Only allow users in the OG zuliper list to send cross realm PMs

Changes from allowing all of the zulip realms to a whitelist of users.

(imported from commit 5ad2db9a62b430ef2c9d867e4afdf661b11ae96a)

zerver/lib/actions.py

@@ -539,8 +539,11 @@ def create_stream_if_needed(realm, stream_name, invite_only=False):
 def recipient_for_emails(emails, not_forged_mirror_message,
                          user_profile, sender):
     recipient_profile_ids = set()
+    normalized_emails = set()
     realm_domains = set()
+    normalized_emails.add(sender.email)
     realm_domains.add(sender.realm.domain)
+
     for email in emails:
         try:
             user_profile = get_user_profile_by_email(email)
@@ -550,14 +553,15 @@ def recipient_for_emails(emails, not_forged_mirror_message,
                 user_profile.realm.deactivated:
             raise ValidationError("'%s' is no longer using Zulip." % (email,))
         recipient_profile_ids.add(user_profile.id)
+        normalized_emails.add(user_profile.email)
         realm_domains.add(user_profile.realm.domain)
 
     if not_forged_mirror_message and user_profile.id not in recipient_profile_ids:
         raise ValidationError("User not authorized for this query")
 
     # Prevent cross realm private messages unless it is between only two realms
-    # and one of the realms is zulip.com.
-    if len(realm_domains) == 2 and 'zulip.com' not in realm_domains:
+    # and one of users is a zuliper
+    if len(realm_domains) == 2 and not (normalized_emails & settings.OG_ZULIPER_EMAILS):
         raise ValidationError("You can't send private messages outside of your organization.")
     if len(realm_domains) > 2:
         raise ValidationError("You can't send private messages outside of your organization.")

zerver/test_messages.py

@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 from __future__ import absolute_import
 from django.db.models import Q
+from django.config import settings
 from sqlalchemy.sql import (
     and_, select, column, compiler
 )
@@ -155,6 +156,10 @@ class IncludeHistoryTest(AuthedTestCase):
         self.assertTrue(ok_to_include_history(narrow, realm))
 
 class TestCrossRealmPMs(AuthedTestCase):
+    def setUp(self):
+        # othello is an og zuliper at heart
+        settings.OG_ZULIPER_EMAILS.add('othello@zulip.com')
+
     def create_user(self, email):
         username, domain = email.split('@')
         self.register(username, 'test', domain=domain)
@@ -221,7 +226,7 @@ class TestCrossRealmPMs(AuthedTestCase):
         deployment = Deployment.objects.filter()[0]
         deployment.realms.add(r1)
 
-        user1_email = 'user1@zulip.com'
+        user1_email = 'othello@zulip.com'
         user1 = self.create_user(user1_email)
         user2_email = 'user2@1.example.com'
         user2 = self.create_user(user2_email)
@@ -240,7 +245,7 @@ class TestCrossRealmPMs(AuthedTestCase):
 
         user1_email = 'user1@1.example.com'
         user1 = self.create_user(user1_email)
-        user2_email = 'user2@zulip.com'
+        user2_email = 'othello@zulip.com'
         user2 = self.create_user(user2_email)
 
         self.send_message(user1_email, user2_email, Recipient.PERSONAL)
@@ -261,7 +266,7 @@ class TestCrossRealmPMs(AuthedTestCase):
         self.create_user(user1_email)
         user2_email = 'user2@2.example.com'
         self.create_user(user2_email)
-        user3_email = 'user3@zulip.com'
+        user3_email = 'othello@zulip.com'
         self.create_user(user3_email)
 
         with self.assertRaisesRegexp(JsonableError,

zproject/settings.py

@@ -835,3 +835,5 @@ USING_EMBEDLY = False
 
 # This is a debugging option only
 PROFILE_ALL_REQUESTS = False
+
+OG_ZULIPER_EMAILS = set(())