paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-02 04:53:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

stream_data: Fix code to check permission for unsubscribe others.

Browse Source 
We no longer allow admins to unsubscribe others from stream if
they are not allowed as per the can_remove_subscribers_group
setting.
This commit is contained in:
Sahil Batra
2024-11-19 16:42:44 +05:30
committed by Tim Abbott
parent f4c00ce053
commit 7c6110e47a
2 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
web/tests/stream_data.test.cjs
View File

@@ -1187,14 +1187,13 @@ test("can_unsubscribe_others", ({override}) => {
people.initialize_current_user(member_user_id);
assert.equal(stream_data.can_unsubscribe_others(sub), true);
// Even with the nobody system group, admins can still unsubscribe others.
// With the nobody system group, admins cannot unsubscribe others.
sub.can_remove_subscribers_group = nobody.id;
override(current_user, "is_admin", true);
assert.equal(stream_data.can_unsubscribe_others(sub), true);
override(current_user, "is_admin", false);
assert.equal(stream_data.can_unsubscribe_others(sub), false);
// This isn't a real state, but we want coverage on !can_view_subscribers.
sub.can_remove_subscribers_group = all.id;
sub.subscribed = false;
sub.invite_only = true;
override(current_user, "is_admin", true);