tests: Refactor check_has_permission_policies to check for all user roles.

We refactor check_has_permission_policies to check for all user roles for each value of policy. This will help in handle a case where a guest is allowed to do something but moderator isn't. We need to do user_profile.refresh_from_db() in validation_func because the realm object from user_profile is used in has_permission and we need updated realm instance after changing the policy. This is a follow-up commit to 9a4c58cb.
2025-11-07 15:33:30 +00:00 · 2021-04-13 19:31:40 +05:30
parent c66a848c97
commit 685fbffd91
3 changed files with 51 additions and 58 deletions
--- a/zerver/lib/test_classes.py
+++ b/zerver/lib/test_classes.py
@@ -47,7 +47,6 @@ from zerver.lib.actions import (
    bulk_remove_subscriptions,
    check_send_message,
    check_send_stream_message,
-    do_change_user_role,
    do_set_realm_property,
    gather_subscriptions,
 )
@@ -1197,58 +1196,54 @@ Output:
        return email_message.from_email

    def check_has_permission_policies(
-        self, user_profile: UserProfile, policy: str, validation_func: Callable[[], bool]
+        self, policy: str, validation_func: Callable[[UserProfile], bool]
    ) -> None:
-        do_change_user_role(user_profile, UserProfile.ROLE_REALM_ADMINISTRATOR, acting_user=None)
-        self.assertTrue(validation_func())

-        do_change_user_role(user_profile, UserProfile.ROLE_MODERATOR, acting_user=None)
-        do_set_realm_property(
-            user_profile.realm, policy, Realm.POLICY_ADMINS_ONLY, acting_user=None
+        realm = get_realm("zulip")
+        admin_user = self.example_user("iago")
+        moderator_user = self.example_user("shiva")
+        member_user = self.example_user("hamlet")
+        new_member_user = self.example_user("othello")
+        guest_user = self.example_user("polonius")
+
+        do_set_realm_property(realm, "waiting_period_threshold", 1000, acting_user=None)
+        new_member_user.date_joined = timezone_now() - timedelta(
+            days=(realm.waiting_period_threshold - 1)
        )
-        self.assertFalse(validation_func())
+        new_member_user.save()

-        do_set_realm_property(
-            user_profile.realm, policy, Realm.POLICY_MODERATORS_ONLY, acting_user=None
+        member_user.date_joined = timezone_now() - timedelta(
+            days=(realm.waiting_period_threshold + 1)
        )
-        self.assertTrue(validation_func())
+        member_user.save()

-        do_change_user_role(user_profile, UserProfile.ROLE_MEMBER, acting_user=None)
-        # Make sure that we are checking the permission with a full member,
-        # as full member is the user just below moderator in the role hierarchy.
-        self.assertFalse(user_profile.is_provisional_member)
-        self.assertFalse(validation_func())
+        do_set_realm_property(realm, policy, Realm.POLICY_ADMINS_ONLY, acting_user=None)
+        self.assertTrue(validation_func(admin_user))
+        self.assertFalse(validation_func(moderator_user))
+        self.assertFalse(validation_func(member_user))
+        self.assertFalse(validation_func(new_member_user))
+        self.assertFalse(validation_func(guest_user))

-        do_set_realm_property(
-            user_profile.realm, policy, Realm.POLICY_MEMBERS_ONLY, acting_user=None
-        )
-        do_change_user_role(user_profile, UserProfile.ROLE_GUEST, acting_user=None)
-        self.assertFalse(validation_func())
+        do_set_realm_property(realm, policy, Realm.POLICY_MODERATORS_ONLY, acting_user=None)
+        self.assertTrue(validation_func(admin_user))
+        self.assertTrue(validation_func(moderator_user))
+        self.assertFalse(validation_func(member_user))
+        self.assertFalse(validation_func(new_member_user))
+        self.assertFalse(validation_func(guest_user))

