mirror of
https://github.com/zulip/zulip.git
synced 2025-11-14 19:06:09 +00:00
7a6135371e
This commit adds code to handle guests separately for group based settings, where guest will only have permission if that particular setting can be set to "role:everyone" group even if the guest user is part of the group which is used for that setting. This is to make sure that guests do not get permissions for actions that we generally do not want guests to have. Currently the guests do not have permission for most of them except for "Who can delete any message", where guest could delete a message if the setting was set to a user defined group with guest being its member. But this commit still update the code to use the new function for all the settings as we want to have a consistent pattern of how to check whether a user has permission for group-based settings.
552 lines
18 KiB
JavaScript
552 lines
18 KiB
JavaScript
"use strict";
|
|
|
|
const {strict: assert} = require("assert");
|
|
|
|
const {mock_esm, zrequire} = require("./lib/namespace");
|
|
const {run_test} = require("./lib/test");
|
|
const {current_user, page_params, realm, user_settings} = require("./lib/zpage_params");
|
|
|
|
const settings_data = zrequire("settings_data");
|
|
const settings_config = zrequire("settings_config");
|
|
const user_groups = zrequire("user_groups");
|
|
|
|
/*
|
|
Some methods in settings_data are fairly
|
|
trivial, so the meaningful tests happen
|
|
at the higher layers, such as when we
|
|
test people.js.
|
|
*/
|
|
|
|
const isaac = {
|
|
email: "isaac@example.com",
|
|
delivery_email: "isaac-delivery@example.com",
|
|
user_id: 30,
|
|
full_name: "Isaac",
|
|
};
|
|
|
|
const group_permission_settings = mock_esm("../src/group_permission_settings", {});
|
|
|
|
run_test("user_can_change_email", () => {
|
|
const can_change_email = settings_data.user_can_change_email;
|
|
|
|
current_user.is_admin = true;
|
|
assert.equal(can_change_email(), true);
|
|
|
|
current_user.is_admin = false;
|
|
realm.realm_email_changes_disabled = true;
|
|
assert.equal(can_change_email(), false);
|
|
|
|
realm.realm_email_changes_disabled = false;
|
|
assert.equal(can_change_email(), true);
|
|
});
|
|
|
|
run_test("user_can_change_name", () => {
|
|
const can_change_name = settings_data.user_can_change_name;
|
|
|
|
current_user.is_admin = true;
|
|
assert.equal(can_change_name(), true);
|
|
|
|
current_user.is_admin = false;
|
|
realm.realm_name_changes_disabled = true;
|
|
realm.server_name_changes_disabled = false;
|
|
assert.equal(can_change_name(), false);
|
|
|
|
realm.realm_name_changes_disabled = false;
|
|
realm.server_name_changes_disabled = false;
|
|
assert.equal(can_change_name(), true);
|
|
|
|
realm.realm_name_changes_disabled = false;
|
|
realm.server_name_changes_disabled = true;
|
|
assert.equal(can_change_name(), false);
|
|
});
|
|
|
|
run_test("user_can_change_avatar", () => {
|
|
const can_change_avatar = settings_data.user_can_change_avatar;
|
|
|
|
current_user.is_admin = true;
|
|
assert.equal(can_change_avatar(), true);
|
|
|
|
current_user.is_admin = false;
|
|
realm.realm_avatar_changes_disabled = true;
|
|
realm.server_avatar_changes_disabled = false;
|
|
assert.equal(can_change_avatar(), false);
|
|
|
|
realm.realm_avatar_changes_disabled = false;
|
|
realm.server_avatar_changes_disabled = false;
|
|
assert.equal(can_change_avatar(), true);
|
|
|
|
realm.realm_avatar_changes_disabled = false;
|
|
realm.server_avatar_changes_disabled = true;
|
|
assert.equal(can_change_avatar(), false);
|
|
});
|
|
|
|
run_test("user_can_change_logo", () => {
|
|
const can_change_logo = settings_data.user_can_change_logo;
|
|
|
|
current_user.is_admin = true;
|
|
realm.zulip_plan_is_not_limited = true;
|
|
