Commit Graph

19183 Commits

Author SHA1 Message Date
aniebietafia 257ce8bca2 integrations: Create incoming webhook for Airbyte.
Note about the documentation: There are currently two "Save changes"
buttons on the Airbyte "Notifications" settings page, so the
instructions specify which one to use for clarity.
2024-11-01 10:04:48 -07:00
Tim Abbott f54817d78d groups: Enable group-valued settings in production. 2024-10-31 12:04:51 -07:00
Aditya Kumar Kasaudhan d1ff871523 webhooks: Support filtering GitHub activity from private repositories.
Currently, the GitHub webhook sends activity from both public and private
repositories, which could lead to unintended disclosure of sensitive
information from private repositories.

This commit introduces a ignore_private_repositories parameter to the
webhook URL. When set to true, the webhook ignore processing activity from
private repositories, ensuring that such activities are not posted to
Zulip streams. By default, if the parameter is omitted or set to false,
activities from both public and private repositories are processed
normally. This provides users with the flexibility to control the
visibility of private repository activities without altering the default
behavior.

More importantly, this introduces a cleaner mechanism for individual
incoming webhooks to declare support for settings not common to all
webhook integrations.

Fixes #31638.
2024-10-31 10:40:28 -07:00
Prakhar Pratyush fdf90f7ad1 create_user: Handle integrity error when importing settings.
During account creation when a user opted to import settings
from an existing account, the "Mark visibility_policy_banner as
read" step was raising integrity error.

It is because 'copy_onboarding_steps' is already executed earlier
in the 'do_create_user' codeflow. If the source profile had already
marked 'visibility_policy_banner' as read, we were facing integrity
error.

This commit fixes the bug.
2024-10-31 09:55:01 -07:00
Prakhar Pratyush 555ac613ac create_user: Add 'durable=True' to the outermost transaction.
We need to specify savepoint=False explicitly in the one subroutine
that already specifies a transaction.
2024-10-31 09:55:01 -07:00
Aditya Kumar Kasaudhan d448b75176 slack_incoming: Add ok=false to JSON in case of error.
Previously, errors were returned using Zulip's default format,
which did not match Slack's expected response structure.

This change ensures that errors in the Slack incoming webhook handler
return JSON responses in Slack's expected format: {ok: false, error:
"error string"}.

Fixes: #31878.
2024-10-30 15:33:29 -07:00
Tim Abbott 66537c8bf8 migrations: Fix migration 0576 local backfill path and repeat.
Unfortunately, because this migration has already been run for many
installations, we need to ship another copy of the migration.

It should be a noop when repeated.
2024-10-30 12:06:33 -07:00
Anders Kaseorg 42e1517255 email_notifications: Prevent html2text from mangling Unicode.
html2text mangles Unicode by default, with a --unicode-snob option to
disable it.  If I have to get called a “snob” for wanting to correctly
support non-English languages, then uh, I’ll take one for the team.

https://github.com/Alir3z4/html2text/blob/2024.2.26/html2text/config.py#L111-L150

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-10-30 09:49:23 -07:00
PieterCK fc50736f4e slack_data_import: Fix incorrect hyperlink conversion.
Currently, Slack messages containing hyperlinks
(e.g.,<http://foo.com|Foo!>) are converted like
normal links. This commit reformats Slack
hyperlinks into Zulip-friendly markdown
(e.g., [Foo!](http://foo.com)).

Part of #32165.
2024-10-30 09:48:32 -07:00
Aditya Kumar Kasaudhan 18a8125dac user_groups: Include group_id in success response on group creation.
Previously, the `group_id` was not returned in the success
response of the user group creation API.

This commit updates the API to return a success response
containing the unique ID of the user group with the key
`group_id`. This enhancement allows clients to easily reference
the newly created user group.

