lint: Ban use of get_stream in the rest of messages.py.

This will help avoid potential future security bugs.

tools/linter_lib/custom_check.py

@@ -276,9 +276,6 @@ def build_custom_checkers(by_lang):
          },
         {'pattern': 'get_stream[(]',
          'include_only': set(["zerver/views/", "zerver/lib/actions.py"]),
-         # messages.py needs to support accessing invite-only streams
-         # that you are no longer subscribed to, so need get_stream.
-         'exclude': set(['zerver/views/messages.py']),
          'exclude_line': set([
              # This is a check for whether a stream rename is invalid because it already exists
              ('zerver/lib/actions.py', 'get_stream(new_name, stream.realm)'),
@@ -286,6 +283,8 @@ def build_custom_checkers(by_lang):
              # how most instances are written, but better to exclude something than nothing
              ('zerver/lib/actions.py', 'stream = get_stream(stream_name, realm)'),
              ('zerver/lib/actions.py', 'get_stream(signups_stream, admin_realm)'),
+             # Here we need get_stream to access streams you've since unsubscribed from.
+             ('zerver/views/messages.py', 'stream = get_stream(operand, self.user_profile.realm)'),
          ]),
          'description': 'Please use access_stream_by_*() to fetch Stream objects',
          },

zerver/views/messages.py

@@ -202,6 +202,9 @@ class NarrowBuilder(object):
     def by_stream(self, query, operand, maybe_negate):
         # type: (Query, str, ConditionTransform) -> Query
         try:
+            # Because you can see your own message history for
+            # private streams you are no longer subscribed to, we
+            # need get_stream, not access_stream, here.
             stream = get_stream(operand, self.user_profile.realm)
         except Stream.DoesNotExist:
             raise BadNarrowOperator('unknown stream ' + operand)