Previously, when the guest role was selected in the Invite modal and
guests were restricted from viewing all other users, there was no
indication of how many users the invited guests would be able to see
once they joined.
This commit resolves that issue by adding a note in the Invite modal
that dynamically informs users of the number of visible users.
Fixes#31159.
Earlier we use to restrict admins, moderators or members of a group to
manage that group if they were part of the realm wide
`can_manage_all_groups`. We will not do that anymore and even
non-members of a group regardless of role can manage a group if they are
part of `can_manage_all_groups`.
See
https://chat.zulip.org/#narrow/stream/101-design/topic/Group.20add.20members.20dropdown/near/1952902
to check more about the migration plan for which this is the last step.
Fixes#25942.
Users with permission to manage the group (either on the group level or
realm level) should be able to add members to the group without being
present in can_add_members_group.
We previously auto-mocked this out of expediency, but that made it
impossible to test anything that uses the Zod schemata in the same
module.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
We create an unnamed user group with just the group creator as it's
member when trying to set the default. The pattern I've followed across
most of the acting_user additions is to just put the user declared
somewhere before the check_add_user_group and see if the test passes.
If it does not, then I'll look at what kind of user it needs to be set
to `acting_user`.
We also add the exception for the group creator to be able to edit their
group in this commit. This exception was added in the backend in earlier
commits.
This commit adds code to handle guests separately for group
based settings, where guest will only have permission if
that particular setting can be set to "role:everyone" group
even if the guest user is part of the group which is used
for that setting. This is to make sure that guests do not
get permissions for actions that we generally do not want
guests to have.
Currently the guests do not have permission for most of them
except for "Who can delete any message", where guest could
delete a message if the setting was set to a user defined
group with guest being its member. But this commit still
update the code to use the new function for all the settings
as we want to have a consistent pattern of how to check whether
a user has permission for group-based settings.
Earlier there was only a realm level setting for configuring
who can edit user groups. A new group level setting is also added
for configuring who can manage that particular group.
Now, a user group can be edited by a user if it is allowed from
realm level setting or group level setting.
This commit make changes in frontend to also use group level setting
in determining whether a group can be edited by user or not and disables
changing the group settings when group cannot be edited by user.
Earlier in frontend there was a single function to determine whether
user can create and edit user groups.
This commit adds a separate function for determining group creation
permissions.
This commit refactors the common function used for test in
such a way that we can test more cases for a group setting
along with the ones tested by the common function.
This commit standardizes the naming of the day and night themes to light
and dark, respectively. This makes the codebase more consistent with
the naming used in the settings and the user interface.
Instead of current_user.user_id we use page_params.is_spectator
field to check the spectator cases as it makes it more clear
to the reader about what is the condition checking.
For spectators, the chunk of page_params that originates from
do_events_register isn’t assigned until ui_init.js. That means the
TypeScript type of page_params is mostly a lie during module load
time: reading a parameter too early silently results in undefined
rather than the declared type, with unpredictable results later on.
We want to make such an early read into an immediate runtime error,
for both users and spectators consistently, and pave the way for
runtime validation of the page_params type. As a second step, split
out the subset of fields that pertain to the entire realm.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
For spectators, the chunk of page_params that originates from
do_events_register isn’t assigned until ui_init.js. That means the
TypeScript type of page_params is mostly a lie during module load
time: reading a parameter too early silently results in undefined
rather than the declared type, with unpredictable results later on.
We want to make such an early read into an immediate runtime error,
for both users and spectators consistently, and pave the way for
runtime validation of the page_params type. As a first step, split
out the subset of fields that pertain to the current user.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit sets the client capability value to not pass
unknown users data in the webapp and also does some changes
to avoid errors while loading the web-app home page.
This commit only does some basic webapp changes to not show
inaccessible users in sidebar and we would need need more
changes to make the web-app work as expected which will be
done in further commits.
This commit rename the existing setting `Who can invite users to this
organization` to `Who can send email invitations to new users` and
also renames all the variables related to this setting that do not
require a change to the API.
This was done for better code readability as a new setting
`Who can create invite links` will be added in future commits.
Since an email address is not required to create a demo organization,
we need to disable some parts of the web-app UI until the owner of
the demo organization configures an email address for their account.
Addd `user_email_not_configured` check to `settings_data.ts` so
that we can check in various modules if the user is a demo
organization owner who has not configured an email address yet.
This adds `delivery_email` to `page_params.ts`. Also, adjusts the
`muted_users` in the list of page params so that the list is sorted
alphabetically.
This lets us simplify the long-ish ‘../../static/js’ paths, and will
remove the need for the ‘zrequire’ wrapper.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
Vector73
Aditya Kumar Kasaudhan
Shubham Padia
Anders Kaseorg
Sahil Batra
Ujjawal Modi
Sayam Samal
Tim Abbott
Lauryn Menard