paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-12 18:06:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

user_groups: Add access_user_group_to_read_membership.

Browse Source 
This commit adds access_user_group_to_read_membership function
so that we can avoid calling get_user_group_by_id_in_realm with
"for_read=True" from views functions, which is better for security
since that function does not do any access checks.
This commit is contained in:
Sahil Batra
2024-10-01 12:25:12 +05:30
committed by Tim Abbott
parent 096fea48a0
commit c1973d2263
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
zerver/lib/user_groups.py
View File

@@ -125,6 +125,10 @@ def get_user_group_by_id_in_realm(
raise JsonableError(_("Invalid user group"))
def access_user_group_to_read_membership(user_group_id: int, realm: Realm) -> NamedUserGroup:
return get_user_group_by_id_in_realm(user_group_id, realm, for_read=True)
def check_permission_for_managing_all_groups(
user_group: UserGroup, user_profile: UserProfile
) -> bool: