mirror of
https://github.com/zulip/zulip.git
synced 2025-11-02 21:13:36 +00:00
a30cd12433
Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. We fix this by fixing the logic in has_message_access (which lies at the core of our message access checks - access_message() and bulk_access_messages()) to not rely on only a UserMessage row for checking access but also verify stream type and subscription status.