From e87fcd07895200c8a14c7620a45bca631822ea65 Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulipchat.com>
Date: Mon, 8 Jul 2019 13:43:54 -0700
Subject: [PATCH] management: Fix obsolete check for double-adding a
 permission.

The .has_perm logic in this management command dates from use of
django-guardian that ended years ago.
---
 zerver/management/commands/knight.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/zerver/management/commands/knight.py b/zerver/management/commands/knight.py
index 4eac94375e..9b4bb7ca7e 100644
--- a/zerver/management/commands/knight.py
+++ b/zerver/management/commands/knight.py
@@ -41,7 +41,8 @@ ONLY perform this on customer request from an authorized person.
         user = self.get_user(email, realm)
 
         if options['grant']:
-            if user.has_perm(options['permission'], user.realm):
+            if (user.is_realm_admin and options['permission'] == "administer" or
+                    user.is_api_super_user and options['permission'] == "api_super_user"):
                 raise CommandError("User already has permission for this realm.")
             else:
                 if options['ack']:
@@ -51,7 +52,8 @@ ONLY perform this on customer request from an authorized person.
                     print("Would have granted %s %s rights for %s" % (
                           email, options['permission'], user.realm.string_id))
         else:
-            if user.has_perm(options['permission'], user.realm):
+            if (user.is_realm_admin and options['permission'] == "administer" or
+                    user.is_api_super_user and options['permission'] == "api_super_user"):
                 if options['ack']:
                     do_change_is_admin(user, False, permission=options['permission'])
                     print("Done!")