Fixes: #29686
2024-10-30 09:46:38 -07:00
Vector73 1ba1408b01 settings: Remove `edit_topic_policy` setting.
Removed `edit_topic_policy` property, as the permission
to move messages between topcis is now controlled by
`can_move_messages_between_topics_group` setting.
2024-10-29 16:27:04 -07:00
Vector73 ed5638ec3c settings: Add `can_move_messages_between_topics_group` realm setting.
Added `can_move_messages_between_topics_group` realm setting to replace
`edit_topic_policy`.
2024-10-29 16:27:04 -07:00
Mateusz Mandera d708a1bea5 tests: Fix order of mock.patch in use_s3_backend.
This is a somewhat hacky and fragile fix. Due to the order in which
imports seem to happen, the original ordering breaks
RealmImportExportTest: if one of the `use_s3_backend` tests runs before
test_import_realm, the latter will fail while processing thumbnailing,
as S3UploadBackend ends up leaking and
zerver.worker.thumbnail.upload_backend is still set to S3.

By making that mock.patch the first one that gets entered, and thus the
last one to get cleaned up, we fix the leak and upload_backend is set
back to LocalUploadBackend as it should.
2024-10-29 10:43:10 -07:00
sanchi-t c73038edea streams: Restrict access to archived streams. 2024-10-25 16:06:43 -07:00
Sanchit Sharma 795b2ba14e do_deactivate_stream: Remove unnecessary mutations.
Streams should not be marked as private, and subscribers
of the deactivated stream should not be removed.

Update the confirmation message when archiving a stream.
2024-10-25 16:06:42 -07:00
sanchi-t 7e97358c35 home: Update `client_capabilities` for viewing of archived streams. 2024-10-25 16:06:42 -07:00
sanchi-t af7ebde9e4 subscription: Include archived channels in streams list.
`is_archived` field is added to the stream and types.

Include a new `archived_channeels` client capability, to allow clients
to access data on archived channels, without breaking
backwards-compatibility for existing clients that don't know how to
handle these.

Also, included `exclude_archived` parameter to `/get-streams`,
which defaults to `true` as basic clients may not be interested
in archived streams.
2024-10-25 16:06:40 -07:00
sanchi-t c6fc25e5df do_deactivate_stream: Do not rename streams during archiving.
Functions related to archived streams are also updated.
2024-10-25 15:56:04 -07:00
sanchi-t e25bbe1005 migration: Rename previously archived streams to their original names.
As several archived streams may have the same new name,
it is essential to verify whether any stream, regardless
of its current status (active or archived), already has that name
before executing any renaming operation.
2024-10-25 15:56:04 -07:00
Tim Abbott 71d81484ad storage: Simplify system bot avatar logic. 2024-10-25 10:59:57 -07:00
PieterCK c3017e55d2 storage: Rework static avatar files hashing logic.
Previously, the hashing logic for static avatar files hashed the default
and medium files separately, which didn’t match how user-uploaded
avatars work—where you just add the "-medium.png" suffix to get the
medium version. Since we don’t have clear documentation for avatars yet,
this caused some issues for the mobile apps.

This commit makes sure the default and its medium variation share the
same hash.
2024-10-25 09:36:52 -07:00
Shubham Padia fe9952eab5 groups: Rename test to state that it checks allow_system_group.
We also remove the default group check which is already being checked in
do_set_realm_permission_group_setting_to_anonymous_groups_test.
2024-10-24 14:42:21 -07:00
Shubham Padia 1f0906aef7 groups: Remove list specifying group settings with new API format.
All the groups are now following the new API format, making the list
redundant.
2024-10-24 14:42:21 -07:00
Shubham Padia 9f9d5b2f98 groups: Accept anonymous groups for can_access_all_users_group.
On the frontend, the selection is still a dropdown of system groups but
on the API level, we have started accepting anonymous groups similar to
other settings
We've kept require system groups true for now until we switch to group
picker on the frontend.
2024-10-24 14:42:19 -07:00
Shubham Padia ceb0197c1b groups: Accept anonymous groups for create_multiuse_invite_group.
On the frontend, the selection is still a dropdown of system groups but
on the API level, we have started accepting anonymous groups similar to
other settings.
We've kept require system groups true for now until we switch to group
picker on the frontend.
2024-10-24 14:41:09 -07:00
Tim Abbott 3310aed462 send_custom_email: Support specifying sender email address. 2024-10-24 14:36:48 -07:00
Mateusz Mandera 481ef24b53 auth: Tweak invalid credentials error message.
We decided this is the better string to use.
2024-10-24 14:35:31 -07:00
Niloth P bd83dbfb42 git webhooks: Handle assignment events better.
With the introduction of `assignee_updated` parameter in the library,
- Github, Gitea, Gogs can display the assignee in assignment events.
- Github can display the user unassigned in unassignment events.

