Tim Abbott
b1c2ff9d05
lint: Ban most use of get_stream from zerver/lib/actions.py.
2017-01-29 20:27:00 -08:00
Tim Abbott
01daa3e91a
test_helpers: Move get_subscription out of actions.py.
...
It's no longer used by anything other than test code.
2017-01-29 20:27:00 -08:00
Tim Abbott
035e442b63
actions: Remove unused set_stream_color method.
2017-01-29 20:27:00 -08:00
Tim Abbott
a3f3f5b7bc
remove_default_stream: use access_stream_by_name.
2017-01-29 20:27:00 -08:00
Tim Abbott
19eaa92059
add_default_stream: use access_stream_by_name.
2017-01-29 20:27:00 -08:00
Tim Abbott
de3f539f58
do_change_stream_description: Accept a stream as argument.
2017-01-29 20:27:00 -08:00
Tim Abbott
2dc90e8ebd
rename_stream: Pass a stream object to do_rename_stream.
2017-01-29 20:27:00 -08:00
Tim Abbott
7be34357b2
rename_stream: Move stream name taken check to view.
2017-01-29 20:27:00 -08:00
Tim Abbott
ccdf17f47e
rename_stream: Move stream already has name check to view.
2017-01-29 20:27:00 -08:00
Tim Abbott
d059a0a90a
rename_stream: Move check_stream_name into view.
2017-01-29 20:26:59 -08:00
Tim Abbott
ab1e9f2b97
rename_stream: Move stripping of whitespace to view.
2017-01-29 20:26:59 -08:00
Tim Abbott
4ad1fadab0
streams: Create and use do_change_stream_invite_only.
2017-01-29 20:26:59 -08:00
Tim Abbott
c74ddb74e9
do_make_stream_private: Accept a stream object, not a name.
2017-01-29 20:26:59 -08:00
Tim Abbott
0a75480444
do_make_stream_public: Accept a stream object, not a name.
2017-01-29 20:26:59 -08:00
Tim Abbott
54bcc675f7
subscribe_to_stream: Return the stream object.
...
This simplifies some code paths a bit.
2017-01-29 20:26:59 -08:00
Tim Abbott
3f83ea3879
lint: Ban use of get_stream in most views files.
2017-01-29 20:26:59 -08:00
Tim Abbott
e137787d1a
users: Use access_stream_by_name to access streams.
...
This simplifies the code somewhat and adds greater consistency of
error messages.
2017-01-29 20:26:59 -08:00
Tim Abbott
ea72b97cd9
home: Cleanup narrow_topic logic.
2017-01-29 20:26:59 -08:00
Tim Abbott
a7cb7dd695
home: Use access_stream_by_name to access streams.
2017-01-29 20:26:59 -08:00
Tim Abbott
6c512bdfd3
json_invite_users: Use access_stream_by_name.
2017-01-29 20:26:59 -08:00
Tim Abbott
bc2f23383e
streams: Move list_to_streams to lib.
2017-01-29 20:26:59 -08:00
Tim Abbott
02f5ef1d23
streams: Move filter_stream_authorization to lib.
2017-01-29 20:26:59 -08:00
Tim Abbott
de68dd2860
lint: Ban use of Stream.objects.* in zerver/views.
2017-01-29 20:26:59 -08:00
Tim Abbott
bb86bba20d
stream_exists_backend: Use access_stream_by_name.
2017-01-29 20:26:59 -08:00
Tim Abbott
eeeffa8704
urls: Review useless stream_exists_backend endpoints.
...
The actual function was overcomplicated and was designed to check
whether a stream existed by name, not by ID, so there was no value in
having it be used for checking if a stream existed by ID.
2017-01-29 20:26:59 -08:00
Tim Abbott
46e5b8a9cc
streams: Remove unused json_remove_subscriptions.
2017-01-29 20:26:59 -08:00
Tim Abbott
e57e2ee9f1
get_subscribers_backend: Use access_stream_by_id.
2017-01-29 20:26:59 -08:00
Tim Abbott
0d980b7cef
json_get_stream_id: Use access_stream_by_name.
