paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 05:23:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

user_settings: Disable bot access to several endpoints.

Browse Source 
These settings have no effect on bots, so this change is mostly about
just avoiding confusion.
This commit is contained in:
Tim Abbott
2017-04-16 13:10:56 -07:00
parent e14c940ecc
commit 0c8575e2dc
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
zerver/tests/test_decorators.py
View File

@@ -892,13 +892,22 @@ class TestInternalNotifyView(TestCase):
class TestHumanUsersOnlyDecorator(ZulipTestCase): class TestHumanUsersOnlyDecorator(ZulipTestCase):
def test_human_only_endpoints(self): def test_human_only_endpoints(self):
# type: () -> None # type: () -> None
endpoints = [ post_endpoints = [
"/api/v1/users/me/presence", "/api/v1/users/me/presence",
] ]
for endpoint in endpoints: for endpoint in post_endpoints:
result = self.client_post(endpoint, **self.api_auth('default-bot@zulip.com')) result = self.client_post(endpoint, **self.api_auth('default-bot@zulip.com'))
self.assert_json_error(result, "This endpoint does not accept bot requests.") self.assert_json_error(result, "This endpoint does not accept bot requests.")
patch_endpoints = [
"/api/v1/settings/display",
"/api/v1/settings/notifications",
"/api/v1/settings/ui",
]
for endpoint in patch_endpoints:
result = self.client_patch(endpoint, **self.api_auth('default-bot@zulip.com'))
self.assert_json_error(result, "This endpoint does not accept bot requests.")
class TestAuthenticatedJsonPostViewDecorator(ZulipTestCase): class TestAuthenticatedJsonPostViewDecorator(ZulipTestCase):
def test_authenticated_json_post_view_if_everything_is_correct(self): def test_authenticated_json_post_view_if_everything_is_correct(self):
# type: () -> None # type: () -> None

5
zerver/views/user_settings.py
View File

@@ -12,7 +12,7 @@ from django.template.loader import render_to_string
from django.urls import reverse from django.urls import reverse
from zerver.decorator import authenticated_json_post_view, has_request_variables, \ from zerver.decorator import authenticated_json_post_view, has_request_variables, \
zulip_login_required, REQ zulip_login_required, REQ, human_users_only
from zerver.lib.actions import do_change_password, \ from zerver.lib.actions import do_change_password, \
do_change_enable_desktop_notifications, \ do_change_enable_desktop_notifications, \
do_change_enter_sends, do_change_enable_sounds, \ do_change_enter_sends, do_change_enable_sounds, \
@@ -74,6 +74,7 @@ def confirm_email_change(request, confirmation_key):
} }
return render(request, 'confirmation/confirm_email_change.html', context=ctx) return render(request, 'confirmation/confirm_email_change.html', context=ctx)
@human_users_only
@has_request_variables @has_request_variables
def json_change_ui_settings(request, user_profile, def json_change_ui_settings(request, user_profile,
autoscroll_forever=REQ(validator=check_bool, autoscroll_forever=REQ(validator=check_bool,
@@ -153,6 +154,7 @@ def json_change_settings(request, user_profile,
return json_success(result) return json_success(result)
@human_users_only
@has_request_variables @has_request_variables
def update_display_settings_backend(request, user_profile, def update_display_settings_backend(request, user_profile,
twenty_four_hour_time=REQ(validator=check_bool, default=None), twenty_four_hour_time=REQ(validator=check_bool, default=None),
@@ -197,6 +199,7 @@ def update_display_settings_backend(request, user_profile,
return json_success(result) return json_success(result)
@human_users_only
@has_request_variables @has_request_variables
def json_change_notify_settings(request, user_profile, def json_change_notify_settings(request, user_profile,
enable_stream_desktop_notifications=REQ(validator=check_bool, enable_stream_desktop_notifications=REQ(validator=check_bool,