paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 14:03:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
16a08a8b6b35f11cdc27410ef80043a2b8025563
zulip/zerver/lib/server_initialization.py
Mateusz Mandera da9e4e6e54 backends: Implementation of restricting certain backends by plan. 
Only affects zulipchat, by being based on the BILLING_ENABLED setting.

The restricted backends in this commit are
- AzureAD - restricted to Standard plan
- SAML - restricted to Plus plan, although it was already practically
  restricted due to requiring server-side configuration to be done by us

This restriction is placed upon **enabling** a backend - so
organizations that already have a backend enabled, will continue to be
able to use it. This allows us to make exceptions and enable a backend
for an org manually via the shell, and to grandfather organizations into
keeping the backend they have been relying on.
2024-03-05 11:48:58 -08:00

89 lines
3.0 KiB
Python
Raw Blame History

from typing import Iterable, Optional, Tuple
from django.conf import settings
from django.db import transaction
from zerver.lib.bulk_create import bulk_create_users
from zerver.lib.user_groups import create_system_user_groups_for_realm
from zerver.models import (
Realm,
RealmAuditLog,
RealmAuthenticationMethod,
RealmUserDefault,
UserProfile,
)
from zerver.models.clients import get_client
from zerver.models.users import get_system_bot
from zproject.backends import all_default_backend_names
def server_initialized() -> bool:
return Realm.objects.exists()
@transaction.atomic(durable=True)
def create_internal_realm() -> None:
from zerver.actions.create_realm import set_default_for_realm_permission_group_settings
from zerver.actions.users import do_change_can_forge_sender
realm = Realm(string_id=settings.SYSTEM_BOT_REALM, name="System bot realm")
# For now a dummy value of -1 is given to groups fields which
# is changed later before the transaction is committed.
for permission_configuration in Realm.REALM_PERMISSION_GROUP_SETTINGS.values():
setattr(realm, permission_configuration.id_field_name, -1)
realm.save()
RealmAuditLog.objects.create(
realm=realm, event_type=RealmAuditLog.REALM_CREATED, event_time=realm.date_created
)
RealmUserDefault.objects.create(realm=realm)
create_system_user_groups_for_realm(realm)
set_default_for_realm_permission_group_settings(realm)
RealmAuthenticationMethod.objects.bulk_create(
[
RealmAuthenticationMethod(name=backend_name, realm=realm)
for backend_name in all_default_backend_names()
]
)
# Create some client objects for common requests. Not required;
# just ensures these get low IDs in production, and in development
# avoids an extra database write for the first HTTP request in
# most tests.
get_client("Internal")
get_client("website")
get_client("ZulipMobile")
get_client("ZulipElectron")
internal_bots = [
(bot["name"], bot["email_template"] % (settings.INTERNAL_BOT_DOMAIN,))
for bot in settings.INTERNAL_BOTS
]
create_users(realm, internal_bots, bot_type=UserProfile.DEFAULT_BOT)
# Set the owners for these bots to the bots themselves
bots = UserProfile.objects.filter(email__in=[bot_info[1] for bot_info in internal_bots])
for bot in bots:
bot.bot_owner = bot
bot.save()
# Initialize the email gateway bot as able to forge senders.
email_gateway_bot = get_system_bot(settings.EMAIL_GATEWAY_BOT, realm.id)
do_change_can_forge_sender(email_gateway_bot, True)
def create_users(
realm: Realm,
name_list: Iterable[Tuple[str, str]],
tos_version: Optional[str] = None,
bot_type: Optional[int] = None,
bot_owner: Optional[UserProfile] = None,
) -> None:
user_set = set()
for full_name, email in name_list:
user_set.add((email, full_name, True))
bulk_create_users(
realm, user_set, bot_type=bot_type, bot_owner=bot_owner, tos_version=tos_version
)
Reference in New Issue View Git Blame Copy Permalink