.id;
current_user.user_id = 2;
assert.ok(!settings_data.can_edit_user_group(students.id));
const event = {
@ -505,6 +506,13 @@ run_test("user_can_create_user_groups", () => {
test_realm_group_settings("realm_can_create_groups", settings_data.user_can_create_user_groups);
});
run_test("user_can_edit_all_user_groups", () => {
test_realm_group_settings(
"realm_can_manage_all_groups",
settings_data.user_can_edit_all_user_groups,
);
});
run_test("user_can_create_private_streams", () => {
test_realm_group_settings(
"realm_can_create_private_channel_group",