assert.equal(can_change_logo(), true);
|
|
|
|
current_user.is_admin = false;
|
|
realm.zulip_plan_is_not_limited = false;
|
|
assert.equal(can_change_logo(), false);
|
|
|
|
current_user.is_admin = true;
|
|
realm.zulip_plan_is_not_limited = false;
|
|
assert.equal(can_change_logo(), false);
|
|
|
|
current_user.is_admin = false;
|
|
realm.zulip_plan_is_not_limited = true;
|
|
assert.equal(can_change_logo(), false);
|
|
});
|
|
|
|
function test_policy(label, policy, validation_func) {
|
|
run_test(label, () => {
|
|
current_user.is_admin = true;
|
|
realm[policy] = settings_config.common_policy_values.by_admins_only.code;
|
|
assert.equal(validation_func(), true);
|
|
|
|
current_user.is_admin = false;
|
|
assert.equal(validation_func(), false);
|
|
|
|
current_user.is_moderator = true;
|
|
realm[policy] = settings_config.common_policy_values.by_moderators_only.code;
|
|
assert.equal(validation_func(), true);
|
|
|
|
current_user.is_moderator = false;
|
|
assert.equal(validation_func(), false);
|
|
|
|
current_user.is_guest = true;
|
|
realm[policy] = settings_config.common_policy_values.by_members.code;
|
|
assert.equal(validation_func(), false);
|
|
|
|
current_user.is_guest = false;
|
|
assert.equal(validation_func(), true);
|
|
|
|
page_params.is_spectator = true;
|
|
realm[policy] = settings_config.common_policy_values.by_members.code;
|
|
assert.equal(validation_func(), false);
|
|
|
|
page_params.is_spectator = false;
|
|
assert.equal(validation_func(), true);
|
|
|
|
realm[policy] = settings_config.common_policy_values.by_full_members.code;
|
|
current_user.user_id = 30;
|
|
isaac.date_joined = new Date(Date.now());
|
|
settings_data.initialize(isaac.date_joined);
|
|
realm.realm_waiting_period_threshold = 10;
|
|
assert.equal(validation_func(), false);
|
|
|
|
isaac.date_joined = new Date(Date.now() - 20 * 86400000);
|
|
settings_data.initialize(isaac.date_joined);
|
|
assert.equal(validation_func(), true);
|
|
});
|
|
}
|
|
|
|
test_policy(
|
|
"user_can_subscribe_other_users",
|
|
"realm_invite_to_stream_policy",
|
|
settings_data.user_can_subscribe_other_users,
|
|
);
|
|
test_policy(
|
|
"user_can_invite_others_to_realm",
|
|
"realm_invite_to_realm_policy",
|
|
settings_data.user_can_invite_users_by_email,
|
|
);
|
|
test_policy(
|
|
"user_can_move_messages_between_streams",
|
|
"realm_move_messages_between_streams_policy",
|
|
settings_data.user_can_move_messages_between_streams,
|
|
);
|
|
test_policy(
|
|
"user_can_create_user_groups",
|
|
"realm_user_group_edit_policy",
|
|
settings_data.user_can_create_user_groups,
|
|
);
|
|
test_policy(
|
|
"user_can_edit_all_user_groups",
|
|
"realm_user_group_edit_policy",
|
|
settings_data.user_can_edit_all_user_groups,
|
|
);
|
|
test_policy(
|
|
"user_can_add_custom_emoji",
|
|
"realm_add_custom_emoji_policy",
|
|
settings_data.user_can_add_custom_emoji,
|
|
);
|
|
|
|
function test_message_policy(label, policy, validation_func) {
|
|
run_test(label, () => {
|
|
current_user.is_admin = true;
|
|
realm[policy] = settings_config.common_message_policy_values.by_admins_only.code;
|
|
assert.equal(validation_func(), true);
|
|
|
|
current_user.is_admin = false;
|
|
current_user.is_moderator = true;
|
|
assert.equal(validation_func(), false);
|
|
|
|
realm[policy] = settings_config.common_message_policy_values.by_moderators_only.code;
|
|
assert.equal(validation_func(), true);
|
|
|
|
current_user.is_moderator = false;
|
|
assert.equal(validation_func(), false);
|
|
|
|
current_user.is_guest = true;
|
|
realm[policy] = settings_config.common_message_policy_values.by_everyone.code;
|
|
assert.equal(validation_func(), true);
|
|
|
|
realm[policy] = settings_config.common_message_policy_values.by_members.code;
|
|
assert.equal(validation_func(), false);
