Commit Graph

14949 Commits

Author SHA1 Message Date
Anders Kaseorg 29ecf415fc validator: Add WildValue class for enforcing JSON type checking.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 04d772b582 request: Support converter or json_validator with argument_type="body".
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 970f22380a request: Replace default_assigned flag with continue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 5f92078d07 request: Add a var_name parameter to converter.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 5caeb8444b validator: Replace converter=orjson.loads with json_validator.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg c3788ab847 validator: Replace converter=int with json_validator=check_int.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Alex Vandiver 95892a5ed3 emoji: Support animated PNGs. 2022-03-15 12:47:21 -07:00
Alex Vandiver fc793c10fa tests: Refactor tests of resizing animated images. 2022-03-15 12:47:21 -07:00
Mateusz Mandera b3f1f1675b forms: Mark a bunch of error strings for translation.
These error messages weren't marked for translation.
DEACTIVATED_ACCOUNT_ERROR and PASSWORD_TOO_WEAK_ERROR are used in
several places and imported, so we can't move them to be in-line errors
and we keep them at top-level, marked with gettext_lazy.
2022-03-15 12:43:10 -07:00
Mateusz Mandera 3822ce6d35 forms: Remove incorrect use of mark_safe on some errors.
Using mark_safe on errors with content in them taken from user-input is
a clearly bad idea. With that said, this code
was not exploitable in the current state, given that username is a value
you have to POST to /login/, and the endpoint is CSRF-protected.

We also remove use of mark_safe from the errors without user input them,
but that are just plaintext and thus don't need it.
2022-03-15 12:43:10 -07:00
Lauryn Menard 6cc818b672 help_docs: Document user management via user profile modal.
Adds documentation for admins to manage users via the user profile
modal for these actions:
- Deactivating a user
- Changing a user's role
- Changing a user's name

Creates two new tab sections because we still want to document
the ability to do these actions through the users section in
the organizational settings modal.

Also cleans up some text in the help center article for changing
a user's role.

Fixes #21318.
Fixes #21415.
2022-03-15 12:35:03 -07:00
Lauryn Menard d327ecaa65 help_docs: Include permissions setting info in user groups article.
Adds content on user group permissions / management to the general
help center article for user groups (`/help/user-groups`) and
removes the then redundant `/help/restrict-user-group-management`
article.

Redirects links in help center and api documentation from deleted
article to the new configure user group settings section of
`/help/user-groups`.

Fixes #21383.
2022-03-15 12:30:16 -07:00
Sahil Batra f0606b34ad user_groups: Add cron job for adding users to full members system group.
This commit adds a cron job which runs every hour to add the users to
full members system group if user is promoted to a full member.

This should ensure that full member status is available no more than
an hour after configuration suggests it should be.
2022-03-14 18:53:47 -07:00
Sahil Batra 565d0928dd import: Create system groups and add users to it while importing.
There can be cases when system groups data is not present while
importing, like when importing from other products, so this
commit adds code to create system user groups and add users to
it according to their role.
2022-03-14 18:53:47 -07:00
Sahil Batra bbf4c25553 user_groups: Update user groups on changing waiting_period_threshold.
The members of "Full members" user group are updated with change in
waiting_period_threshold setting.
2022-03-14 18:53:47 -07:00
Sahil Batra 9345c344d7 user_groups: Add members to the System groups created.
This commit adds users to the appropriate system user group
based on their role. We also change the user groups when
changing role of the user.

We also add migration to add existing users to the appropriate
user groups.

