From 5b32dcd2e72937b68524b2c03fdba84d345891b0 Mon Sep 17 00:00:00 2001 From: sahil839 Date: Sun, 21 Mar 2021 22:47:45 +0530 Subject: [PATCH] settings: Add moderators-only option in create_stream_policy. This commit modifies the has_permission function to include realm moderator role. Thus this adds a new option of moderators only for create_stream_policy. Though this automatically adds this option for invite_to_stream_policy also, but we will keep other code for showing error and for tests in a separate commit. --- zerver/lib/streams.py | 2 ++ zerver/models.py | 8 ++++++++ zerver/tests/test_subs.py | 36 ++++++++++++++++++++++++++++++++---- 3 files changed, 42 insertions(+), 4 deletions(-) diff --git a/zerver/lib/streams.py b/zerver/lib/streams.py index fce9b1ffb9..6feae51b80 100644 --- a/zerver/lib/streams.py +++ b/zerver/lib/streams.py @@ -604,6 +604,8 @@ def list_to_streams( if not user_profile.can_create_streams(): if user_profile.realm.create_stream_policy == Realm.POLICY_ADMINS_ONLY: raise JsonableError(_("Only administrators can create streams.")) + if user_profile.realm.create_stream_policy == Realm.POLICY_MODERATORS_ONLY: + raise JsonableError(_("Only administrators and moderators can create streams.")) if user_profile.realm.create_stream_policy == Realm.POLICY_FULL_MEMBERS_ONLY: raise JsonableError(_("Your account is too new to create streams.")) raise JsonableError(_("Not allowed for guest users")) diff --git a/zerver/models.py b/zerver/models.py index 0a4d5ccc3a..8f4dd7f99d 100644 --- a/zerver/models.py +++ b/zerver/models.py @@ -253,11 +253,13 @@ class Realm(models.Model): POLICY_MEMBERS_ONLY = 1 POLICY_ADMINS_ONLY = 2 POLICY_FULL_MEMBERS_ONLY = 3 + POLICY_MODERATORS_ONLY = 4 COMMON_POLICY_TYPES = [ POLICY_MEMBERS_ONLY, POLICY_ADMINS_ONLY, POLICY_FULL_MEMBERS_ONLY, + POLICY_MODERATORS_ONLY, ] # Who in the organization is allowed to create streams. @@ -1449,6 +1451,12 @@ class UserProfile(AbstractBaseUser, PermissionsMixin): if policy_value == Realm.POLICY_ADMINS_ONLY: return False + if self.is_moderator: + return True + + if policy_value == Realm.POLICY_MODERATORS_ONLY: + return False + if self.is_guest: return False diff --git a/zerver/tests/test_subs.py b/zerver/tests/test_subs.py index 7a0b86b2e2..e4d0b65269 100644 --- a/zerver/tests/test_subs.py +++ b/zerver/tests/test_subs.py @@ -3216,6 +3216,7 @@ class SubscriptionAPITest(ZulipTestCase): do_set_realm_property( realm, "create_stream_policy", Realm.POLICY_ADMINS_ONLY, acting_user=None ) + do_change_user_role(user_profile, UserProfile.ROLE_MODERATOR, acting_user=None) result = self.common_subscribe_to_streams( user_profile, ["new_stream1"], @@ -3226,6 +3227,23 @@ class SubscriptionAPITest(ZulipTestCase): do_change_user_role(user_profile, UserProfile.ROLE_REALM_ADMINISTRATOR, acting_user=None) self.common_subscribe_to_streams(user_profile, ["new_stream1"]) + do_set_realm_property( + realm, "create_stream_policy", Realm.POLICY_MODERATORS_ONLY, acting_user=None + ) + do_change_user_role(user_profile, UserProfile.ROLE_MEMBER, acting_user=None) + # Make sure that we are checking the permission with a full member, + # as full member is the user just below moderator in the role hierarchy. + self.assertFalse(user_profile.is_provisional_member) + result = self.common_subscribe_to_streams( + user_profile, + ["new_stream2"], + allow_fail=True, + ) + self.assert_json_error(result, "Only administrators and moderators can create streams.") + + do_change_user_role(user_profile, UserProfile.ROLE_MODERATOR, acting_user=None) + self.common_subscribe_to_streams(user_profile, ["new_stream2"]) + do_set_realm_property( realm, "create_stream_policy", Realm.POLICY_MEMBERS_ONLY, acting_user=None ) @@ -3240,7 +3258,7 @@ class SubscriptionAPITest(ZulipTestCase): do_change_user_role(user_profile, UserProfile.ROLE_MEMBER, acting_user=None) self.common_subscribe_to_streams( self.test_user, - ["new_stream2"], + ["new_stream3"], ) do_set_realm_property( @@ -3249,7 +3267,7 @@ class SubscriptionAPITest(ZulipTestCase): do_set_realm_property(realm, "waiting_period_threshold", 100000, acting_user=None) result = self.common_subscribe_to_streams( user_profile, - ["new_stream3"], + ["new_stream4"], allow_fail=True, ) self.assert_json_error(result, "Your account is too new to create streams.") @@ -3262,12 +3280,20 @@ class SubscriptionAPITest(ZulipTestCase): do_change_user_role(othello, UserProfile.ROLE_REALM_ADMINISTRATOR, acting_user=None) self.assertTrue(othello.can_create_streams()) - do_change_user_role(othello, UserProfile.ROLE_MEMBER, acting_user=None) + do_change_user_role(othello, UserProfile.ROLE_MODERATOR, acting_user=None) do_set_realm_property( othello.realm, "create_stream_policy", Realm.POLICY_ADMINS_ONLY, acting_user=None ) + self.assertFalse(othello.can_create_streams()) + + do_set_realm_property( + othello.realm, "create_stream_policy", Realm.POLICY_MODERATORS_ONLY, acting_user=None + ) + self.assertTrue(othello.can_create_streams()) + + do_change_user_role(othello, UserProfile.ROLE_MEMBER, acting_user=None) # Make sure that we are checking the permission with a full member, - # as full member is the user just below admin in the role hierarchy. + # as full member is the user just below moderator in the role hierarchy. self.assertFalse(othello.is_provisional_member) self.assertFalse(othello.can_create_streams()) @@ -3289,6 +3315,8 @@ class SubscriptionAPITest(ZulipTestCase): ) self.assertFalse(othello.can_create_streams()) + # Ensure that the new moderators can also create streams because moderator + # being above the full member in role hierarchy. do_change_user_role(othello, UserProfile.ROLE_MODERATOR, acting_user=None) self.assertTrue(othello.can_create_streams())