Commit Graph

22 Commits

Author SHA1 Message Date
Sahil Batra 7a6135371e settings: Handle guests separately for group-based settings.
This commit adds code to handle guests separately for group
based settings, where guest will only have permission if
that particular setting can be set to "role:everyone" group
even if the guest user is part of the group which is used
for that setting. This is to make sure that guests do not
get permissions for actions that we generally do not want
guests to have.

Currently the guests do not have permission for most of them
except for "Who can delete any message", where guest could
delete a message if the setting was set to a user defined
group with guest being its member. But this commit still
update the code to use the new function for all the settings
as we want to have a consistent pattern of how to check whether
a user has permission for group-based settings.
2024-09-18 11:51:11 -07:00
Vector73 28c7a04734 settings: Add `can_delete_own_message_group` realm setting.
Added `can_delete_message_group` realm setting to replace
`delete_own_message_policy` property.
2024-09-12 09:36:02 -07:00
Ujjawal Modi 2e67d88a20 user_groups: Update code to check whether user can edit a user group.
Earlier there was only a realm level setting for configuring
who can edit user groups. A new group level setting is also added
for configuring who can manage that particular group.
Now, a user group can be edited by a user if it is allowed from
realm level setting or group level setting.

This commit make changes in frontend to also use group level setting
in determining whether a group can be edited by user or not and disables
changing the group settings when group cannot be edited by user.
2024-08-20 09:28:05 -07:00
Ujjawal Modi d32f30cedc user_groups: Add function for determining group creation permissions.
Earlier in frontend there was a single function to determine whether
user can create and edit user groups.
This commit adds a separate function for determining group creation
permissions.
2024-08-20 09:28:05 -07:00
Vector73 80969a62e6 settings: Add `can_delete_any_message_group` setting.
Fixes #30717.
2024-08-15 12:03:49 -07:00
Sahil Batra 506ead4468 settings: Use new group setting to check web-public stream creation.
This commit updates code in webapp to use new group-based setting
for checking web-public stream creation permission.
2024-08-01 22:49:33 -07:00
Sahil Batra e71c3007f6 tests: Refactor group settings test in settings_data.test.ts.
This commit refactors the common function used for test in
such a way that we can test more cases for a group setting
along with the ones tested by the common function.
2024-08-01 22:49:33 -07:00
Sayam Samal f49a11c810 theme: Rename day->light and night->dark in the frontend code.
This commit standardizes the naming of the day and night themes to light
and dark, respectively. This makes the codebase more consistent with
the naming used in the settings and the user interface.
2024-06-27 16:24:49 -07:00
Sahil Batra e19524ba92 settings: Use new group setting to private channels creation permission.
This commit updates webapp code to use new group based setting to check
permission for creating private streams.
2024-06-20 15:48:14 -07:00
Sahil Batra 69e88f8787 tests: Extract common function to test realm group based settings.
Test for "can_access_all_users_group" setting does not use the
common function as it allows different options as of now.
2024-06-20 15:48:14 -07:00
Sahil Batra a70eb21ea1 settings: Use page_params.is_spectator field for spectator checks.
Instead of current_user.user_id we use page_params.is_spectator
field to check the spectator cases as it makes it more clear
to the reader about what is the condition checking.
2024-06-14 17:11:23 -07:00
Sahil Batra f98a3fc684 settings: Use new group setting to check permission for creating public channels. 2024-06-10 12:24:45 -07:00
Anders Kaseorg b9e62c7af8 page_params: Split out state data for realm.
For spectators, the chunk of page_params that originates from
do_events_register isn’t assigned until ui_init.js.  That means the
TypeScript type of page_params is mostly a lie during module load
time: reading a parameter too early silently results in undefined
rather than the declared type, with unpredictable results later on.

We want to make such an early read into an immediate runtime error,
for both users and spectators consistently, and pave the way for
runtime validation of the page_params type.  As a second step, split
out the subset of fields that pertain to the entire realm.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-15 10:22:52 -08:00
Anders Kaseorg e96ede0ef6 page_params: Split out state data for current user.
For spectators, the chunk of page_params that originates from
do_events_register isn’t assigned until ui_init.js.  That means the
TypeScript type of page_params is mostly a lie during module load
time: reading a parameter too early silently results in undefined
rather than the declared type, with unpredictable results later on.

We want to make such an early read into an immediate runtime error,
for both users and spectators consistently, and pave the way for
runtime validation of the page_params type.  As a first step, split
out the subset of fields that pertain to the current user.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-15 10:22:52 -08:00
Sahil Batra 380ff91c0e users: Do not pass unknown users data for webapp.
This commit sets the client capability value to not pass
unknown users data in the webapp and also does some changes
to avoid errors while loading the web-app home page.

This commit only does some basic webapp changes to not show
inaccessible users in sidebar and we would need need more
changes to make the web-app work as expected which will be
done in further commits.
2023-12-07 19:34:07 -08:00
Sahil Batra 8852c4b7af settings_data: Rename type_id_to_string to bot_type_id_to_string.
This commit renames type_id_to_string to bot_type_id_to_string
which is a much better name and explains the use of function
in a better way.
2023-09-26 09:15:20 -07:00
Sahil Batra 46ab3031a3 settings_bots: Move type_id_to_string to settings_data.js. 2023-09-25 13:14:49 -07:00
Tim Abbott 458a0b3f3a user_groups: Move can_edit to settings_data module.
This fixes an import cycle.
2023-09-22 17:46:45 -07:00
Ujjawal Modi 9a96d19315 invites: Frontend changes for adding the new realm setting.
This commit does the changes in frontend required
for adding the new setting `Who can create multiuse invite link.`

Fixes #15159.
2023-09-07 14:21:01 -07:00
Ujjawal Modi ec49c3acc8 invites: Rename `can_invite_others_to_realm` local variables.
This commit rename the existing setting `Who can invite users to this
organization` to `Who can send email invitations to new users` and
also renames all the variables related to this setting that do not
require a change to the API.

This was done for better code readability as a new setting
`Who can create invite links` will be added in future commits.
2023-09-07 14:21:01 -07:00
Lauryn Menard fd45350532 settings-data: Add `user_email_not_configured` check.
Since an email address is not required to create a demo organization,
we need to disable some parts of the web-app UI until the owner of
the demo organization configures an email address for their account.

Addd `user_email_not_configured` check to `settings_data.ts` so
that we can check in various modules if the user is a demo
organization owner who has not configured an email address yet.

This adds `delivery_email` to `page_params.ts`. Also, adjusts the
`muted_users` in the list of page params so that the list is sorted
alphabetically.
2023-08-31 15:02:16 -07:00
Anders Kaseorg cea1119423 node_tests: Move to web/tests.
This lets us simplify the long-ish ‘../../static/js’ paths, and will
remove the need for the ‘zrequire’ wrapper.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-23 16:04:17 -08:00