From 4483e33102ca493c7ad3b7a451c3f01151bc3121 Mon Sep 17 00:00:00 2001 From: Shubham Dhama Date: Sat, 2 Jun 2018 19:15:27 +0530 Subject: [PATCH] digest: Make newly registered users data inaccessible to guest users. The new can_access_all_realm_members function is meant to act as a base function for guest users and Zephyr realm users regarding the accessibility of the information of other users in the realm. --- zerver/lib/digest.py | 2 +- zerver/models.py | 3 +++ zerver/tests/test_digest.py | 29 ++++++++++++++++++++++++++++- 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/zerver/lib/digest.py b/zerver/lib/digest.py index d33f947cdf..5c65782da3 100644 --- a/zerver/lib/digest.py +++ b/zerver/lib/digest.py @@ -146,7 +146,7 @@ def gather_hot_conversations(user_profile: UserProfile, stream_messages: QuerySe def gather_new_users(user_profile: UserProfile, threshold: datetime.datetime) -> Tuple[int, List[str]]: # Gather information on users in the realm who have recently # joined. - if user_profile.realm.is_zephyr_mirror_realm: + if not user_profile.can_access_all_realm_members(): new_users = [] # type: List[UserProfile] else: new_users = list(UserProfile.objects.filter( diff --git a/zerver/models.py b/zerver/models.py index 2391d9651a..65d36002c6 100644 --- a/zerver/models.py +++ b/zerver/models.py @@ -822,6 +822,9 @@ class UserProfile(AbstractBaseUser, PermissionsMixin): def can_access_public_streams(self) -> bool: return not (self.is_guest or self.realm.is_zephyr_mirror_realm) + def can_access_all_realm_members(self) -> bool: + return not (self.realm.is_zephyr_mirror_realm or self.is_guest) + def major_tos_version(self) -> int: if self.tos_version is not None: return int(self.tos_version.split('.')[0]) diff --git a/zerver/tests/test_digest.py b/zerver/tests/test_digest.py index aa8e551e4f..dadc776371 100644 --- a/zerver/tests/test_digest.py +++ b/zerver/tests/test_digest.py @@ -8,7 +8,8 @@ from django.test import override_settings from django.utils.timezone import now as timezone_now from zerver.lib.actions import create_stream_if_needed, do_create_user -from zerver.lib.digest import gather_new_streams, handle_digest_email, enqueue_emails +from zerver.lib.digest import gather_new_streams, handle_digest_email, enqueue_emails, \ + gather_new_users from zerver.lib.test_classes import ZulipTestCase from zerver.models import get_client, get_realm, Realm, UserActivity, UserProfile @@ -141,3 +142,29 @@ class TestDigestEmailMessages(ZulipTestCase): new_stream = gather_new_streams(cordelia, cutoff)[1] expected_html = "New stream".format(stream_id=stream_id) self.assertIn(expected_html, new_stream['html']) + + @mock.patch('zerver.lib.digest.timezone_now') + def test_gather_new_users(self, mock_django_timezone: mock.MagicMock) -> None: + cutoff = timezone_now() + do_create_user('abc@example.com', password='abc', realm=get_realm('zulip'), full_name='abc', short_name='abc') + + # Normal users get info about new users + user = self.example_user('aaron') + gathered_no_of_user, _ = gather_new_users(user, cutoff) + self.assertEqual(gathered_no_of_user, 1) + + # Definitely, admin users get info about new users + user = self.example_user('iago') + gathered_no_of_user, _ = gather_new_users(user, cutoff) + self.assertEqual(gathered_no_of_user, 1) + + # Guest users don't get info about new users + user = self.example_user('polonius') + gathered_no_of_user, _ = gather_new_users(user, cutoff) + self.assertEqual(gathered_no_of_user, 0) + + # Zephyr users also don't get info about new users in their realm + user = self.mit_user('starnine') + do_create_user('abc@mit.edu', password='abc', realm=user.realm, full_name='abc', short_name='abc') + gathered_no_of_user, _ = gather_new_users(user, cutoff) + self.assertEqual(gathered_no_of_user, 0)