|
|
|
|
current_user.is_guest = false;
|
|
assert.equal(validation_func(), true);
|
|
|
|
realm[policy] = settings_config.common_message_policy_values.by_full_members.code;
|
|
current_user.user_id = 30;
|
|
isaac.date_joined = new Date(Date.now());
|
|
realm.realm_waiting_period_threshold = 10;
|
|
settings_data.initialize(isaac.date_joined);
|
|
assert.equal(validation_func(), false);
|
|
|
|
isaac.date_joined = new Date(Date.now() - 20 * 86400000);
|
|
settings_data.initialize(isaac.date_joined);
|
|
assert.equal(validation_func(), true);
|
|
});
|
|
}
|
|
|
|
test_message_policy(
|
|
"user_can_move_messages_to_another_topic",
|
|
"realm_edit_topic_policy",
|
|
settings_data.user_can_move_messages_to_another_topic,
|
|
);
|
|
|
|
run_test("user_can_move_messages_to_another_topic_nobody_case", () => {
|
|
current_user.is_admin = true;
|
|
current_user.is_guest = false;
|
|
realm.realm_edit_topic_policy = settings_config.edit_topic_policy_values.nobody.code;
|
|
assert.equal(settings_data.user_can_move_messages_to_another_topic(), false);
|
|
});
|
|
|
|
run_test("user_can_move_messages_between_streams_nobody_case", () => {
|
|
current_user.is_admin = true;
|
|
current_user.is_guest = false;
|
|
realm.realm_move_messages_between_streams_policy =
|
|
settings_config.move_messages_between_streams_policy_values.nobody.code;
|
|
assert.equal(settings_data.user_can_move_messages_between_streams(), false);
|
|
});
|
|
|
|
test_realm_group_settings(
|
|
"realm_can_delete_any_message_group",
|
|
settings_data.user_can_delete_any_message,
|
|
);
|
|
|
|
test_realm_group_settings(
|
|
"realm_can_delete_own_message_group",
|
|
settings_data.user_can_delete_own_message,
|
|
);
|
|
|
|
run_test("using_dark_theme", () => {
|
|
user_settings.color_scheme = settings_config.color_scheme_values.dark.code;
|
|
assert.equal(settings_data.using_dark_theme(), true);
|
|
|
|
user_settings.color_scheme = settings_config.color_scheme_values.automatic.code;
|
|
|
|
window.matchMedia = (query) => {
|
|
assert.equal(query, "(prefers-color-scheme: dark)");
|
|
return {matches: true};
|
|
};
|
|
assert.equal(settings_data.using_dark_theme(), true);
|
|
|
|
window.matchMedia = (query) => {
|
|
assert.equal(query, "(prefers-color-scheme: dark)");
|
|
return {matches: false};
|
|
};
|
|
assert.equal(settings_data.using_dark_theme(), false);
|
|
|
|
user_settings.color_scheme = settings_config.color_scheme_values.light.code;
|
|
assert.equal(settings_data.using_dark_theme(), false);
|
|
});
|
|
|
|
run_test("user_can_invite_others_to_realm_nobody_case", () => {
|
|
current_user.is_admin = true;
|
|
current_user.is_guest = false;
|
|
realm.realm_invite_to_realm_policy =
|
|
settings_config.email_invite_to_realm_policy_values.nobody.code;
|
|
assert.equal(settings_data.user_can_invite_users_by_email(), false);
|
|
});
|
|
|
|
run_test("user_email_not_configured", () => {
|
|
const user_email_not_configured = settings_data.user_email_not_configured;
|
|
|
|
current_user.is_owner = false;
|
|
assert.equal(user_email_not_configured(), false);
|
|
|
|
current_user.is_owner = true;
|
|
current_user.delivery_email = "";
|
|
assert.equal(user_email_not_configured(), true);
|
|
|
|
current_user.delivery_email = "name@example.com";
|
|
assert.equal(user_email_not_configured(), false);
|
|
});
|
|
|
|
function test_realm_group_settings(setting_name, validation_func) {
|
|
const admin_user_id = 1;
|
|
const moderator_user_id = 2;
|
|
const member_user_id = 3;
|
|
|
|
const admins = {
|
|
name: "Admins",
|
|
id: 1,
|
|
members: new Set([admin_user_id]),
|
|
is_system_group: true,
|
|
direct_subgroup_ids: new Set([]),
|
|
};
|
|
const moderators = {
|
|
name: "Moderators",
|
|
id: 2,
|
|
members: new Set([moderator_user_id]),
