overide filters for groups and group lists

- use more sensible query for displaying groups on user page - privacy_filter now allows group members to see followers_only and private lists and groups they would otherwise not see
2024-06-24 07:50:39 +00:00 · 2021-10-09 16:11:11 +11:00 · 2021-10-09 16:11:11 +11:00 · 1bf5758e01
parent 714a369246
commit 1bf5758e01
4 changed files with 38 additions and 12 deletions
--- a/bookwyrm/models/group.py
+++ b/bookwyrm/models/group.py
@ -19,6 +19,22 @@ class Group(BookWyrmModel):
        """don't want the user to be in there in this case"""
        return f"https://{DOMAIN}/group/{self.id}"

+    @classmethod
+    def followers_filter(cls, queryset, viewer):
+        """Override filter for "followers" privacy level to allow non-following group members to see the existence of groups and group lists"""
+
+        return queryset.exclude(
+            ~Q(  # user isn't following and it isn't their own status and they are not a group member
+                Q(user__followers=viewer) | Q(user=viewer) | Q(memberships__user=viewer)
+            ),
+            privacy="followers",  # and the status of the group is followers only
+        )
+
+    @classmethod
+    def direct_filter(cls, queryset, viewer):
+        """Override filter for "direct" privacy level to allow group members to see the existence of groups and group lists"""
+
+        return queryset.exclude(~Q(memberships__user=viewer), privacy="direct")

 class GroupMember(models.Model):
    """Users who are members of a group"""
--- a/bookwyrm/models/list.py
+++ b/bookwyrm/models/list.py
@ -1,6 +1,7 @@
 """ make a list of books!! """
 from django.apps import apps
 from django.db import models
+from django.db.models import Q
 from django.utils import timezone

 from bookwyrm import activitypub
@ -71,6 +72,22 @@ class List(OrderedCollectionMixin, BookWyrmModel):
            return
        super().raise_not_editable(viewer)

+    @classmethod
+    def followers_filter(cls, queryset, viewer):
+        """Override filter for "followers" privacy level to allow non-following group members to see the existence of group lists"""
+
+        return queryset.exclude(
+            ~Q(  # user isn't following and it isn't their own status and they are not a group member
+                Q(user__followers=viewer) | Q(user=viewer) | Q(group__memberships__user=viewer)
+            ),
+            privacy="followers",  # and the status (of the list) is followers only
+        )
+
+    @classmethod
+    def direct_filter(cls, queryset, viewer):
+        """Override filter for "direct" privacy level to allow group members to see the existence of group lists"""
+
+        return queryset.exclude(~Q(group__memberships__user=viewer), privacy="direct")

 class ListItem(CollectionItemMixin, BookWyrmModel):
    """ok"""
--- a/bookwyrm/templates/groups/user_groups.html
+++ b/bookwyrm/templates/groups/user_groups.html
@ -3,8 +3,7 @@
 {% load interaction %}

 <div class="columns is-multiline">
-    {% for membership in memberships %}
-    {% with group=membership.group %}
+    {% for group in groups %}
    <div class="column is-one-quarter">
        <div class="card is-stretchable">
            <header class="card-header">
@ -32,6 +31,5 @@
            </div>
        </div>
    </div>
-    {% endwith %}
    {% endfor %}
 </div>
--- a/bookwyrm/views/group.py
+++ b/bookwyrm/views/group.py
@ -24,11 +24,8 @@ class Group(View):
        """display a group"""

        group = get_object_or_404(models.Group, id=group_id)
-        lists = models.List.objects.filter(group=group).order_by("-updated_date")
-        # lists = privacy_filter(request.user, lists)
-
-        # don't show groups to users who shouldn't see them
        group.raise_visible_to_user(request.user)
+        lists = models.List.privacy_filter(request.user).filter(group=group).order_by("-updated_date")

        data = {
            "group": group,
@ -56,13 +53,11 @@ class UserGroups(View):
    def get(self, request, username):
        """display a group"""
        user = get_user_from_username(request.user, username)
-        memberships = (
-            models.GroupMember.objects.filter(user=user).all().order_by("-updated_date")
-        )
-        paginated = Paginator(memberships, 12)
+        groups = models.Group.privacy_filter(request.user).filter(memberships__user=user).order_by("-updated_date")
+        paginated = Paginator(groups, 12)

        data = {
-            "memberships": paginated.get_page(request.GET.get("page")),
+            "groups": paginated.get_page(request.GET.get("page")),
            "is_self": request.user.id == user.id,
            "user": user,
            "group_form": forms.GroupForm(),