settings_data: Optimize user_can_access_all_other_users.

This fixes an important issue where this function being called in a
loop can consume as much as 1ms per iteration for users who are in a
lot of groups.

web/src/settings_data.ts

@@ -356,6 +356,14 @@ export function user_can_access_all_other_users(): boolean {
         return true;
     }
 
+    if (!current_user.is_guest) {
+        // The only valid values for this setting are role:members and
+        // role:everyone, both of which are always true for non-guest
+        // users. This is an important optimization for code that may
+        // call this function in a loop.
+        return true;
+    }
+
     return user_has_permission_for_group_setting(
         realm.realm_can_access_all_users_group,
         "can_access_all_users_group",

web/tests/settings_data.test.cjs

@@ -558,6 +558,10 @@ run_test("user_can_access_all_other_users", ({override}) => {
 
     page_params.is_spectator = false;
     override(current_user, "user_id", member_user_id);
+    override(current_user, "is_guest", false);
+    assert.ok(settings_data.user_can_access_all_other_users());
+    override(current_user, "is_guest", true);
+    // For coverage only: Here the is_guest optimization is skipped.
     assert.ok(settings_data.user_can_access_all_other_users());
 
     override(current_user, "user_id", guest_user_id);

zerver/models/realms.py

@@ -730,6 +730,8 @@ class Realm(models.Model):  # type: ignore[django-manager-missing] # django-stub
             allow_nobody_group=False,
             allow_everyone_group=True,
             default_group_name=SystemGroups.EVERYONE,
+            # Note that user_can_access_all_other_users in the web
+            # app is relying on members always have access.
             allowed_system_groups=[SystemGroups.EVERYONE, SystemGroups.MEMBERS],
         ),
         can_add_subscribers_group=GroupPermissionSetting(