diff --git a/zerver/tests/test_signup.py b/zerver/tests/test_signup.py index a694675c2a..2980096d78 100644 --- a/zerver/tests/test_signup.py +++ b/zerver/tests/test_signup.py @@ -2085,6 +2085,43 @@ so we didn't send them an invitation. We did send invitations to everyone else!" self.assert_json_success(self.invite(invitee, [stream_name])) + def test_invite_without_permission_to_subscribe_others(self) -> None: + realm = get_realm("zulip") + do_set_realm_property( + realm, "invite_to_stream_policy", Realm.POLICY_ADMINS_ONLY, acting_user=None + ) + + invitee = self.nonreg_email("alice") + + self.login("hamlet") + result = self.invite(invitee, ["Denmark", "Scotland"]) + self.assert_json_error( + result, "You do not have permission to subscribe other users to streams." + ) + + from django.core import mail + + result = self.invite(invitee, []) + self.assert_json_success(result) + self.check_sent_emails([invitee]) + mail.outbox.pop() + + self.login("iago") + invitee = self.nonreg_email("bob") + result = self.invite(invitee, ["Denmark", "Scotland"]) + self.assert_json_success(result) + self.check_sent_emails([invitee]) + mail.outbox.pop() + + do_set_realm_property( + realm, "invite_to_stream_policy", Realm.POLICY_MEMBERS_ONLY, acting_user=None + ) + self.login("hamlet") + invitee = self.nonreg_email("test") + result = self.invite(invitee, ["Denmark", "Scotland"]) + self.assert_json_success(result) + self.check_sent_emails([invitee]) + def test_invitation_reminder_email(self) -> None: from django.core.mail import outbox diff --git a/zerver/views/invite.py b/zerver/views/invite.py index 521b516a80..d39fc96c6f 100644 --- a/zerver/views/invite.py +++ b/zerver/views/invite.py @@ -83,6 +83,9 @@ def invite_users_backend( ) streams.append(stream) + if len(streams) and not user_profile.can_subscribe_other_users(): + raise JsonableError(_("You do not have permission to subscribe other users to streams.")) + do_invite_users( user_profile, invitee_emails,