From 5153a036f208dfd3b77eb3c6a29d8876badeb2bc Mon Sep 17 00:00:00 2001 From: Aman Agrawal Date: Tue, 22 Sep 2020 17:31:50 +0530 Subject: [PATCH] events: Disable topic edit & msg edit/delete for web public guest. To ensure web public guests cannot change any data, it's natural that we disable topic & msg edit / delete ops. --- zerver/lib/events.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/zerver/lib/events.py b/zerver/lib/events.py index 79767483de..971601432f 100644 --- a/zerver/lib/events.py +++ b/zerver/lib/events.py @@ -154,9 +154,15 @@ def fetch_initial_state_data(user_profile: Optional[UserProfile], # these manual entries are for those realm settings that don't # fit into that framework. state['realm_authentication_methods'] = realm.authentication_methods_dict() - state['realm_allow_message_editing'] = realm.allow_message_editing - state['realm_allow_community_topic_editing'] = realm.allow_community_topic_editing - state['realm_allow_message_deleting'] = realm.allow_message_deleting + + # We pretend these features are disabled because guests can't + # access them. In the future, we may want to move this logic + # to the frontends, so that we can correctly display what + # these fields are in the settings. + state['realm_allow_message_editing'] = False if user_profile is None else realm.allow_message_editing + state['realm_allow_community_topic_editing'] = False if user_profile is None else realm.allow_community_topic_editing + state['realm_allow_message_deleting'] = False if user_profile is None else realm.allow_message_deleting + state['realm_message_content_edit_limit_seconds'] = realm.message_content_edit_limit_seconds state['realm_message_content_delete_limit_seconds'] = realm.message_content_delete_limit_seconds state['realm_community_topic_editing_limit_seconds'] = \