paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 05:23:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

message_fetch: Allow spectators to access all messages view.

Browse Source
This commit is contained in:
Aman Agrawal
2024-03-05 09:59:50 +00:00
committed by Tim Abbott
parent 2b12c8b4b9
commit 5548a28980
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
zerver/views/message_fetch.py
View File

@@ -78,6 +78,20 @@ def get_search_fields(
}
def clean_narrow_for_web_public_api(narrow: OptionalNarrowListT) -> OptionalNarrowListT:
if narrow is None:
return None
# Remove {'operator': 'in', 'operand': 'home', 'negated': False} from narrow.
# This is to allow spectators to access all messages. The narrow should still pass
# is_web_public_narrow check after this change.
return [
term
for term in narrow
if not (term["operator"] == "in" and term["operand"] == "home" and not term["negated"])
]
@has_request_variables
def get_messages_backend(
request: HttpRequest,
@@ -117,6 +131,7 @@ def get_messages_backend(
# non-web-public stream messages) via this path.
if not realm.allow_web_public_streams_access():
raise MissingAuthenticationError
narrow = clean_narrow_for_web_public_api(narrow)
if not is_web_public_narrow(narrow):
raise MissingAuthenticationError
assert narrow is not None