From f67f5b76190e27ac39a3987d0551510133d32ca6 Mon Sep 17 00:00:00 2001 From: Jessica McKellar Date: Mon, 26 Aug 2013 12:09:17 -0400 Subject: [PATCH] Allow superusers to send messages to even private streams. (imported from commit b7253174fa25d61b5bda056a5e5353e3b8ea918b) --- zerver/lib/actions.py | 8 +++++--- zerver/models.py | 3 +++ zerver/views.py | 7 ++----- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/zerver/lib/actions.py b/zerver/lib/actions.py index beecc72552..e6bad46d2d 100644 --- a/zerver/lib/actions.py +++ b/zerver/lib/actions.py @@ -11,7 +11,7 @@ from zerver.models import Realm, RealmEmoji, Stream, UserProfile, UserActivity, get_user_profile_by_id, PreregistrationUser, get_display_recipient, \ to_dict_cache_key, get_realm, stringify_message_dict, bulk_get_recipients, \ email_to_domain, email_to_username, display_recipient_cache_key, \ - get_stream_cache_key, to_dict_cache_key_id + get_stream_cache_key, to_dict_cache_key_id, is_super_user from django.db import transaction, IntegrityError from django.db.models import F, Q from django.core.exceptions import ValidationError @@ -436,9 +436,11 @@ def check_message(sender, client, message_type_name, message_to, raise JsonableError("Stream does not exist") recipient = get_recipient(Recipient.STREAM, stream.id) - if (not stream.invite_only) or subscribed_to_stream(sender, stream): + if (not stream.invite_only) or subscribed_to_stream(sender, stream) or \ + is_super_user(sender): # This is a public stream, or it is private but you are subscribed - # to it. You are good to go. + # to it, or heck you are the super user and can do whatever you + # want. You are good to go. pass elif sender.is_bot and (subscribed_to_stream(sender, stream) or \ subscribed_to_stream(sender.bot_owner, stream)): diff --git a/zerver/models.py b/zerver/models.py index f7504eaa3f..f6eb5d8aea 100644 --- a/zerver/models.py +++ b/zerver/models.py @@ -25,6 +25,9 @@ import ujson MAX_SUBJECT_LENGTH = 60 MAX_MESSAGE_LENGTH = 10000 +def is_super_user(user): + return user.email in ["tabbott/extra@mit.edu", "emailgateway@zulip.com"] + # Doing 1000 memcached requests to get_display_recipient is quite slow, # so add a local cache as well as the memcached cache. per_process_display_recipient_cache = {} diff --git a/zerver/views.py b/zerver/views.py index 5f3eca1ba4..765227bf9c 100644 --- a/zerver/views.py +++ b/zerver/views.py @@ -22,7 +22,7 @@ from zerver.models import Message, UserProfile, Stream, Subscription, \ MAX_SUBJECT_LENGTH, get_stream, bulk_get_streams, UserPresence, \ get_recipient, valid_stream_name, to_dict_cache_key, to_dict_cache_key_id, \ extract_message_dict, stringify_message_dict, parse_usermessage_flags, \ - email_to_domain, email_to_username, get_realm, completely_open + email_to_domain, email_to_username, get_realm, completely_open, is_super_user from zerver.lib.actions import do_remove_subscription, bulk_remove_subscriptions, \ do_change_password, create_mit_user_if_needed, do_change_full_name, \ do_change_enable_desktop_notifications, do_change_enter_sends, do_change_enable_sounds, \ @@ -1193,11 +1193,8 @@ def json_update_onboarding_steps(request, user_profile, do_update_onboarding_steps(user_profile, onboarding_steps) return json_success() -# Currently tabbott/extra@mit.edu is our only superuser. TODO: Make -# this a real superuser security check. def is_super_user_api(request): - return request.user.is_authenticated() and \ - (request.user.email in ["tabbott/extra@mit.edu", "emailgateway@zulip.com"]) + return request.user.is_authenticated() and is_super_user(request.user) def mit_to_mit(user_profile, email): # Are the sender and recipient both @mit.edu addresses?