This commit adds update_users_in_full_members_system_group which
is currently used to update the full members group on changing
role of a user. This function will be modified in next commit such
that it can be used to update full members group on changing
waiting_period_threshold setting of realm.
2022-03-14 18:53:46 -07:00
Sahil Batra c33ba4ed6e realm: Create role-based system user groups on creating realm.
We create system user groups for following roles - owners,
admins, moderators, members and guests. Full members user
group will be handled separately.
2022-03-14 18:52:47 -07:00
Sahil Batra f31bb6754b user_groups: Pass list of user ids to remove_members_from_user_group.
We pass list of user ids instead of user profile objects to
remove_members_from_user_group. We still need to call user_id_to_users
in the views function instead of directly passing the ids to
remove_members_from_user_group to make sure we check whether all
ids are valid or not.
2022-03-14 18:52:47 -07:00
Sahil Batra 303fca2ce7 user_groups: Pass list of user ids to bulk_add_members_to_user_group.
We pass list of user ids instead of user profile objects to
bulk_add_members_to_user_group. We still need to call user_id_to_users
in the views function instead of directly passing the ids to
bulk_add_members_to_user_group to make sure we check whether all
ids are valid or not.
2022-03-14 18:52:47 -07:00
Sahil Batra b48b98f1d9 user_groups: Use atomic transaction for adding/removing members.
We execute code for bulk adding and removing members from a user
group inside a transaction.
2022-03-14 18:52:47 -07:00
Steve Howell f9ddd80122 subscriptions: Improve types for subscription info.
The newly extracted module here has significant changes
to all the functions, but they achieve the same thing
as before.
2022-03-14 18:01:39 -07:00
Steve Howell 8f99894302 streams: Extract stream_color library.
This is a pure code move.
2022-03-14 18:01:36 -07:00
Steve Howell 200a89cef0 streams: Extract stream_traffic library.
This is a pure code move.
2022-03-14 18:01:36 -07:00
Steve Howell c44d782305 schema: Sort schema fields. 2022-03-14 18:01:36 -07:00
Steve Howell d86184be34 streams: Sort API fields. 2022-03-14 18:01:36 -07:00
Mateusz Mandera 76ff9b30b1 push_notifs: Log both user id and user uuid if we have them.
Previous behavior was logging only the uuid if it was provided by the
remote server, but that's insufficient, because the user may actually
have no devices registered with uuis and we (at the bouncer) end up
sending notifications to id-based registrations. Not having that id
logged makes it impossible to figure out what's going on.
2022-03-14 17:47:30 -07:00
Mateusz Mandera d800ac33a0 push_notifications: Send user_uuid to the push bouncer.
Fixes #18017.

In previous commits, the change to the bouncer API was introduced to
support this and then a series of migrations added .uuid to
UserProfiles.

Now the code for self-hosted servers that makes requests
to the bouncer is changed to make use of it.
2022-03-14 17:47:30 -07:00
Mateusz Mandera c3209d379c models: Make UserProfile.uuid not nullable.
This is in a separate commit to make deployment easier. It ensures that
this is only marked non-null after the backfill migration (backfilling
.uuid for all old UserProfiles) runs - which was added in the previous
commit.
2022-03-14 17:47:30 -07:00
Mateusz Mandera 3e2ad84bbe models: Add UserProfile.uuid field and backfill migrations. 2022-03-14 17:47:30 -07:00
Mateusz Mandera 0677c90170 zilencer: Change push bouncer API to accept uuids as user identifier.
This is the first step to making the full switch to self-hosted servers
use user uuids, per issue #18017. The old id format is still supported
of course, for backward compatibility.

