mirror of https://github.com/zulip/zulip.git
c908b518ef
Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. We fix this by fixing the logic in has_message_access (which lies at the core of our message access checks - access_message() and bulk_access_messages()) to not rely on only a UserMessage row for checking access but also verify stream type and subscription status. |
||
|---|---|---|
| .. | ||
| actions | ||
| data_import | ||
| integration_fixtures/nagios | ||
| lib | ||
| management | ||
| migrations | ||
| openapi | ||
| tests | ||
| tornado | ||
| transaction_tests | ||
| views | ||
| webhooks | ||
| worker | ||
| __init__.py | ||
| apps.py | ||
| context_processors.py | ||
| decorator.py | ||
| filters.py | ||
| forms.py | ||
| logging_handlers.py | ||
| middleware.py | ||
| models.py | ||
| signals.py | ||