Similar to the previous commit, we should access request.user only
after it has been initialized, rather than having awkward hasattr
checks.
With updates to the settings comments about LogRequests by tabbott.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
`request.user` gets set in Django's `AuthenticationMiddleware`, which
runs after our `HostDomainMiddleware`.
This makes `hasattr` checks necessary in any code path that uses the
`request.user` attribute. In this case, there are functions in
`context_processors` that get called in the middleware.
Since neither `CsrfMiddleware` nor `HostDomainMiddleware` are required
to run before `AuthenticationMiddleware`, moving it two slots up in
`computed_settings` is sufficient to avoid the `hasattr` checks.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
A request that has went through the auth middleware shouldn't have
`.user` being `None`. We should use `AnonymousUser` by default to
represent unauthenticated users.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
If the emoji name contains forward slashes, the `str` converter
would treat it as a URL delimiter. Instead use the path converter, so
that forward slashes are included in the emoji name variable.
Fixes#22377
This commit removes role field from StreamSubscription
type and also removes SubscriptionRole type since we are
not moving forward with stream administrator concept and
instead working on new permssions model as per #19525.
This commit removes the stream-admins option for wildcard mention policy
in webapp since we are not moving forward with stream administrator
concept and instead working on new permssions model as per #19525. There
is no functional change, we only remove the by_stream_admins_only key and
instead use by_admins_only with the correct code value.
This commit removes "role" field from subscription
objects since we are not moving forward with stream
administrator concept and instead working on new
permssions model as per #19525.
This commit removes WILDCARD_MENTION_POLICY_STREAM_ADMINS
option of wildcard_mention_policy since we are not moving
forward with stream administrator concept and instead working
on new permssions model as per #19525.
We also add a migration to change wildcard_mention_policy of
existing realms to WILDCARD_MENTION_POLICY_ADMINS. This change
is fine since we were already treating both the setting values
as same as stream admin concept was not implemented completely.
This commit removes the is_stream_admin property of Subscription
model and also updates check_stream_access_for_delete_or_update
to not return true when is_stream_admin is True.
We also removes the relevant tests.
This change is done as we would not be moving forward with the
stream administrator concept as we have decided to modify the
permissions model as per #19525.
We declare bot type variables globally in the module rather than in
set_up function as we would extract a new function in further commit
that will use these.
This commit renames get_bot_owner_widget_and_set_role_values to
edit_bot_post_render, since we will modify the function to do
a couple of more things in further commits and this would be
an appropriate name rather than mentioning all the things in
the name.
We rename the file because in further commits we will use
the same modal for the bot edit form in Personal settings
section and that can be done by bot-owners who are not
admins.
This commit removes the redundant code to update the
"src" attribute of bot avatar on changing avatar added
in f7ca0117e6.
We do not need to add version to the url since the backend
already sends url with latest version number and also we
already re-render the bots page after recieving realm_bot/update
event.
When we were preparing the conversion to ES modules in 2019, the
primary obstacle was that the Node tests extensively relied on the
ability to reach into modules and mutate their CommonJS exports in
order to mock things. ES module bindings are not mutable, so in
commit 173c9cee42 we added
babel-plugin-rewire-ts as a kludgy transpilation-based workaround for
this to unblock the conversion.
However, babel-plugin-rewire-ts is slow, buggy, nonstandard,
confusing, and unmaintained. It’s incompatible with running our ES
modules as native ES modules, and prevents us from taking advantage of
modern tools for ES modules. So we want to excise all use of
__Rewire__ (and the disallow_rewire, override_rewire helper functions
that rely on it) from the tests and remove babel-plugin-rewire-ts.
Commits 64abdc199e and
e17ba5260a (#20730) prepared for this by
letting us see where __Rewire__ is being used. Now we go through and
remove most of the uses that are easy to remove without modifying the
production code at all.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
As discussed in the new comments results in a better failure mode if
an error occurs while adding subscriptions; running the merge tool
again after fixing whatever caused the error will work just fine.
Users and confirmation objects with the type
`Confirmation.USER_REGISTRATION` or `Confirmation.INVITATION` may have
plan data associated with them but not displayed previously due to a
bug.
This fixes this issue and adds test cases to verify that the realm
details correctly displays the plan data.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
This is a prep commit for a refactoring that fixes an issue with plan
data not being displayed when the realm is displayed by the query result
of users or confirmation objects.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
This avoids monkey-patching `CustomerPlan` and other related information
onto the `Realm` object by having a separate dictionary with the realm
id as the key, each corresponds to a `PlandData` dataclass.
This is a part of the django-stubs refactorings.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
The name does not really comply with the actual behavior of
the decorator since it returns True for an unauthenticated user.
This makes it clear that the 2fa check only applies to users that
are already logged in.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
This replaces user.is_verified with is_2fa_verified.
The helper does extra checks such that the user being checked for 2fa
authentication status is valid.
`request.user.is_verified` is functionally the same as `is_verified`
from `django_otp.middleware`, except that the former is monkey-patched
onto the user object by the 2FA middleware. We use the latter wrapped
in `is_2fa_verified` instead to avoid accessing the patched attribute.
See also: 6b24d56e59/docs/source/overview.rst (authentication-and-verification)
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
This simulates the situation in which the user is not
authenticated (as an AnonymousUser) and have 2FA enabled.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
Two of the callers of `get_confirmations` uses a `QuerySet` of confirmation
objects instead of their ids to filter the confirmations. This refactors
`get_confirmations` so that it is typed to accept `Iterable[int]` that
is a list of ids.
It's worth noting that this might be less performant than the previous
approach since it requires more queries when we force the ids into lists
without having django creating a nested query. But the performance
is not a concern here compared to clarity.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
This is a prep commit for enabling a two section layout in the
buddy_list. The sections will be for "users" and "others".
Hence, this commit performs a simple rename of:
- `user_presence_row.hbs` -> `presence_row.hbs`
- `user_presence_rows.hbs` -> `presence_rows.hbs`
And then a search and replace of `user_presence_row` to
`presence_row` (which also handles the second rename).
It also makes one modification in buddy_list.js where it changes a
template variable we're passing from "users" to "row_members".
This is a prep commit for adding a two section layout to the
buddy_list. It frees the "other_key" name which we intent to use
extensively in future commits.
Allows the 3 articles that use the same instructions for reviewing
the organization settings to share an include file, and also
allows the 2 articles that share the same settings highlight info
to share an include file as well.
Also, fixes mentions of UI features to use bold instead of
quotations.
Fixes a few help center documentation articles where UI features
were referenced with quotation marks instead of bold text. Also,
updates these articles for other current documentation styles.