|
|
is_system_group: true,
|
|
direct_subgroup_ids: new Set([1]),
|
|
};
|
|
|
|
group_permission_settings.get_group_permission_setting_config = () => ({
|
|
allow_everyone_group: false,
|
|
});
|
|
|
|
user_groups.initialize({realm_user_groups: [admins, moderators]});
|
|
page_params.is_spectator = true;
|
|
assert.equal(validation_func(), false);
|
|
|
|
page_params.is_spectator = false;
|
|
current_user.is_guest = false;
|
|
realm[setting_name] = 1;
|
|
current_user.user_id = admin_user_id;
|
|
assert.equal(validation_func(), true);
|
|
|
|
current_user.user_id = moderator_user_id;
|
|
assert.equal(validation_func(), false);
|
|
|
|
realm[setting_name] = 2;
|
|
current_user.user_id = moderator_user_id;
|
|
assert.equal(validation_func(), true);
|
|
|
|
current_user.user_id = member_user_id;
|
|
assert.equal(validation_func(), false);
|
|
|
|
current_user.user_id = moderator_user_id;
|
|
current_user.is_guest = true;
|
|
assert.equal(validation_func(), false);
|
|
|
|
group_permission_settings.get_group_permission_setting_config = () => ({
|
|
allow_everyone_group: true,
|
|
});
|
|
assert.equal(validation_func(), true);
|
|
}
|
|
|
|
run_test("user_can_create_multiuse_invite", () => {
|
|
test_realm_group_settings(
|
|
"realm_create_multiuse_invite_group",
|
|
settings_data.user_can_create_multiuse_invite,
|
|
);
|
|
});
|
|
|
|
run_test("can_edit_user_group", () => {
|
|
const admins = {
|
|
description: "Administrators",
|
|
name: "role:administrators",
|
|
id: 1,
|
|
members: new Set([1]),
|
|
is_system_group: true,
|
|
direct_subgroup_ids: new Set([]),
|
|
can_manage_group: 4,
|
|
can_mention_group: 1,
|
|
};
|
|
const moderators = {
|
|
description: "Moderators",
|
|
name: "role:moderators",
|
|
id: 2,
|
|
members: new Set([2]),
|
|
is_system_group: true,
|
|
direct_subgroup_ids: new Set([1]),
|
|
can_manage_group: 4,
|
|
can_mention_group: 1,
|
|
};
|
|
const members = {
|
|
description: "Members",
|
|
name: "role:members",
|
|
id: 3,
|
|
members: new Set([3]),
|
|
is_system_group: true,
|
|
direct_subgroup_ids: new Set([1, 2]),
|
|
can_manage_group: 4,
|
|
can_mention_group: 4,
|
|
};
|
|
const nobody = {
|
|
description: "Nobody",
|
|
name: "role:nobody",
|
|
id: 4,
|
|
members: new Set([]),
|
|
is_system_group: true,
|
|
direct_subgroup_ids: new Set([]),
|
|
can_manage_group: 4,
|
|
can_mention_group: 2,
|
|
};
|
|
const students = {
|
|
description: "Students group",
|
|
name: "Students",
|
|
id: 5,
|
|
members: new Set([1, 2]),
|
|
is_system_group: false,
|
|
direct_subgroup_ids: new Set([4, 5]),
|
|
can_manage_group: 4,
|
|
can_mention_group: 3,
|
|
};
|
|
user_groups.initialize({
|
|
realm_user_groups: [admins, moderators, members, nobody, students],
|
|
});
|
|
|
|
page_params.is_spectator = true;
|
|
assert.ok(!settings_data.can_edit_user_group(students.id));
|
|
|
|
page_params.is_spectator = false;
|
|
realm.realm_user_group_edit_policy = settings_config.common_policy_values.by_admins_only.code;
|
|
current_user.user_id = 3;
|
|
assert.ok(!settings_data.can_edit_user_group(students.id));
|
|
|
|
current_user.is_admin = true;
|
|
assert.ok(settings_data.can_edit_user_group(students.id));
|
|
|
|
current_user.is_admin = false;
|
|
current_user.is_moderator = true;
|
|
assert.ok(!settings_data.can_edit_user_group(students.id));
|
|
|
|
realm.realm_user_group_edit_policy = settings_config.common_policy_values.by_members.code;
|
|
current_user.is_moderator = false;
|
|
current_user.is_guest = false;
|
|
assert.ok(!settings_data.can_edit_user_group(students.id));
|
|
|
|
current_user.user_id = 2;
|
|
assert.ok(settings_data.can_edit_user_group(students.id));
|
|
|
|
realm.realm_user_group_edit_policy = settings_config.common_policy_values.by_admins_only.code;
|
|