Fixes https://chat.zulip.org/#narrow/channel/127-integrations/near/1965136
2024-10-24 12:46:39 -07:00
Mateusz Mandera da4443f392 thumbnail: Make thumbnailing work with data import.
We didn't have thumbnailing for images coming from data import and this
commit adds the functionality.

There are a few fundamental issues that the implementation needs to
solve.

1. The images come from an untrusted source and therefore we don't want
   to just pass them through to thumbnailing without checking. For that
   reason, we cannot just import ImageAttachment rows from the export
   data, even for zulip=>zulip imports.
   The right way to process images is to pass them to maybe_thumbail(),
   which runs libvips_check_image() on them to verify we're okay with
   thumbnailing, creates ImageAttachment rows for them and sends them
   to the thumbnailing queue worker. This approach lets us handle both
   zulip=>zulip and 3rd party=>zulip imports in the same way,

2. There is a somewhat circular dependency between the Message,
   Attachment and ImageAttachment import process:

- ImageAttachments would ideally be created after importing
  Attachments, but they need to already exist at the time of Message
  import. Otherwise, the markdown processor doesn't know it has to add
  HTML for image previews to messages that reference images. This would
  mean that messages imported from 3rd party tools don't get image
  previews.
- Attachments only get created after Message import however, due to the
  many-to-many relationship between Message and Attachment.

This is solved by fixing up some data of Attachments pre-emptively, such
as the path_ids. This gives us the necessary information for creating
ImageAttachments before importing Messages.

While we generate ImageAttachment rows synchronously, the actual
thumbnailing job is sent to the queue worker. Theoretically, the worker
could be very backlogged and not process the thumbnails anytime soon.
This is fine - if the app is loaded and tries to display a message with
such a not-yet-generated thumbnail, the code in `serve_file` will
generate the thumbnails synchronously on the fly and the user will see
the image preview displayed normally. See:

1b47134d0d/zerver/views/upload.py (L333-L342)
2024-10-24 10:32:51 -07:00
Mateusz Mandera a6b0385229 tests: Extract upload_image helpers from test_markdown_thumbnail.
These are pretty general and can be useful utils for other tests.
2024-10-24 10:32:51 -07:00
Mateusz Mandera af9b44ed02 auth: Fix invalid credentials message in login form.
Email is not case-sensitive. And password is obviously case-sensitive,
so no point mentioning that.
2024-10-24 08:23:16 -07:00
PieterCK 433968cbb6 storage: Reformat hashed medium static avatar files.
This commit reformats hashed medium static avatar files("-medium.png"
files). Unlike user-uploaded avatar files, avatars served alongside
static files are hashed by Django. To implement the URL patterns for
finding medium-size avatar URLs that are hardcoded into current
versions of the mobile apps, the medium avatar files need to be
adjusted to include the "-medium" string just before the file type.

For example, the URL format will now be:

    Before: welcome-bot-medium.123123321.png
    After: welcome-bot.123123123-medium.png
2024-10-23 10:35:42 -07:00
PieterCK 068ab6e11e avatar: Add checks to make sure system bot avatar exists.
This commit introduces an assertion to verify that the avatar file for
system bots exists and findable.

In development, it'll assert that the avatar file exists in the static
directory. This isn't done in production environment to avoid
unnecessary overhead. It helps verify that the protocol to fetch system
bot avatars still works when making changes during development.

In production it'll check if the avatar file exists in the STATIC_ROOT
and return a default avatar png if it doesn't.
2024-10-23 10:35:42 -07:00
PieterCK 516d1ab82b avatar: Ensure system bots' avatar URLs follow convention.
Previously, requesting system bots URLs did not return any -medium.png
variants and SVG file was also used for notification bots' avatar, which
was problematic.

