diff --git a/web/src/settings_data.ts b/web/src/settings_data.ts index 67ae58449c..8434894b28 100644 --- a/web/src/settings_data.ts +++ b/web/src/settings_data.ts @@ -356,6 +356,14 @@ export function user_can_access_all_other_users(): boolean { return true; } + if (!current_user.is_guest) { + // The only valid values for this setting are role:members and + // role:everyone, both of which are always true for non-guest + // users. This is an important optimization for code that may + // call this function in a loop. + return true; + } + return user_has_permission_for_group_setting( realm.realm_can_access_all_users_group, "can_access_all_users_group", diff --git a/web/tests/settings_data.test.cjs b/web/tests/settings_data.test.cjs index d534f4664f..ccd3e5c483 100644 --- a/web/tests/settings_data.test.cjs +++ b/web/tests/settings_data.test.cjs @@ -558,6 +558,10 @@ run_test("user_can_access_all_other_users", ({override}) => { page_params.is_spectator = false; override(current_user, "user_id", member_user_id); + override(current_user, "is_guest", false); + assert.ok(settings_data.user_can_access_all_other_users()); + override(current_user, "is_guest", true); + // For coverage only: Here the is_guest optimization is skipped. assert.ok(settings_data.user_can_access_all_other_users()); override(current_user, "user_id", guest_user_id); diff --git a/zerver/models/realms.py b/zerver/models/realms.py index df870ca410..9a7fb727d5 100644 --- a/zerver/models/realms.py +++ b/zerver/models/realms.py @@ -730,6 +730,8 @@ class Realm(models.Model): # type: ignore[django-manager-missing] # django-stub allow_nobody_group=False, allow_everyone_group=True, default_group_name=SystemGroups.EVERYONE, + # Note that user_can_access_all_other_users in the web + # app is relying on members always have access. allowed_system_groups=[SystemGroups.EVERYONE, SystemGroups.MEMBERS], ), can_add_subscribers_group=GroupPermissionSetting(