From cba8738eeaab760e6300d976776d7bbaeecde7cf Mon Sep 17 00:00:00 2001
From: Lauryn Menard <lauryn@zulip.com>
Date: Tue, 18 Oct 2022 19:01:58 +0200
Subject: [PATCH] search: Check if user can access stream topics before
 fetching history.

When building search suggestions for stream topics, instead of
assuming that the user has access to the stream's topic history
from the server, we check whether the user has access to the
stream's topics.
---
 static/js/search_suggestion.js | 24 +++++++++++++-----------
 static/js/stream_data.js       |  7 +++++++
 2 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/static/js/search_suggestion.js b/static/js/search_suggestion.js
index d57c73c19e..0d3ac9892a 100644
--- a/static/js/search_suggestion.js
+++ b/static/js/search_suggestion.js
@@ -389,21 +389,23 @@ function get_topic_suggestions(last, operators) {
         return [];
     }
 
-    const stream_id = stream_data.get_stream_id(stream);
-    if (!stream_id) {
+    const stream_sub = stream_data.get_sub(stream);
+    if (!stream_sub) {
         return [];
     }
 
-    // Fetch topic history from the server, in case we will need it.
-    // Note that we won't actually use the results from the server here
-    // for this particular keystroke from the user, because we want to
-    // show results immediately. Assuming the server responds quickly,
-    // as the user makes their search more specific, subsequent calls to
-    // this function will get more candidates from calling
-    // stream_topic_history.get_recent_topic_names.
-    stream_topic_history_util.get_server_history(stream_id, () => {});
+    if (stream_data.can_access_topic_history(stream_sub)) {
+        // Fetch topic history from the server, in case we will need it.
+        // Note that we won't actually use the results from the server here
+        // for this particular keystroke from the user, because we want to
+        // show results immediately. Assuming the server responds quickly,
+        // as the user makes their search more specific, subsequent calls to
+        // this function will get more candidates from calling
+        // stream_topic_history.get_recent_topic_names.
+        stream_topic_history_util.get_server_history(stream_sub.stream_id, () => {});
+    }
 
-    const candidate_topics = stream_topic_history.get_recent_topic_names(stream_id);
+    const candidate_topics = stream_topic_history.get_recent_topic_names(stream_sub.stream_id);
 
     if (!candidate_topics || !candidate_topics.length) {
         return [];
diff --git a/static/js/stream_data.js b/static/js/stream_data.js
index 16ea4c07c2..9df146ea32 100644
--- a/static/js/stream_data.js
+++ b/static/js/stream_data.js
@@ -530,6 +530,13 @@ export function can_toggle_subscription(sub) {
     );
 }
 
+export function can_access_topic_history(sub) {
+    // Anyone can access topic history for web-public streams and
+    // subscriptions; additionally, members can access history for
+    // public streams.
+    return sub.is_web_public || can_toggle_subscription(sub);
+}
+
 export function can_preview(sub) {
     return sub.subscribed || !sub.invite_only || sub.previously_subscribed;
 }