realm_domains: Allow only owners to add, edit or delete domains.

We allow only owners to add, edit or delete the allowed domains.
This commit only contains backend changes, frontend changes will
be done in a separate commit.

zerver/tests/test_realm_domains.py

@@ -29,17 +29,17 @@ class RealmDomainTest(ZulipTestCase):
         ]
         self.assertEqual(received, expected)
 
-    def test_not_realm_admin(self) -> None:
-        self.login("hamlet")
+    def test_not_realm_owner(self) -> None:
+        self.login("iago")
         result = self.client_post("/json/realm/domains")
-        self.assert_json_error(result, "Must be an organization administrator")
+        self.assert_json_error(result, "Must be an organization owner")
         result = self.client_patch("/json/realm/domains/15")
-        self.assert_json_error(result, "Must be an organization administrator")
+        self.assert_json_error(result, "Must be an organization owner")
         result = self.client_delete("/json/realm/domains/15")
-        self.assert_json_error(result, "Must be an organization administrator")
+        self.assert_json_error(result, "Must be an organization owner")
 
     def test_create_realm_domain(self) -> None:
-        self.login("iago")
+        self.login("desdemona")
         data = {
             "domain": "",
             "allow_subdomains": orjson.dumps(True).decode(),
@@ -65,9 +65,7 @@ class RealmDomainTest(ZulipTestCase):
         mit_user_profile = self.mit_user("sipbtest")
         self.login_user(mit_user_profile)
 
-        do_change_user_role(
-            mit_user_profile, UserProfile.ROLE_REALM_ADMINISTRATOR, acting_user=None
-        )
+        do_change_user_role(mit_user_profile, UserProfile.ROLE_REALM_OWNER, acting_user=None)
 
         result = self.client_post(
             "/json/realm/domains", info=data, HTTP_HOST=mit_user_profile.realm.host
@@ -75,7 +73,7 @@ class RealmDomainTest(ZulipTestCase):
         self.assert_json_success(result)
 
     def test_patch_realm_domain(self) -> None:
-        self.login("iago")
+        self.login("desdemona")
         realm = get_realm("zulip")
         RealmDomain.objects.create(realm=realm, domain="acme.com", allow_subdomains=False)
         data = {
@@ -96,7 +94,7 @@ class RealmDomainTest(ZulipTestCase):
         self.assert_json_error(result, "No entry found for domain non-existent.com.")
 
     def test_delete_realm_domain(self) -> None:
-        self.login("iago")
+        self.login("desdemona")
         realm = get_realm("zulip")
         RealmDomain.objects.create(realm=realm, domain="acme.com")
         result = self.client_delete("/json/realm/domains/non-existent.com")

zerver/views/realm_domains.py

@@ -7,7 +7,7 @@ from zerver.actions.realm_domains import (
     do_change_realm_domain,
     do_remove_realm_domain,
 )
-from zerver.decorator import require_realm_admin
+from zerver.decorator import require_realm_owner
 from zerver.lib.domains import validate_domain
 from zerver.lib.exceptions import JsonableError
 from zerver.lib.request import REQ, has_request_variables
@@ -21,7 +21,7 @@ def list_realm_domains(request: HttpRequest, user_profile: UserProfile) -> HttpR
     return json_success(request, data={"domains": domains})
 
 
-@require_realm_admin
+@require_realm_owner
 @has_request_variables
 def create_realm_domain(
     request: HttpRequest,
@@ -44,7 +44,7 @@ def create_realm_domain(
     return json_success(request, data={"new_domain": [realm_domain.id, realm_domain.domain]})
 
 
-@require_realm_admin
+@require_realm_owner
 @has_request_variables
 def patch_realm_domain(
     request: HttpRequest,
@@ -60,7 +60,7 @@ def patch_realm_domain(
     return json_success(request)
 
 
-@require_realm_admin
+@require_realm_owner
 @has_request_variables
 def delete_realm_domain(
     request: HttpRequest, user_profile: UserProfile, domain: str