paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-10 08:56:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

message: Extract logic to check message edit permissions in a function.

Browse Source 
This commit extracts the logic of checking the message edit permissions,
like whether the sender is same as user, whether it is a (no topic)
message or whether community topic editing is allowed, into a separate
function.

This is a prep commit for fixing a bug where permission to move messages
between streams is affected by permission of editing topics.
This commit is contained in:
sahil839
2021-06-03 22:27:52 +05:30
committed by Tim Abbott
parent 6be232aa42
commit db294cb386
1 changed files with 38 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
zerver/lib/actions.py
View File

@@ -2735,6 +2735,43 @@ def validate_message_edit_payload(
raise JsonableError(_("Widgets cannot be edited.")) raise JsonableError(_("Widgets cannot be edited."))
def can_edit_content_or_topic(
message: Message,
user_profile: UserProfile,
is_no_topic_msg: bool,
content: Optional[str] = None,
topic_name: Optional[str] = None,
) -> bool:
# You have permission to edit the message (both content and topic) if you sent it.
if message.sender_id == user_profile.id:
return True
# You cannot edit the content of message sent by someone else.
if content is not None:
return False
# If no topic change is requested, we're done.
if topic_name is None: # nocoverage
return True
# The following cases are the various reasons a user might be
# allowed to edit topics.
# We allow anyone to edit (no topic) messages to help tend them.
if is_no_topic_msg:
return True
# Organization administrators can always edit topics
if user_profile.is_realm_admin:
return True
# The community_topic_editing setting controls normal users editing topics.
if user_profile.realm.allow_community_topic_editing:
return True
return False
def check_update_message( def check_update_message(
user_profile: UserProfile, user_profile: UserProfile,
message_id: int, message_id: int,
@@ -2765,21 +2802,7 @@ def check_update_message(
is_no_topic_msg = message.topic_name() == "(no topic)" is_no_topic_msg = message.topic_name() == "(no topic)"
# You only have permission to edit a message if: if not can_edit_content_or_topic(message, user_profile, is_no_topic_msg, content, topic_name):
# you change this value also change those two parameters in message_edit.js.
# 1. You sent it, OR:
# 2. This is a topic-only edit for a (no topic) message, OR:
# 3. This is a topic-only edit and you are an admin, OR:
# 4. This is a topic-only edit and your realm allows users to edit topics.
if message.sender == user_profile:
pass
elif (content is None) and (
is_no_topic_msg
or user_profile.is_realm_admin
or user_profile.realm.allow_community_topic_editing
):
pass
else:
raise JsonableError(_("You don't have permission to edit this message")) raise JsonableError(_("You don't have permission to edit this message"))
# If there is a change to the content, check that it hasn't been too long # If there is a change to the content, check that it hasn't been too long