mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2025-01-07 07:45:28 +00:00
allow members to see groups and their lists
- add additional logic to visible_to_user, for groups and their objects - cleans up some queries in Group view NOTE: I can't work out how to make group lists only visible to users who should be able to see them, on user group listings. They still can't access the actual group, but can see it on user pages. This is potentialy problematic.
This commit is contained in:
parent
df5a5f94a1
commit
1a02af1450
2 changed files with 15 additions and 11 deletions
|
@ -77,8 +77,17 @@ class BookWyrmModel(models.Model):
|
|||
):
|
||||
return True
|
||||
|
||||
# TODO: if privacy is direct and the object is a group and viewer is a member of the group
|
||||
# then return True
|
||||
# you can see groups of which you are a member
|
||||
if hasattr(self, "members") and viewer in self.members.all():
|
||||
return True
|
||||
|
||||
# you can see objects which have a group of which you are a member
|
||||
if hasattr(self, "group"):
|
||||
if (
|
||||
hasattr(self.group, "members")
|
||||
and viewer in self.group.members.all()
|
||||
):
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ from django.db.models.functions import Greatest
|
|||
|
||||
from bookwyrm import forms, models
|
||||
from bookwyrm.suggested_users import suggested_users
|
||||
from .helpers import privacy_filter # TODO:
|
||||
from .helpers import privacy_filter
|
||||
from .helpers import get_user_from_username
|
||||
from bookwyrm.settings import DOMAIN
|
||||
|
||||
|
@ -23,10 +23,7 @@ class Group(View):
|
|||
def get(self, request, group_id):
|
||||
"""display a group"""
|
||||
|
||||
# TODO: use get_or_404?
|
||||
# TODO: what is the difference between privacy filter and visible to user?
|
||||
# get_object_or_404(models.Group, id=group_id)
|
||||
group = models.Group.objects.get(id=group_id)
|
||||
group = get_object_or_404(models.Group, id=group_id)
|
||||
lists = models.List.objects.filter(group=group).order_by("-updated_date")
|
||||
lists = privacy_filter(request.user, lists)
|
||||
|
||||
|
@ -43,7 +40,6 @@ class Group(View):
|
|||
return TemplateResponse(request, "groups/group.html", data)
|
||||
|
||||
@method_decorator(login_required, name="dispatch")
|
||||
# pylint: disable=unused-argument
|
||||
def post(self, request, group_id):
|
||||
"""edit a group"""
|
||||
user_group = get_object_or_404(models.Group, id=group_id)
|
||||
|
@ -61,7 +57,7 @@ class UserGroups(View):
|
|||
"""display a group"""
|
||||
user = get_user_from_username(request.user, username)
|
||||
groups = models.Group.objects.filter(members=user).order_by("-updated_date")
|
||||
groups = privacy_filter(request.user, groups)
|
||||
# groups = privacy_filter(request.user, groups)
|
||||
paginated = Paginator(groups, 12)
|
||||
|
||||
data = {
|
||||
|
@ -127,8 +123,7 @@ def add_member(request):
|
|||
"""add a member to the group"""
|
||||
|
||||
# TODO: if groups become AP values we need something like get_group_from_group_fullname
|
||||
# group = get_object_or_404(models.Group, id=request.POST.get("group"))
|
||||
group = models.Group.objects.get(id=request.POST["group"])
|
||||
group = get_object_or_404(models.Group, id=request.POST.get("group"))
|
||||
if not group:
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
|
|
Loading…
Reference in a new issue