2017-01-29 20:26:59 -08:00
Tim Abbott
1ced8d3eb6
get_topics_backend: Use access_stream_by_id.
2017-01-29 20:26:58 -08:00
Tim Abbott
6685885741
deactivate_stream_backend: Use access_stream_by_id.
2017-01-29 20:26:58 -08:00
Tim Abbott
826cc80c9e
update_stream_backend: Use access_stream_by_id.
2017-01-29 20:26:58 -08:00
Tim Abbott
de38f3eb94
update_stream_backend: Clean up unnecessary stream_name variable.
2017-01-29 20:26:58 -08:00
Tim Abbott
2cf223470d
streams: Eliminate get_subscription_or_die helper function.
2017-01-29 20:26:58 -08:00
Tim Abbott
0af34ee710
streams: Add zerver/lib/streams.py library for security checks.
...
The goal of this library is to make it a lot easier to prevent bugs
like CVE-2017-0881 by having all of our views logic for fetching a
stream go through a couple carefully tested code paths.
2017-01-29 20:26:58 -08:00
Tim Abbott
de3e96162e
middleware: Fix recursive DisallowedHost exceptions.
2017-01-29 20:26:58 -08:00
Tim Abbott
20f3705c00
logging_handlers: Add error handling for invalid hosts.
2017-01-29 19:57:09 -08:00
Tim Abbott
96d3bea6d5
Add changelog from Zulip 1.4.3 release.
2017-01-29 15:32:08 -08:00
Tim Abbott
7ecda1ac8e
streams: Fix autosubscribe security bug (CVE-2017-0881).
...
A bug in Zulip's implementation of the "stream exists" endpoint meant
that any user of a Zulip server could subscribe to an invite-only
stream without needing to be invited by using the "autosubscribe"
argument.
Thanks to Rafid Aslam for discovering this issue.
2017-01-29 15:30:59 -08:00
Tim Abbott
7e0ce22808
errors: Remove build_request_repr logic.
...
This interface is no longer supported in Django 1.10.
2017-01-29 14:18:22 -08:00
Tim Abbott
dea281557d
events: Handle reactions events in apply_events.
...
Previously, this race condition just threw an exception.
2017-01-29 14:18:16 -08:00
Tim Abbott
70af09539f
Fix unnecessary traceback in authenticated_rest_api_view.
...
Apparently, we weren't returning the `json_error`, resulting in users
encountering this condition receiving a 500, rather than the proper
40x error.
This fixes a regresion introduced in 9ae68ade8b
.
2017-01-29 12:48:10 -08:00
Tim Abbott
234eb7a723
emoji: Add a bunch of documentation in comments for emoji rules.
2017-01-29 12:33:44 -08:00
Rishi Gupta
e19f3d5534
emoji: Make minor adjustments to emoji names list.
2017-01-29 12:19:54 -08:00
Tim Abbott
d38b552b02
docs: Add initial documentation on the emoji system.
2017-01-29 12:15:29 -08:00
Tim Abbott
0f75c8d4ed
docs: Simplify integration guide discussion of writing docs.
...
You don't need to know about the div structure of /integrations
anymore, so we shouldn't get into it.
2017-01-29 11:53:09 -08:00
Tomasz Kolek
3b48f21f5a
Add improvements to integration-guide.md.
...
Fix some typos, add a few sentences that might clear it a little.
2017-01-29 11:49:13 -08:00
Jackson
db1d6933de
docs: Add user guide for Using Zulip on Windows.
2017-01-29 11:38:12 -08:00
Tim Abbott
e8fd780413
docs: Fix missing wget when downloading tsearch_extra.
...
Fixes #3509 .
2017-01-29 11:23:34 -08:00
Cynthia Lin
522ac3ea4a
frontend: Add #search-operators link to search icon; Fixes #1369 .
2017-01-29 07:20:15 -08:00
Rishi Gupta
6f307ffd08
emoji: Switch the order of thumbs_up and thumbs_down in autocomplete.
2017-01-28 23:38:03 -08:00