In this commit, the -medium.png variants is added for the avatars of
system bots and zulip-icon-square.svg is also converted into
notification-bot.png for the notification bot. The get_avatar_url method
has been updated to return the "medium" file variants for the system
bots.

Additionally, the system bots' avatar files is moved to a dedicated
directory to simplify the hashing logic for these files. Now, all files
in the "images/static_avatars/" directory will be hashed.
2024-10-23 10:35:42 -07:00
Mateusz Mandera 77e7a2d30f users: Add API endpoint to update_user_backend by real email.
The old endpoint for updating a user worked only via user id. Now we add
a different entry to this functionality, fetching the user by
.delivery_email.

update_user_backend becomes the main function handling all the logic,
invoked by the two endpoints.
2024-10-22 16:36:38 -07:00
Mateusz Mandera 389b851f81 update_user_backend: Allow authorized org owners to change user emails.
This adds a new special UserProfile flag can_change_user_emails(disabled
by default) and the ability for changing the email address of users in
the realm via update_user_backend. This is useful for allowing
organizations to update user emails without needing to set up a SCIM
integration, but since it gives the ability to hijack user accounts, it
needs to be behind this additional permission and can't be just given to
organization owners by default. Analogical to how the
create_user_backend endpoint works.
2024-10-22 16:36:38 -07:00
Sahil Batra 0a77f06163 test_user_groups: Fix comments in group creation tests.
One comment did not mention the correct thing that was
being tested and one comment had a typo.
2024-10-22 10:23:36 -07:00
Anders Kaseorg ac2b1cd45d worker: Address sentry_sdk deprecations.
https://docs.sentry.io/platforms/python/migration/1.x-to-2.x#scope-configuring
https://github.com/getsentry/sentry-python/releases/2.0.0
https://github.com/getsentry/sentry-python/releases/2.15.0

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-10-22 10:05:01 -07:00
Anders Kaseorg 08db41660a python: Avoid deprecated cgi module, removed in Python 3.13.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-10-22 10:05:01 -07:00
Anders Kaseorg 3ec58fd3d5 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-10-20 18:16:27 -07:00
Anders Kaseorg 71ca928ec9 ruff: Fix SIM115 Use a context manager for opening files.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-10-20 18:16:27 -07:00
Anders Kaseorg 10271fb850 ruff: Fix SIM910 Use `.get(key)` instead of `.get(key, None)`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-10-20 18:16:27 -07:00
Prakhar Pratyush eaee5763d6 realm_export: Add realm_export_consent feature to API.
Fixes part of #31201.
2024-10-18 14:08:20 -07:00
PieterCK c9375fb5ee storage: Hash system bots avatar files.
This commit makes sure system bots avatar files are hashed when served
as static files. This way, requests for these avatar files will be
served with long-lived caching headers by our nginx (see #22275).

We don't need to worry about stale caches for these files because they
will only be used by system bots.

Fixes #31458.
2024-10-17 15:47:40 -07:00
Tim Abbott 46db52dc96 avatar: Use fixed avatars for system bots.
This makes a Zulip server more isolated than relying on gravatar, and
avoids complex logistics if in the future we move system bots to live
inside individual realms.

Co-authored-by: PieterCK <pieterceka123@gmail.com>
2024-10-17 15:47:17 -07:00
Sahil Batra e5043b991a user_groups: Add API support to add subgroups during group creation.
This commit adds support to add subgroups to a group while
creating it.

User can add the subgroups to group irrespective of permissions
like user can add members during creating it.
2024-10-17 14:27:21 -07:00
Sahil Batra 1e818c4708 user_groups: Allow updating subgroups and members using same endpoint.
`POST /user_groups/{user_group_id}/members` now allows updating
subgroups as well.
2024-10-17 14:27:21 -07:00
Sahil Batra 47a611f989 user_groups: Check permission when adding subgroups.
This commit updates code to allow users with permission
to add members to add subgroups as well. And only users
with permission to manage the group can remove subgroups.

