paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 14:03:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

users: Replace duplication with generic func to validate bot id.

Browse Source 
This adds a common function `access_bot_by_id` to access bot id within
same realm.  It probably fixes some corner case bugs where we weren't
checking for deactivated bots when regenerating API keys.
This commit is contained in:
Yashashvi Dave
2018-05-29 00:12:31 +05:30
committed by Tim Abbott
parent 07b63e4886
commit 47aaf4e20a
3 changed files with 19 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
zerver/lib/users.py
View File

@@ -7,7 +7,7 @@ from zerver.lib.cache import generic_bulk_cached_fetch, user_profile_cache_key_i
user_profile_by_id_cache_key
from zerver.lib.request import JsonableError
from zerver.models import UserProfile, Service, Realm, \
get_user_profile_by_id, query_for_ids
get_user_profile_by_id, query_for_ids, get_user_profile_by_id_in_realm
from zulip_bots.custom_exceptions import ConfigValidationError
@@ -130,3 +130,14 @@ def user_ids_to_users(user_ids: List[int], realm: Realm) -> List[UserProfile]:
if user_profile.realm != realm:
raise JsonableError(_("Invalid user ID: %s" % (user_profile.id,)))
return user_profiles
def access_bot_by_id(user_profile: UserProfile, user_id: int) -> UserProfile:
try:
target = get_user_profile_by_id_in_realm(user_id, user_profile.realm)
except UserProfile.DoesNotExist:
raise JsonableError(_("No such bot"))
if not target.is_bot:
raise JsonableError(_("No such bot"))
if not user_profile.can_admin_user(target):
raise JsonableError(_("Insufficient permission"))
return target