paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 13:33:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move API super users configuration into the database.

Browse Source 
(imported from commit 3cc702f93e7252b42930dba4bde93a915b6dbf44)
This commit is contained in:
Tim Abbott
2015-09-20 10:32:01 -07:00
parent bfcae58cac
commit 858d0a984b
6 changed files with 72 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
zerver/lib/actions.py
View File

@@ -1462,16 +1462,17 @@ def do_change_default_all_public_streams(user_profile, value, log=True):
default_all_public_streams=user_profile.default_all_public_streams,)), default_all_public_streams=user_profile.default_all_public_streams,)),
bot_owner_userids(user_profile)) bot_owner_userids(user_profile))
def do_change_is_admin(user_profile, is_admin): def do_change_is_admin(user_profile, is_admin, permission='administer'):
if is_admin: if is_admin:
assign_perm('administer', user_profile, user_profile.realm) assign_perm(permission, user_profile, user_profile.realm)
else: else:
remove_perm('administer', user_profile, user_profile.realm) remove_perm(permission, user_profile, user_profile.realm)
event = dict(type="realm_user", op="update", if permission == 'administer':
person=dict(email=user_profile.email, event = dict(type="realm_user", op="update",
is_admin=is_admin)) person=dict(email=user_profile.email,
send_event(event, active_user_ids(user_profile.realm)) is_admin=is_admin))
send_event(event, active_user_ids(user_profile.realm))
def do_make_stream_public(user_profile, realm, stream_name): def do_make_stream_public(user_profile, realm, stream_name):
stream_name = stream_name.strip() stream_name = stream_name.strip()

17
zerver/management/commands/knight.py
View File

@@ -24,6 +24,11 @@ ONLY perform this on customer request from an authorized person.
action="store_false", action="store_false",
default=True, default=True,
help='Remove an administrator\'s rights.') help='Remove an administrator\'s rights.')
parser.add_argument('--permission',
dest='permission',
action="store",
default='administer',
help='Permission to grant/remove.')
parser.add_argument('email', metavar='<email>', type=str, parser.add_argument('email', metavar='<email>', type=str,
help="email of user to knight") help="email of user to knight")
@@ -35,21 +40,21 @@ ONLY perform this on customer request from an authorized person.
raise CommandError("No such user.") raise CommandError("No such user.")
if options['grant']: if options['grant']:
if profile.has_perm('administer', profile.realm): if profile.has_perm(options['permission'], profile.realm):
raise CommandError("User already has permission for this realm.") raise CommandError("User already has permission for this realm.")
else: else:
if options['ack']: if options['ack']:
do_change_is_admin(profile, True) do_change_is_admin(profile, True, permission=options['permission'])
print "Done!" print "Done!"
else: else:
print "Would have made %s an administrator for %s" % (email, profile.realm.domain) print "Would have granted %s %s rights for %s" % (email, options['permission'], profile.realm.domain)
else: else:
if profile.has_perm('administer', profile.realm): if profile.has_perm(options['permission'], profile.realm):
if options['ack']: if options['ack']:
do_change_is_admin(profile, False) do_change_is_admin(profile, False, permission=options['permission'])
print "Done!" print "Done!"
else: else:
print "Would have removed %s's administrator rights on %s" % (email, print "Would have removed %s's %s rights on %s" % (email, options['permission'],
profile.realm.domain) profile.realm.domain)
else: else:
raise CommandError("User did not have permission for this realm!") raise CommandError("User did not have permission for this realm!")

18
zerver/migrations/0005_auto_20150920_1340.py Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import models, migrations
class Migration(migrations.Migration):
dependencies = [
('zerver', '0004_userprofile_left_side_userlist'),
]
operations = [
migrations.AlterModelOptions(
name='realm',
options={'permissions': (('administer', 'Administer a realm'), ('api_super_user', 'Can send messages as other users for mirroring'))},
),
]

10
zerver/models.py
View File

@@ -34,8 +34,8 @@ bugdown = None
MAX_SUBJECT_LENGTH = 60 MAX_SUBJECT_LENGTH = 60
MAX_MESSAGE_LENGTH = 10000 MAX_MESSAGE_LENGTH = 10000
def is_super_user(user): def is_super_user(user_profile):
return user.email in settings.API_SUPER_USERS return user_profile.is_api_super_user()
def is_super_user_api(request): def is_super_user_api(request):
return request.user.is_authenticated() and is_super_user(request.user) return request.user.is_authenticated() and is_super_user(request.user)
@@ -158,6 +158,7 @@ class Realm(models.Model):
class Meta: class Meta:
permissions = ( permissions = (
('administer', "Administer a realm"), ('administer', "Administer a realm"),
('api_super_user', "Can send messages as other users for mirroring"),
) )
post_save.connect(flush_realm, sender=Realm) post_save.connect(flush_realm, sender=Realm)
@@ -385,6 +386,11 @@ class UserProfile(AbstractBaseUser, PermissionsMixin):
def is_admin(self): def is_admin(self):
return self.has_perm('administer', self.realm) return self.has_perm('administer', self.realm)
def is_api_super_user(self):
# TODO: Remove API_SUPER_USERS hack; fixing this will require
# setting the email bot as a super user in the provision process.
return self.has_perm('api_super_user', self.realm) or self.email in settings.API_SUPER_USERS
def last_reminder_tzaware(self): def last_reminder_tzaware(self):
if self.last_reminder is not None and timezone.is_naive(self.last_reminder): if self.last_reminder is not None and timezone.is_naive(self.last_reminder):
logging.warning("Loaded a user_profile.last_reminder for user %s that's not tz-aware: %s" logging.warning("Loaded a user_profile.last_reminder for user %s that's not tz-aware: %s"

27
zerver/test_messages.py
View File

@@ -443,6 +443,33 @@ class StreamMessagesTest(AuthedTestCase):
message = most_recent_message(user_profile) message = most_recent_message(user_profile)
assert(UserMessage.objects.get(user_profile=user_profile, message=message).flags.mentioned.is_set) assert(UserMessage.objects.get(user_profile=user_profile, message=message).flags.mentioned.is_set)
def test_stream_message_mirroring(self):
from zerver.lib.actions import do_change_is_admin
user_profile = get_user_profile_by_email("iago@zulip.com")
do_change_is_admin(user_profile, True, 'api_super_user')
result = self.client.post("/api/v1/send_message", {"type": "stream",
"to": "Verona",
"sender": "cordelia@zulip.com",
"client": "test suite",
"subject": "announcement",
"content": "Everyone knows Iago rules",
"forged": "true",
"email": user_profile.email,
"api-key": user_profile.api_key})
self.assert_json_success(result)
do_change_is_admin(user_profile, False, 'api_super_user')
result = self.client.post("/api/v1/send_message", {"type": "stream",
"to": "Verona",
"sender": "cordelia@zulip.com",
"client": "test suite",
"subject": "announcement",
"content": "Everyone knows Iago rules",
"forged": "true",
"email": user_profile.email,
"api-key": user_profile.api_key})
self.assert_json_error(result, "User not authorized for this query")
@slow(0.28, 'checks all users') @slow(0.28, 'checks all users')
def test_message_to_stream(self): def test_message_to_stream(self):
""" """

8
zproject/local_settings.py
View File

@@ -111,14 +111,6 @@ NAGIOS_STAGING_RECEIVE_BOT = 'cordelia@zulip.com'
# Also used for support email in emails templates # Also used for support email in emails templates
ZULIP_ADMINISTRATOR = 'support@zulip.com' ZULIP_ADMINISTRATOR = 'support@zulip.com'
# TODO: Store this info in the database
# Also note -- the email gateway bot is automatically added.
API_SUPER_USERS = set(["tabbott/extra@mit.edu",
"irc-bot@zulip.com",
"bot1@customer35.invalid",
"bot1@customer36.invalid",
"hipchat-bot@zulip.com",])
ADMINS = ( ADMINS = (
('Zulip Error Reports', 'errors@zulip.com'), ('Zulip Error Reports', 'errors@zulip.com'),
) )