user_groups: Update code to check whether user can edit a user group.

Earlier there was only a realm level setting for configuring who can edit user groups. A new group level setting is also added for configuring who can manage that particular group. Now, a user group can be edited by a user if it is allowed from realm level setting or group level setting. This commit make changes to also use group level setting in determining whether a group can be edited by user or not. Also, updated tests to use api_post and api_delete helpers instead of using client_post and client_delete helpers with different users being logged in.
2025-11-04 14:03:30 +00:00 · 2023-07-17 13:13:11 +05:30
parent 03220ba456
commit 423d5c42f6
5 changed files with 311 additions and 42 deletions
--- a/zerver/lib/user_groups.py
+++ b/zerver/lib/user_groups.py
@@ -90,15 +90,20 @@ def has_user_group_access(
    if user_group.is_system_group:
        return False

+    can_edit_all_user_groups = user_profile.can_edit_all_user_groups()
+
    group_member_ids = get_user_group_direct_member_ids(user_group)
    if (
        not user_profile.is_realm_admin
        and not user_profile.is_moderator
        and user_profile.id not in group_member_ids
    ):
-        return False
+        can_edit_all_user_groups = False

-    return True
+    if can_edit_all_user_groups:
+        return True
+
+    return is_user_in_group(user_group.can_manage_group, user_profile)


 def access_user_group_by_id(