streams: Change flow in filter_stream_authorization.

This change makes the flow more coherent by instead of checking, in the last condition, if the user isn't authorized to access that stream, check if they are, as it is done in the other checks. Only if all the conditions are false, which means that the user doesn't have access to that stream, the stream is added to the unauthorized_streams list.
2025-11-17 20:41:46 +00:00 · 2020-07-29 18:54:00 -03:00
parent 4466716f6c
commit fda94a49c1
1 changed files with 5 additions and 4 deletions
--- a/zerver/lib/streams.py
+++ b/zerver/lib/streams.py
@@ -397,10 +397,11 @@ def filter_stream_authorization(user_profile: UserProfile,
        if stream.id in streams_subscribed:
            continue

-        # Users are not authorized for invite_only streams, and guest
-        # users are not authorized for any streams
-        if stream.invite_only or user_profile.is_guest:
-            unauthorized_streams.append(stream)
+        # Members and administrators are authorized for public streams
+        if not stream.invite_only and not user_profile.is_guest:
+            continue
+
+        unauthorized_streams.append(stream)

    authorized_streams = [stream for stream in streams if
                          stream.id not in {stream.id for stream in unauthorized_streams}]