Also updated tests to check permissions in separate tests
and removed them from the existing test.
2024-10-17 14:27:21 -07:00
Sahil Batra 30e0c72919 test_user_groups: Remove incorrect comment.
The comment about non-admins and non-moderators who are not
member of the group cannot update subgroups of that group
is not correct since there is no such restriction now after
c9d527603. The test passes because the member user is not
part of can_manage_group or can_manage_all_groups.
2024-10-17 14:27:21 -07:00
Tim Abbott 010410c849 rocketchat: Validate custom emoji before larger data sets.
This is a data set that's relatively likely to have weird failures,
and also likely to be fairly small.
2024-10-17 12:25:18 -07:00
Tim Abbott 6e4da50577 rocketchat: Complete metadata verification before importing uploads.
This is not the best factored version of this, but it saves effort
changing the tests, and importantly should make failures involving
metadata only take a couple seconds rather than first doing a giant
BSON read before learning about them.
2024-10-17 12:25:18 -07:00
Tim Abbott 79b6f43d0e rocketchat: Move bson_code_options to a global variable.
This will make it a lot easier to only read files in when we actually
need them.
2024-10-17 12:25:18 -07:00
Tim Abbott c4f5cd6552 migrations: Fix unnecessary loop in 0602. 2024-10-17 11:21:56 -07:00
Vector73 68dc914b6e users: Refactor `has_permission` function.
Refactored `has_permission` function to programmatically check if the `policy_name`
is a group-based setting.
2024-10-16 14:26:20 -07:00
Vector73 8d341d1af9 settings: Remove `move_messages_between_streams_policy` setting.
Removed `move_messages_between_streams_policy` property, as the permission
to move messages between channels is now controlled by
`can_move_messages_between_channels_group` setting.
2024-10-16 14:26:20 -07:00
Vector73 1be0cb1b75 settings: Add `can_move_messages_between_channels_group` realm setting.
Added `can_move_messages_between_channels_group` realm setting to replace
`move_messages_between_streams_policy`.
2024-10-16 14:26:18 -07:00
Harsh c1ec39f3ba invites: Extract helpers for accessing invites by ID.
This adds `access_invite_by_id` to retrieve the preregistration user
for email invites by id, and a parallel function for multi-user invites.
2024-10-16 14:06:32 -07:00
Prakhar Pratyush ed18175ce7 migration: Add migration to mark 'intro_resolve_topic' as read.
This commit adds a migration to mark the 'intro_resolve_topic'
modal as shown for users who have edited/moved a message previously.
2024-10-16 13:47:12 -07:00
Sahil Batra f24f1bfd14 user_groups: Refactor code to check permission for updating groups.
Users with permission to manage the group have all the permissions
including joining/leaving the group, adding others group which also
have a separate setting to control them.

So, it makes sense to just check managing permissions first in
access_user_group_for_update and then check the specific permission.
There is no behavioral change in this commit, it only changes the
order of checking permissions.
2024-10-16 09:40:07 -07:00
Sahil Batra 3d65a8f78a user_groups: Fix permissions for joining the group.
We want to allow the user, who can add others to group, to
join the group as well irrespective of can_join_group setting.

Previously, the permission to add others (or say anyone) was
controlled by can_manage_group setting, but now it is controlled
by can_add_members_group setting. This commit fixes the code to
use can_add_members_group setting to check permission for joining
the group.

This commit also improves the tests for checking permission to
join the group such that different settings are tested in isolation.
2024-10-16 09:40:07 -07:00
PieterCK 6289a551aa data_import: Add email validation to third-party data converters.
This commit makes the third-party data converters check for invalid user
emails. If it finds any, it’ll raise an Exception and show an error
message with all the bad emails listed out.

Fixes: #31783
2024-10-15 16:04:43 -07:00
Tim Abbott 7e7113ad84 groups: Enable group-settings value on groups in production.
The main change is redefining ALLOW_GROUP_VALUED_SETTINGS to not
control code, but instead to instead control the configuration for
whether settings that have not been converted to use our modern UI
patterns should require system groups.