This commit is separate in order to allow deploying *just* the bouncer
API change to production first.
2022-03-14 17:47:30 -07:00
Anders Kaseorg 560cf06b72 makemessages: Ignore compiled and custom email templates.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-14 11:19:35 -07:00
Kartik Srivastava eefaa9120f user_topic: Rename topic_mutes.py to user_topics.py. 2022-03-11 14:26:55 -08:00
Kartik Srivastava ce38eda54d test_events: Fix 'normalize' assuming subscription data is present.
This avoids a crash in normalize for tests that don't include these in
fetch_event_types.
2022-03-11 14:26:14 -08:00
Aman Agrawal 82837304ec api: Send full message in GET /messages/{message_id} response.
Previously, this URL just returned the `raw_content` field. It seems
cleanest to just make it a single-message variant of GET /messages,
deprecating the only format.
2022-03-11 10:25:22 -08:00
Tim Abbott 20368a936c settings: Add web-public streams beta subdomain list.
This will make it convenient to add a handful of organizations to the
beta of this feature during its first few weeks to try to catch bugs,
before we open it to everyone in Zulip Cloud.
2022-03-10 18:37:01 -08:00
Sahil Batra 57f01e0727 actions: Use transaction.atomic for do_remove_realm_domain. 2022-03-10 17:48:02 -08:00
Sahil Batra 5999dcd316 actions: Use transaction.atomic for do_change_realm_domain. 2022-03-10 17:48:02 -08:00
Sahil Batra 9b9931df7f actions: Use transaction.atomic for do_add_realm_domain. 2022-03-10 17:48:02 -08:00
Sahil Batra 07352271b9 realm: Create RealmAuditLog entry for removing a realm domain.
Fixes a part of #21268.
2022-03-10 17:48:02 -08:00
Sahil Batra ab5567e8c5 realm: Create RealmAuditLog entry while changing an allowed domain.
This commit also adds 'acting_user' argument for do_change_realm_domain
function.

Fixes a part of #21268.
2022-03-10 17:48:02 -08:00
Sahil Batra 5ef8da40a9 realm: Create RealmAuditLog entry while adding a new allowed domain.
This commit also adds 'acting_user' argument for do_add_realm_domain
function.

Fixes a part of #21268.
2022-03-10 17:48:02 -08:00
Sahil Batra ee11a68f7a models: Fix return type of get_realm_domains.
The correct return type of get_realm_domains should
be List[Dict[str, Union[bool, str]]] instead of
List[Dict[str, str]] because allowed_subdomains is
a bool field not str.
2022-03-10 17:48:02 -08:00
Alya Abbott a80e470c9e portico: Create use cases index page. 2022-03-10 16:34:34 -08:00
Steve Howell 8e05a9fcf7 unread: Replace sender_id with other_user_id.
Note that we still send sender_id for legacy mobile
clients.
2022-03-10 13:33:21 -08:00
Steve Howell 822c232e37 message flags: Extract create_historical_user_messages.
A user can subscribe to a stream and sometimes (depending
on stream permissions) see messages from the stream
that were sent before they subscribed, and that user
won't have a UserMessage row for that message.

In order to do things like star a message, we need
to create UserMessage records on the fly.

In the past we wisely constrained this logic to the
specific use cases. But I think we can generalize
the logic now.  For example, we are now building a
feature to mark messages as unread, and it motivates
the same need to auto-create UserMessage rows.

So now we handle this in a more generalized fashion.
2022-03-10 13:21:02 -08:00
Lauryn Menard 05a548f5a3 api_docs: Refactor of `MessagesBase` schema.
Refactors and cleans up the shared `MessagesBase` schema in
the OpenAPI so that it accurately reflects the general base
for message objects for endpoints that use it as a reference.

A follow-up to adding `edit_history` as a property of message
objects. And a prepartory commit for `GET /messages/{msg_id}`
to return not only the raw content of the message but also
the message object.
2022-03-10 13:10:14 -08:00
Steve Howell a90d9ef536 unread: Remove unused client parameter. 2022-03-10 10:04:51 -05:00
Alex Vandiver c2f2863d37 push_notifications: Remove access control on "remove" notifications.
When removing notifications, we skip the access control on if the user
still can read them -- they should not have a notification of them,
both because they currently cannot read the message, as well as
because they have already done so.
2022-03-09 16:33:51 -08:00
Alex Vandiver 19dfd8e6a7 push_notifications: Ensure notifications are on for the remove codepath.
This causes it to mirror the handle_push_notification codepath.
2022-03-09 16:33:51 -08:00
Tim Abbott d693a6717c i18n: Remove quote syntax from stream description notification.
Translators found it confusing, since it's not at all obvious that the
word "quote" should not be translated.

I'm not altogether happy with the code formatting for this.

While we're changing this, also standardize on the "```` quote" style
of quote blocks to ensure code/quote blocks in stream descriptions are
unlikely to conflict with this syntax.
2022-03-09 15:22:57 -08:00