paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-14 10:57:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

invite: Make inviting new users inaccessible for guest users.

Browse Source
This commit is contained in:
Shubham Dhama
2018-06-08 18:13:27 +05:30
committed by Tim Abbott
parent 425b4a3866
commit 596ce5b60f
6 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
static/js/admin.js
View File

@@ -70,6 +70,7 @@ exports.setup_page = function () {
realm_notifications_stream_id: page_params.realm_notifications_stream_id, realm_notifications_stream_id: page_params.realm_notifications_stream_id,
realm_signup_notifications_stream_id: page_params.realm_signup_notifications_stream_id, realm_signup_notifications_stream_id: page_params.realm_signup_notifications_stream_id,
is_admin: page_params.is_admin, is_admin: page_params.is_admin,
is_guest: page_params.is_guest,
realm_icon_source: page_params.realm_icon_source, realm_icon_source: page_params.realm_icon_source,
realm_icon_url: page_params.realm_icon_url, realm_icon_url: page_params.realm_icon_url,
realm_mandatory_topics: page_params.realm_mandatory_topics, realm_mandatory_topics: page_params.realm_mandatory_topics,

1
zerver/lib/events.py
View File

@@ -224,6 +224,7 @@ def fetch_initial_state_data(user_profile: UserProfile,
state['can_create_streams'] = user_profile.can_create_streams() state['can_create_streams'] = user_profile.can_create_streams()
state['cross_realm_bots'] = list(get_cross_realm_dicts()) state['cross_realm_bots'] = list(get_cross_realm_dicts())
state['is_admin'] = user_profile.is_realm_admin state['is_admin'] = user_profile.is_realm_admin
state['is_guest'] = user_profile.is_guest
state['user_id'] = user_profile.id state['user_id'] = user_profile.id
state['enter_sends'] = user_profile.enter_sends state['enter_sends'] = user_profile.enter_sends
state['email'] = user_profile.email state['email'] = user_profile.email

16
zerver/tests/test_home.py
View File

@@ -82,6 +82,7 @@ class HomeTest(ZulipTestCase):
"hotspots", "hotspots",
"initial_servertime", "initial_servertime",
"is_admin", "is_admin",
"is_guest",
"jitsi_server_url", "jitsi_server_url",
"language_list", "language_list",
"language_list_dbl_col", "language_list_dbl_col",
@@ -601,6 +602,21 @@ class HomeTest(ZulipTestCase):
html = result.content.decode('utf-8') html = result.content.decode('utf-8')
self.assertIn('Invite more users', html) self.assertIn('Invite more users', html)
def test_show_invites_for_guest_users(self) -> None:
user_profile = self.example_user('polonius')
email = user_profile.email
realm = user_profile.realm
realm.invite_by_admins_only = False
realm.save()
self.login(email)
self.assertFalse(user_profile.is_realm_admin)
self.assertFalse(get_realm('zulip').invite_by_admins_only)
result = self._get_home_page()
html = result.content.decode('utf-8')
self.assertNotIn('Invite more users', html)
def test_desktop_home(self) -> None: def test_desktop_home(self) -> None:
email = self.example_email("hamlet") email = self.example_email("hamlet")
self.login(email) self.login(email)

10
zerver/tests/test_signup.py
View File

@@ -820,6 +820,16 @@ earl-test@zulip.com""", ["Denmark"]))
"You must specify at least one email address.") "You must specify at least one email address.")
self.check_sent_emails([]) self.check_sent_emails([])
def test_guest_user_invitation(self) -> None:
"""
Guest user can't invite new users
"""
self.login(self.example_email("polonius"))
invitee = "alice-test@zulip.com"
self.assert_json_error(self.invite(invitee, ["Denmark"]), "Not allowed for guest users")
self.assertEqual(find_key_by_email(invitee), None)
self.check_sent_emails([])
def test_invalid_stream(self) -> None: def test_invalid_stream(self) -> None:
""" """
Tests inviting to a non-existent stream. Tests inviting to a non-existent stream.

3
zerver/views/home.py
View File

@@ -245,6 +245,8 @@ def home_real(request: HttpRequest) -> HttpResponse:
# Some realms only allow admins to invite users # Some realms only allow admins to invite users
if user_profile.realm.invite_by_admins_only and not user_profile.is_realm_admin: if user_profile.realm.invite_by_admins_only and not user_profile.is_realm_admin:
show_invites = False show_invites = False
if user_profile.is_guest:
show_invites = False
request._log_data['extra'] = "[%s]" % (register_ret["queue_id"],) request._log_data['extra'] = "[%s]" % (register_ret["queue_id"],)
@@ -264,6 +266,7 @@ def home_real(request: HttpRequest) -> HttpResponse:
'pipeline': settings.PIPELINE_ENABLED, 'pipeline': settings.PIPELINE_ENABLED,
'show_invites': show_invites, 'show_invites': show_invites,
'is_admin': user_profile.is_realm_admin, 'is_admin': user_profile.is_realm_admin,
'is_guest': user_profile.is_guest,
'show_webathena': user_profile.realm.webathena_enabled, 'show_webathena': user_profile.realm.webathena_enabled,
'enable_feedback': settings.ENABLE_FEEDBACK, 'enable_feedback': settings.ENABLE_FEEDBACK,
'embedded': narrow_stream is not None, 'embedded': narrow_stream is not None,

5
zerver/views/invite.py
View File

@@ -5,7 +5,9 @@ from django.http import HttpRequest, HttpResponse
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from typing import List, Optional, Set from typing import List, Optional, Set
from zerver.decorator import require_realm_admin, to_non_negative_int from zerver.decorator import require_realm_admin, to_non_negative_int, \
require_non_guest_human_user
from zerver.lib.actions import do_invite_users, do_revoke_user_invite, do_resend_user_invite_email, \ from zerver.lib.actions import do_invite_users, do_revoke_user_invite, do_resend_user_invite_email, \
get_default_subs, do_get_user_invites, do_create_multiuse_invite_link get_default_subs, do_get_user_invites, do_create_multiuse_invite_link
from zerver.lib.request import REQ, has_request_variables, JsonableError from zerver.lib.request import REQ, has_request_variables, JsonableError
@@ -16,6 +18,7 @@ from zerver.models import PreregistrationUser, Stream, UserProfile
import re import re
@require_non_guest_human_user
@has_request_variables @has_request_variables
def invite_users_backend(request: HttpRequest, user_profile: UserProfile, def invite_users_backend(request: HttpRequest, user_profile: UserProfile,
invitee_emails_raw: str=REQ("invitee_emails"), invitee_emails_raw: str=REQ("invitee_emails"),