Fundamentally, it's the same for the realm/stream group-valued
settings, which don't have the new UI patterns yet.

We remove the visual hiding of the "can manage group" setting, which
was hidden only due to transitions being incomplete.
2024-10-15 15:58:54 -07:00
Tim Abbott b4ae76be65 upload: Improve error messages when uploads limited by plan.
To make the tests work, we ensure that MAX_FILE_UPLOAD_SIZE is
enforced even in the plans case.
2024-10-15 13:30:29 -07:00
Alya Abbott b8dd409d71 help: Update exports documentation.
Document in-app exports with user consent.
2024-10-15 10:15:34 -07:00
Mateusz Mandera 3ccd53ce20 custom_profile_fields: Make transaction no longer durable.
Fixes ##31935.

do_update_user_custom_profile_data_if_change can't be durable as it's
invoked within `sync_ldap_user_data`, which is already in
transaction.atomic.

This change requires a few additional tweaks to untangle other related
transactions. The top level view functions up the codepath now use
durable=True. check_remove_custom_profile_field_value is called inside
do_update_user, so it no longer can be durable and should be switched to
savepoint=False. In turn, its remaining caller - the view
remove_user_custom_profile_data - gets switched to durable=True.
2024-10-14 16:30:46 -07:00
Shubham Padia bf46747735 user_groups: Check can_leave_group when removing members. 2024-10-14 11:44:27 -07:00
Shubham Padia 060156fca4 user_groups: Add can_leave_group setting for user group.
This field will be used to control permission for who can
leave a user group.
2024-10-14 11:44:27 -07:00
Vector73 6bc8651d22 settings: Remove `add_custom_emoji_policy` setting.
Removed `add_custom_emoji_policy` setting as the permission to
add custom emoji is now controlled by `can_add_custom_emoji_group`
setting.
2024-10-13 16:09:04 -07:00
Vector73 f733ab112c settings: Add `can_add_custom_emoji_group` realm setting.
Added `can_add_custom_emoji_group` setting to replace `add_custom_emoji_policy`.
2024-10-13 16:09:04 -07:00
Anders Kaseorg ff97788b6e health: Disable RabbitMQ check if not USING_RABBITMQ.
Fixes a spurious error that’s logged and ignored during the Puppeteer
tests, introduced by commit eef65d7e30
(#31438).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-10-13 11:42:49 -07:00
Prakhar Pratyush 3314c89288 realm: Add maximum file size upload restriction.
This commit adds a restriction to the maximum file size
that can be uploaded to a realm based on its plan_type.
2024-10-11 17:16:48 -07:00
Prakhar Pratyush 808acc9e47 events: Migrate plan_type & upload_quota to update_dict event format.
'realm_upload_quota_mib` is updated when `plan_type` changes.

Earlier, we were including 'upload_quota' to update
`realm_upload_quota_mib` in extra_data field of 'realm op: update'
event format when property='plan_type'.

This commit migrate those two parameters to `realm op: update_dict`
event format.

* None of the clients processes these fields, so no compatibility
  code required.
* Renamed `upload_quota` to `upload_quota_mib` as it better aligns
  with our goal to encode units in the client-facing API names.
  Also, it helps to avoid extra code to update 'realm_upload_quota_mib`
  in web client, web client simply aligns with
  'realm["realm_" + key] = value'.
2024-10-11 17:16:48 -07:00
Prakhar Pratyush 417d74e032 api-docs: Maintain sorted order for properties in realm/update_dict.
Few of the properties in the data field of 'realm/update_dict'
event format were no longer in sorted order (by alphabet).

This commit rearranges them to maintain the order.
2024-10-11 17:16:48 -07:00
Prakhar Pratyush 276648ef87 realm_settings: Remove 'enable_spectator_access' from update_fields.
In 'do_change_realm_plan_type' function we use 'do_set_realm_property'
to set 'enable_spectator_access' to False.

There is no need to again update that field.

