messages: Add a server-level setting to control private stream history.

We don't indend for this server-level setting to exist in the long
term; the purpose of this is just to make it easy to test this code
path for development purposes.

This implements much of the Message side part of #2745.

zerver/lib/streams.py

@@ -147,7 +147,19 @@ def can_access_stream_history_by_name(user_profile: UserProfile, stream_name: Te
         stream = get_stream(stream_name, user_profile.realm)
     except Stream.DoesNotExist:
         return False
-    return stream.is_public()
+
+    if stream.is_history_realm_public():
+        return True
+
+    if stream.is_history_public_to_subscribers():
+        # In this case, we check if the user is subscribed.
+        error = _("Invalid stream name '%s'" % (stream_name,))
+        try:
+            (recipient, sub) = access_stream_common(user_profile, stream, error)
+        except JsonableError:
+            return False
+        return True
+    return False
 
 def filter_stream_authorization(user_profile: UserProfile,
                                 streams: Iterable[Stream]) -> Tuple[List[Stream], List[Stream]]:

zerver/models.py

@@ -954,6 +954,14 @@ class Stream(models.Model):
         # All streams are private in Zephyr mirroring realms.
         return not self.invite_only and not self.is_in_zephyr_realm
 
+    def is_history_realm_public(self) -> bool:
+        return self.is_public()
+
+    def is_history_public_to_subscribers(self) -> bool:
+        if settings.PRIVATE_STREAM_HISTORY_FOR_SUBSCRIBERS:
+            return True
+        return self.is_public()
+
     class Meta:
         unique_together = ("name", "realm")
 

zerver/tests/test_narrow.py

@@ -375,11 +375,19 @@ class IncludeHistoryTest(ZulipTestCase):
         self.assertFalse(ok_to_include_history(narrow, user_profile))
 
         # Definitely forbid seeing history on private streams.
+        self.make_stream('private_stream', realm=user_profile.realm, invite_only=True)
+        subscribed_user_profile = self.example_user("cordelia")
+        self.subscribe(subscribed_user_profile, 'private_stream')
         narrow = [
             dict(operator='stream', operand='private_stream'),
         ]
         self.assertFalse(ok_to_include_history(narrow, user_profile))
 
+        with self.settings(PRIVATE_STREAM_HISTORY_FOR_SUBSCRIBERS=True):
+            # Verify that with this setting, subscribed users can access history.
+            self.assertFalse(ok_to_include_history(narrow, user_profile))
+            self.assertTrue(ok_to_include_history(narrow, subscribed_user_profile))
+
         # History doesn't apply to PMs.
         narrow = [
             dict(operator='is', operand='private'),

zproject/settings.py

@@ -311,6 +311,12 @@ DEFAULT_SETTINGS.update({
     'MAX_ICON_FILE_SIZE': 5,
     'MAX_EMOJI_FILE_SIZE': 5,
 
+    # TODO: This server setting is a hack to help with folks who are
+    # finding our private stream security model painful.  Future work
+    # will migrate this to be a property of Stream or maybe Realm and
+    # this setting will be deprecated.
+    'PRIVATE_STREAM_HISTORY_FOR_SUBSCRIBERS': False,
+
     # Limits to help prevent spam, in particular by sending invitations.
     #
     # A non-admin user who's joined an open realm this recently can't invite at all.