invite: Make inviting new users inaccessible for guest users.

2025-11-16 03:41:58 +00:00 · 2018-06-08 18:13:27 +05:30
parent 425b4a3866
commit 596ce5b60f
6 changed files with 35 additions and 1 deletions
--- a/static/js/admin.js
+++ b/static/js/admin.js
@@ -70,6 +70,7 @@ exports.setup_page = function () {
        realm_notifications_stream_id: page_params.realm_notifications_stream_id,
        realm_signup_notifications_stream_id: page_params.realm_signup_notifications_stream_id,
        is_admin: page_params.is_admin,
+        is_guest: page_params.is_guest,
        realm_icon_source: page_params.realm_icon_source,
        realm_icon_url: page_params.realm_icon_url,
        realm_mandatory_topics: page_params.realm_mandatory_topics,
--- a/zerver/lib/events.py
+++ b/zerver/lib/events.py
@@ -224,6 +224,7 @@ def fetch_initial_state_data(user_profile: UserProfile,
        state['can_create_streams'] = user_profile.can_create_streams()
        state['cross_realm_bots'] = list(get_cross_realm_dicts())
        state['is_admin'] = user_profile.is_realm_admin
+        state['is_guest'] = user_profile.is_guest
        state['user_id'] = user_profile.id
        state['enter_sends'] = user_profile.enter_sends
        state['email'] = user_profile.email
--- a/zerver/tests/test_home.py
+++ b/zerver/tests/test_home.py
@@ -82,6 +82,7 @@ class HomeTest(ZulipTestCase):
            "hotspots",
            "initial_servertime",
            "is_admin",
+            "is_guest",
            "jitsi_server_url",
            "language_list",
            "language_list_dbl_col",
@@ -601,6 +602,21 @@ class HomeTest(ZulipTestCase):
        html = result.content.decode('utf-8')
        self.assertIn('Invite more users', html)

+    def test_show_invites_for_guest_users(self) -> None:
+        user_profile = self.example_user('polonius')
+        email = user_profile.email
+
+        realm = user_profile.realm
+        realm.invite_by_admins_only = False
+        realm.save()
+
+        self.login(email)
+        self.assertFalse(user_profile.is_realm_admin)
+        self.assertFalse(get_realm('zulip').invite_by_admins_only)
+        result = self._get_home_page()
+        html = result.content.decode('utf-8')
+        self.assertNotIn('Invite more users', html)
+
    def test_desktop_home(self) -> None:
        email = self.example_email("hamlet")
        self.login(email)
--- a/zerver/tests/test_signup.py
+++ b/zerver/tests/test_signup.py
@@ -820,6 +820,16 @@ earl-test@zulip.com""", ["Denmark"]))
            "You must specify at least one email address.")
        self.check_sent_emails([])

+    def test_guest_user_invitation(self) -> None:
+        """
+        Guest user can't invite new users
+        """
+        self.login(self.example_email("polonius"))
+        invitee = "alice-test@zulip.com"
+        self.assert_json_error(self.invite(invitee, ["Denmark"]), "Not allowed for guest users")
+        self.assertEqual(find_key_by_email(invitee), None)
+        self.check_sent_emails([])
+
    def test_invalid_stream(self) -> None:
        """
        Tests inviting to a non-existent stream.
--- a/zerver/views/home.py
+++ b/zerver/views/home.py
@@ -245,6 +245,8 @@ def home_real(request: HttpRequest) -> HttpResponse:
    # Some realms only allow admins to invite users
    if user_profile.realm.invite_by_admins_only and not user_profile.is_realm_admin:
        show_invites = False
+    if user_profile.is_guest:
+        show_invites = False

    request._log_data['extra'] = "[%s]" % (register_ret["queue_id"],)

@@ -264,6 +266,7 @@ def home_real(request: HttpRequest) -> HttpResponse:
                               'pipeline': settings.PIPELINE_ENABLED,
                               'show_invites': show_invites,
                               'is_admin': user_profile.is_realm_admin,
+                               'is_guest': user_profile.is_guest,
                               'show_webathena': user_profile.realm.webathena_enabled,
                               'enable_feedback': settings.ENABLE_FEEDBACK,
                               'embedded': narrow_stream is not None,
--- a/zerver/views/invite.py
+++ b/zerver/views/invite.py
@@ -5,7 +5,9 @@ from django.http import HttpRequest, HttpResponse
 from django.utils.translation import ugettext as _
 from typing import List, Optional, Set

-from zerver.decorator import require_realm_admin, to_non_negative_int
+from zerver.decorator import require_realm_admin, to_non_negative_int, \
+    require_non_guest_human_user
+
 from zerver.lib.actions import do_invite_users, do_revoke_user_invite, do_resend_user_invite_email, \
    get_default_subs, do_get_user_invites, do_create_multiuse_invite_link
 from zerver.lib.request import REQ, has_request_variables, JsonableError
@@ -16,6 +18,7 @@ from zerver.models import PreregistrationUser, Stream, UserProfile

 import re

+@require_non_guest_human_user
@has_request_variables
 def invite_users_backend(request: HttpRequest, user_profile: UserProfile,
                         invitee_emails_raw: str=REQ("invitee_emails"),