This change was included in d2f2fbf6b9.
2024-10-11 17:16:48 -07:00
Lauryn Menard 70ab893d34 urls: Generate narrow links in backend with "channel" operator. 2024-10-11 17:00:23 -07:00
Lauryn Menard 240c4d85ae docs: Update existing links to use "channel" operator. 2024-10-11 17:00:23 -07:00
Tim Abbott 3554afde36 api docs: Document can_manage_all_groups final semantics.
This also does the feature level 305 stamp.
2024-10-11 16:31:18 -07:00
Shubham Padia 2b6df48ebb user_groups: Split update members test into add/remove tests. 2024-10-11 16:31:18 -07:00
Shubham Padia c9d5276031 user_groups: Set can_manage_all_groups to administrator group.
Earlier we use to restrict admins, moderators or members of a group to
manage that group if they were part of the realm wide
`can_manage_all_groups`. We will not do that anymore and even
non-members of a group regardless of role can manage a group if they are
part of `can_manage_all_groups`.

See
https://chat.zulip.org/#narrow/stream/101-design/topic/Group.20add.20members.20dropdown/near/1952902
to check more about the migration plan for which this is the last step.
2024-10-11 16:31:18 -07:00
Shubham Padia 9bbd6a7316 user_groups: Check can_add_members_group when adding members.
Fixes #25942.
Users with permission to manage the group (either on the group level or
realm level) should be able to add members to the group without being
present in can_add_members_group.
2024-10-11 16:31:18 -07:00
Shubham Padia f134662312 user_groups: Check can_add_members_group before adding members.
Removing members will be controlled by `can_manage_group` until we add
`can_remove_members_group` in the future.

Users with permission to manage a group can add members to that group by
default without being present in `can_add_members_group`.
2024-10-11 16:31:18 -07:00
Shubham Padia b305ca14dd user_groups: Add add_can_members_group to user group.
The default value for this field that we wanted to have was that group
itlself. But we are deferring that to later in order to reach the point
of switching over to the groups system sooner. Till then, we will use
`group_creator` as the default. See
https://chat.zulip.org/#narrow/stream/101-design/topic/Group.20add.20members.20dropdown/near/1952904
for more details.

For migration plan details, see
https://chat.zulip.org/#narrow/stream/101-design/topic/Group.20add.20members.20dropdown/near/1952902

The increase in query count from 7 to 9 in the query count test for
creating a user group is because of group_creator being the default for
the new field.
2024-10-11 16:31:18 -07:00
Prakhar Pratyush 55f97cd06f realm_export: Add support to create full data export via /export/realm.
Earlier, only public data export was possible via `POST /export/realm`
endpoint. This commit adds support to create full data export with
member consent via that endpoint.

Also, this adds a 'export_type' parameter to the dictionaries
in `realm_export` event type and `GET /export/realm` response.

Fixes part of #31201.
2024-10-11 13:20:42 -07:00
Sahil Batra 5a55735ecb users: Fetch user groups ordered by ID to send events.
The user groups, fetched to send events when deactivating or
reactivating a user, are ordered by ID so that we can avoid
flaky behavior in tests when verifying event details in
test_do_deactivate_user and test_do_reactivate_user tests in
test_events.py.
2024-10-11 11:20:45 -07:00
Lauryn Menard 517b15dc8d help: Create "Configure send message keys" article.
Document setting the keys that will send a message or create a new
line when composting a message via the compose box and via the
personal settings overlay.

Updates links and redirect from former help center article about
this feature.

