user_groups: Check permission to manage groups based on group setting.

We also add exception for the group creator to manage groups. See https://chat.zulip.org/#narrow/stream/3-backend/topic/Group.20creation.20-.20who.20can.20change.20the.20setting.2E/near/1943861 for more details. For the tests, wherever possible, we've just added an acting_user when creating a group to test. We've also added an acting_user argument to create_user_group_for_test. We will not remove `user_group_edit_policy` yet. That will be removed once we have introduced this setting to the frontend.
2025-11-03 05:23:35 +00:00 · 2024-09-16 17:19:43 +00:00
parent 91953eca28
commit 6e9d56eaf4
5 changed files with 154 additions and 88 deletions
--- a/zerver/lib/user_groups.py
+++ b/zerver/lib/user_groups.py
@@ -139,6 +139,13 @@ def check_permission_for_managing_all_groups(
    permission, which is a permission that requires either certain roles
    or membership in the group itself to be used.
    """
+    # This is a temporary exception and this should be removed as soon
+    # as `group_creator` is set as a default for `can_manage_group`
+    # property of user groups. See this topic for more details:
+    # https://chat.zulip.org/#narrow/stream/3-backend/topic/Group.20creation.20-.20who.20can.20change.20the.20setting.2E/near/1943861
+    if user_group.creator and user_group.creator.id == user_profile.id:
+        return True
+
    can_edit_all_user_groups = user_profile.can_edit_all_user_groups()
    if can_edit_all_user_groups:
        if user_profile.is_realm_admin or user_profile.is_moderator: