user_groups: Add a decorator to check group creation permission.

Earlier there was a single decorator function to check whether user can create and edit user groups. This commit adds a new decorator function to check whether user has permissions to create user groups. This was done because in future commits we will be adding a realm level setting for configuring who can create user groups.
2025-11-04 05:53:43 +00:00 · 2023-07-17 12:50:50 +05:30
parent 3f800002be
commit bb0b6900df
3 changed files with 28 additions and 2 deletions
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@@ -677,6 +677,25 @@ def require_user_group_edit_permission(
    return _wrapped_view_func


+def require_user_group_create_permission(
+    view_func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
+) -> Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse]:
+    @require_member_or_admin
+    @wraps(view_func)
+    def _wrapped_view_func(
+        request: HttpRequest,
+        user_profile: UserProfile,
+        /,
+        *args: ParamT.args,
+        **kwargs: ParamT.kwargs,
+    ) -> HttpResponse:
+        if not user_profile.can_create_user_groups():
+            raise JsonableError(_("Insufficient permission"))
+        return view_func(request, user_profile, *args, **kwargs)
+
+    return _wrapped_view_func
+
+
 # This API endpoint is used only for the mobile apps.  It is part of a
 # workaround for the fact that React Native doesn't support setting
 # HTTP basic authentication headers.
--- a/zerver/models/users.py
+++ b/zerver/models/users.py
@@ -844,6 +844,9 @@ class UserProfile(AbstractBaseUser, PermissionsMixin, UserBaseSettings):
    def can_move_messages_between_streams(self) -> bool:
        return self.has_permission("move_messages_between_streams_policy")

+    def can_create_user_groups(self) -> bool:
+        return self.has_permission("user_group_edit_policy")
+
    def can_edit_user_groups(self) -> bool:
        return self.has_permission("user_group_edit_policy")

--- a/zerver/views/user_groups.py
+++ b/zerver/views/user_groups.py
@@ -17,7 +17,11 @@ from zerver.actions.user_groups import (
    do_update_user_group_name,
    remove_subgroups_from_user_group,
 )
-from zerver.decorator import require_member_or_admin, require_user_group_edit_permission
+from zerver.decorator import (
+    require_member_or_admin,
+    require_user_group_create_permission,
+    require_user_group_edit_permission,
+)
 from zerver.lib.exceptions import JsonableError
 from zerver.lib.mention import MentionBackend, silent_mention_syntax_for_user
 from zerver.lib.response import json_success
@@ -46,7 +50,7 @@ from zerver.views.streams import compose_views


@transaction.atomic(durable=True)
-@require_user_group_edit_permission
+@require_user_group_create_permission
@typed_endpoint
 def add_user_group(
    request: HttpRequest,