Fixes #31620.
2024-10-10 14:33:38 -07:00
Tim Abbott 3001f59d00 api docs: Clarify text about deactivated users and groups.
This should make it easier for client developers to understand
how to correctly implement the updated protocol.
2024-10-10 11:37:44 -07:00
Sahil Batra 4784c71bf9 user_groups: Do not allow updating memberships of deactivated users.
This commit updates backend code to not allow adding deactivated
users to groups including when creating groups and also to not
allow removing deactivated users from groups.
2024-10-10 11:37:44 -07:00
Sahil Batra 320081ccd6 mention: Do not include deactivated users in group mention data.
There is no behavioral changes to deactivated users as we do
not create UserMessage rows or call the notification code path
for deactivated users in a user group mention. But it is better
to not include the deactivated users in fields like
"mention_user_ids", so this commit updates the code to not
include deactivated users in the computed mention data.
2024-10-10 11:37:44 -07:00
Sahil Batra 0b58820294 user_groups: Do not include deactivated users in anonymous group settings.
This commit updates code to not include deactivated users in the
anonymous group settings data sent to clients, where the setting
value is sent as a dict containing members and subgroups of the
anonymous group.
2024-10-10 11:37:44 -07:00
Sahil Batra 9292ad8186 user_groups: Do not include deactivated users in members list.
This commit updates code to not include deactivated users in
members list in the user groups object sent in "/register"
and "GET /user_groups" response and also in the response
returned by endpoint like "GET /user_groups/{group_id}/members".

The events code is also update to handle this -
- We expect clients to update the members list on receiving
"realm_user/update" event on deactivation. But for guests
who cannot access the user, "user_group/remove_members"
event is sent to update the group members list on deactivation.
- "user_group/add_members" event is sent to all the users on
reactivating the user.
2024-10-10 11:37:44 -07:00
Sahil Batra b5732b90d6 create_user: Do not send reactivation event for inaccessible users. 2024-10-10 11:37:44 -07:00
Sahil Batra a7c534b1b8 events: Fix updating subscribers list when deactivating user.
We previously did not update the subscribers list for unsubscribed
and never subscribed streams when a user is deactivated or a
guest user loses access to some user.
2024-10-10 11:37:44 -07:00
Lauryn Menard 229212106f api-docs: Centralize history of realm message edit/move settings.
For the six realm settings mentioned in the main description of
the /api/update-message endpoint, link back to that page in the
/api/register-queue and /api/get-events endpoints. This way we
can maintain a centralized point of documentation for how these
settings work for message content edits and moving messages.

The descriptions in the events and register pages focuses on the
specifics for each realm setting, e.g., when a value is added or
changed for a particular realm setting.
2024-10-10 11:28:58 -07:00
Kislay Udbhav Verma a787c7ff80 topic: Add a first-time explanation for "Resolve topic".
We show a confirmation dialog explaining the "resolve topics"
feature when the user marks a topic resolved for the first time.
If the user confirms the action, we mark the
topic resolved, else we don't.

We don't show anything the first time a topic is marked
unresolved.

Fixes #31242
2024-10-09 18:12:55 -07:00
Mateusz Mandera 6c069f4365 api: Improve handling of delivery_email in the GET /users/{email} API.
Limiting lookups by delivery_email to users with "everyone" email
visibility is overly simplistic. We can successfully do these lookups
whenever the requester has the permission to view the real email address
of the user they're looking up.
2024-10-08 18:01:49 -07:00
Mateusz Mandera 8e51442043 users: Add ROLE_TO_ACCESSIBLE_EMAIL_ADDRESS_VISIBILITY_IDS dict.
This is helpful for taking an "acting user" and getting the list of
email_address_visibility values such that the UserProfiles with those
values of the setting permit the acting user to view their
deliver_email.

This can be used for a query "all users whose delivery_email is viewable
by <requester>" in an upcoming commit.

The added code is ugly, but at least it lets us simplify some similarly
ugly logic in can_access_delivery_email.
2024-10-08 18:01:49 -07:00
Tim Abbott ba8801b07f import: Fix incorrect RealmEmoji query.
The name field is not present in exports from the S3 backend.
2024-10-08 17:43:18 -07:00
Tim Abbott 4caa396f49 import_realm: Do not check acting_user for Zulip updates.
The question is whether this was previously exported, not whether it
was previously exported without a traceable acting user.
2024-10-08 17:43:18 -07:00
Tim Abbott 4451db08c3 api docs: Clean up some details around group settings. 2024-10-08 12:18:13 -07:00
Sahil Batra 6d0d1a0700 user_groups: Check can_join_group setting when user tries to join.
Fixes part of #25938.
2024-10-08 12:18:13 -07:00