-        do_change_user_role(user_profile, UserProfile.ROLE_MEMBER, acting_user=None)
-        self.assertTrue(validation_func())
+        do_set_realm_property(realm, policy, Realm.POLICY_FULL_MEMBERS_ONLY, acting_user=None)
+        self.assertTrue(validation_func(admin_user))
+        self.assertTrue(validation_func(moderator_user))
+        self.assertTrue(validation_func(member_user))
+        self.assertFalse(validation_func(new_member_user))
+        self.assertFalse(validation_func(guest_user))

-        do_set_realm_property(
-            user_profile.realm, "waiting_period_threshold", 1000, acting_user=None
-        )
-        do_set_realm_property(
-            user_profile.realm, policy, Realm.POLICY_FULL_MEMBERS_ONLY, acting_user=None
-        )
-        user_profile.date_joined = timezone_now() - timedelta(
-            days=(user_profile.realm.waiting_period_threshold - 1)
-        )
-        self.assertFalse(validation_func())
-
-        # Ensure that the new moderators can also create streams because moderator
-        # being above the full member in role hierarchy.
-        do_change_user_role(user_profile, UserProfile.ROLE_MODERATOR, acting_user=None)
-        self.assertTrue(validation_func())
-
-        do_change_user_role(user_profile, UserProfile.ROLE_MEMBER, acting_user=None)
-        user_profile.date_joined = timezone_now() - timedelta(
-            days=(user_profile.realm.waiting_period_threshold + 1)
-        )
-        self.assertTrue(validation_func())
+        do_set_realm_property(realm, policy, Realm.POLICY_MEMBERS_ONLY, acting_user=None)
+        self.assertTrue(validation_func(admin_user))
+        self.assertTrue(validation_func(moderator_user))
+        self.assertTrue(validation_func(member_user))
+        self.assertTrue(validation_func(new_member_user))
+        self.assertFalse(validation_func(guest_user))


 class WebhookTestCase(ZulipTestCase):
--- a/zerver/tests/test_signup.py
+++ b/zerver/tests/test_signup.py
@@ -1233,12 +1233,11 @@ class InviteUserTest(InviteUserBase):
        self.check_sent_emails([email, email2], custom_from_name="Hamlet")

    def test_can_invite_others_to_realm(self) -> None:
-        othello = self.example_user("othello")
+        def validation_func(user_profile: UserProfile) -> bool:
+            user_profile.refresh_from_db()
+            return user_profile.can_invite_others_to_realm()

-        def validation_func() -> bool:
-            return othello.can_invite_others_to_realm()
-
-        self.check_has_permission_policies(othello, "invite_to_realm_policy", validation_func)
+        self.check_has_permission_policies("invite_to_realm_policy", validation_func)

    def test_invite_others_to_realm_setting(self) -> None:
        """
--- a/zerver/tests/test_subs.py
+++ b/zerver/tests/test_subs.py
@@ -3352,12 +3352,11 @@ class SubscriptionAPITest(ZulipTestCase):
        self.common_subscribe_to_streams(user_profile, ["new_stream3"])

    def test_can_create_streams(self) -> None:
-        othello = self.example_user("othello")
+        def validation_func(user_profile: UserProfile) -> bool:
+            user_profile.refresh_from_db()
+            return user_profile.can_create_streams()

-        def validation_func() -> bool:
-            return othello.can_create_streams()
-
-        self.check_has_permission_policies(othello, "create_stream_policy", validation_func)
+        self.check_has_permission_policies("create_stream_policy", validation_func)

    def test_user_settings_for_subscribing_other_users(self) -> None:
        """
@@ -3454,12 +3453,12 @@ class SubscriptionAPITest(ZulipTestCase):
        You can't subscribe other people to streams if you are a guest or your account is not old
        enough.
        """
-        othello = self.example_user("othello")

-        def validation_func() -> bool:
-            return othello.can_subscribe_other_users()
+        def validation_func(user_profile: UserProfile) -> bool:
+            user_profile.refresh_from_db()
+            return user_profile.can_subscribe_other_users()

-        self.check_has_permission_policies(othello, "invite_to_stream_policy", validation_func)
+        self.check_has_permission_policies("invite_to_stream_policy", validation_func)

    def test_subscriptions_add_invalid_stream(self) -> None:
        """