assert.ok(!settings_data.can_edit_user_group(students.id));
|
|
|
|
const event = {
|
|
group_id: students.id,
|
|
data: {
|
|
can_manage_group: members.id,
|
|
},
|
|
};
|
|
user_groups.update(event);
|
|
assert.ok(settings_data.can_edit_user_group(students.id));
|
|
|
|
current_user.user_id = 3;
|
|
assert.ok(settings_data.can_edit_user_group(students.id));
|
|
});
|
|
|
|
run_test("type_id_to_string", () => {
|
|
page_params.bot_types = [
|
|
{
|
|
type_id: 1,
|
|
name: "Generic bot",
|
|
allowed: true,
|
|
},
|
|
{
|
|
type_id: 2,
|
|
name: "Incoming webhook",
|
|
allowed: true,
|
|
},
|
|
];
|
|
|
|
assert.equal(settings_data.bot_type_id_to_string(1), "Generic bot");
|
|
assert.equal(settings_data.bot_type_id_to_string(2), "Incoming webhook");
|
|
assert.equal(settings_data.bot_type_id_to_string(5), undefined);
|
|
});
|
|
|
|
run_test("user_can_access_all_other_users", () => {
|
|
const guest_user_id = 1;
|
|
const member_user_id = 2;
|
|
|
|
const members = {
|
|
name: "role:members",
|
|
id: 1,
|
|
members: new Set([member_user_id]),
|
|
is_system_group: true,
|
|
direct_subgroup_ids: new Set([]),
|
|
};
|
|
const everyone = {
|
|
name: "role:everyone",
|
|
id: 2,
|
|
members: new Set([guest_user_id]),
|
|
is_system_group: true,
|
|
direct_subgroup_ids: new Set([1]),
|
|
};
|
|
|
|
user_groups.initialize({realm_user_groups: [members, everyone]});
|
|
realm.realm_can_access_all_users_group = members.id;
|
|
|
|
// Test spectators case.
|
|
page_params.is_spectator = true;
|
|
assert.ok(settings_data.user_can_access_all_other_users());
|
|
|
|
page_params.is_spectator = false;
|
|
current_user.user_id = member_user_id;
|
|
assert.ok(settings_data.user_can_access_all_other_users());
|
|
|
|
current_user.user_id = guest_user_id;
|
|
assert.ok(!settings_data.user_can_access_all_other_users());
|
|
|
|
realm.realm_can_access_all_users_group = everyone.id;
|
|
assert.ok(settings_data.user_can_access_all_other_users());
|
|
});
|
|
|
|
run_test("user_can_create_public_streams", () => {
|
|
test_realm_group_settings(
|
|
"realm_can_create_public_channel_group",
|
|
settings_data.user_can_create_public_streams,
|
|
);
|
|
});
|
|
|
|
run_test("user_can_create_private_streams", () => {
|
|
test_realm_group_settings(
|
|
"realm_can_create_private_channel_group",
|
|
settings_data.user_can_create_private_streams,
|
|
);
|
|
});
|
|
|
|
run_test("user_can_create_web_public_streams", () => {
|
|
realm.server_web_public_streams_enabled = true;
|
|
realm.realm_enable_spectator_access = true;
|
|
|
|
test_realm_group_settings(
|
|
"realm_can_create_web_public_channel_group",
|
|
settings_data.user_can_create_web_public_streams,
|
|
);
|
|
const owner_user_id = 4;
|
|
const owners = {
|
|
name: "Admins",
|
|
id: 3,
|
|
members: new Set([owner_user_id]),
|
|
is_system_group: true,
|
|
direct_subgroup_ids: new Set([]),
|
|
};
|
|
current_user.user_id = owner_user_id;
|
|
user_groups.initialize({realm_user_groups: [owners]});
|
|
|
|
realm.server_web_public_streams_enabled = true;
|
|
realm.realm_enable_spectator_access = true;
|
|
realm.realm_can_create_web_public_channel_group = owners.id;
|
|
assert.equal(settings_data.user_can_create_web_public_streams(), true);
|
|
|
|
realm.realm_enable_spectator_access = false;
|
|
realm.server_web_public_streams_enabled = true;
|
|
assert.equal(settings_data.user_can_create_web_public_streams(), false);
|
|
|
|
realm.realm_enable_spectator_access = true;
|
|
realm.server_web_public_streams_enabled = false;
|
|
assert.equal(settings_data.user_can_create_web_public_streams(), false);
|
|
|
|
realm.realm_enable_spectator_access = false;
|
|
realm.server_web_public_streams_enabled = false;
|
|
assert.equal(settings_data.user_can_create_web_public_streams(), false);
|
|
});
|