streams: Use can_manage_default_streams to check permissions.

Although, right now, the function only checks if a user is realm admin, it will still be beneficial to use can_manage_default_streams for when we might have granular permissions for that. I've used a decorator for endpoints where this function was applicable, since that seemed nicer to use compared to inserting a function in each of the endpoints. The added test ensures that we get test coverage on the new decorator.
2025-11-03 05:23:35 +00:00 · 2024-12-05 08:08:37 +00:00
parent 0686d462e0
commit 3d1d9180c2
3 changed files with 34 additions and 8 deletions
--- a/zerver/tests/test_subs.py
+++ b/zerver/tests/test_subs.py
@@ -3491,7 +3491,6 @@ class DefaultStreamTest(ZulipTestCase):

    def test_api_calls(self) -> None:
        user_profile = self.example_user("hamlet")
-        do_change_user_role(user_profile, UserProfile.ROLE_REALM_ADMINISTRATOR, acting_user=None)
        self.login_user(user_profile)

        DefaultStream.objects.filter(realm=user_profile.realm).delete()
@@ -3499,6 +3498,11 @@ class DefaultStreamTest(ZulipTestCase):
        stream_name = "stream ADDED via api"
        stream = ensure_stream(user_profile.realm, stream_name, acting_user=None)
        result = self.client_post("/json/default_streams", dict(stream_id=stream.id))
+        self.assert_json_error(result, "Must be an organization administrator")
+        self.assertFalse(stream_name in self.get_default_stream_names(user_profile.realm))
+
+        do_change_user_role(user_profile, UserProfile.ROLE_REALM_ADMINISTRATOR, acting_user=None)
+        result = self.client_post("/json/default_streams", dict(stream_id=stream.id))
        self.assert_json_success(result)
        self.assertTrue(stream_name in self.get_default_stream_names(user_profile.realm))