Allow superusers to send messages to even private streams.

(imported from commit b7253174fa25d61b5bda056a5e5353e3b8ea918b)

zerver/lib/actions.py

@@ -11,7 +11,7 @@ from zerver.models import Realm, RealmEmoji, Stream, UserProfile, UserActivity,
     get_user_profile_by_id, PreregistrationUser, get_display_recipient, \
     to_dict_cache_key, get_realm, stringify_message_dict, bulk_get_recipients, \
     email_to_domain, email_to_username, display_recipient_cache_key, \
-    get_stream_cache_key, to_dict_cache_key_id
+    get_stream_cache_key, to_dict_cache_key_id, is_super_user
 from django.db import transaction, IntegrityError
 from django.db.models import F, Q
 from django.core.exceptions import ValidationError
@@ -436,9 +436,11 @@ def check_message(sender, client, message_type_name, message_to,
             raise JsonableError("Stream does not exist")
         recipient = get_recipient(Recipient.STREAM, stream.id)
 
-        if (not stream.invite_only) or subscribed_to_stream(sender, stream):
+        if (not stream.invite_only) or subscribed_to_stream(sender, stream) or \
+                is_super_user(sender):
             # This is a public stream, or it is private but you are subscribed
-            # to it. You are good to go.
+            # to it, or heck you are the super user and can do whatever you
+            # want. You are good to go.
             pass
         elif sender.is_bot and (subscribed_to_stream(sender, stream) or \
                                     subscribed_to_stream(sender.bot_owner, stream)):

zerver/models.py

@@ -25,6 +25,9 @@ import ujson
 MAX_SUBJECT_LENGTH = 60
 MAX_MESSAGE_LENGTH = 10000
 
+def is_super_user(user):
+    return user.email in ["tabbott/extra@mit.edu", "emailgateway@zulip.com"]
+
 # Doing 1000 memcached requests to get_display_recipient is quite slow,
 # so add a local cache as well as the memcached cache.
 per_process_display_recipient_cache = {}

zerver/views.py

@@ -22,7 +22,7 @@ from zerver.models import Message, UserProfile, Stream, Subscription, \
     MAX_SUBJECT_LENGTH, get_stream, bulk_get_streams, UserPresence, \
     get_recipient, valid_stream_name, to_dict_cache_key, to_dict_cache_key_id, \
     extract_message_dict, stringify_message_dict, parse_usermessage_flags, \
-    email_to_domain, email_to_username, get_realm, completely_open
+    email_to_domain, email_to_username, get_realm, completely_open, is_super_user
 from zerver.lib.actions import do_remove_subscription, bulk_remove_subscriptions, \
     do_change_password, create_mit_user_if_needed, do_change_full_name, \
     do_change_enable_desktop_notifications, do_change_enter_sends, do_change_enable_sounds, \
@@ -1193,11 +1193,8 @@ def json_update_onboarding_steps(request, user_profile,
     do_update_onboarding_steps(user_profile, onboarding_steps)
     return json_success()
 
-# Currently tabbott/extra@mit.edu is our only superuser.  TODO: Make
-# this a real superuser security check.
 def is_super_user_api(request):
-    return request.user.is_authenticated() and \
-        (request.user.email in ["tabbott/extra@mit.edu", "emailgateway@zulip.com"])
+    return request.user.is_authenticated() and is_super_user(request.user)
 
 def mit_to_mit(user_profile, email):
     # Are the sender and recipient both @mit.edu addresses?