Better user block privacy

bookwyrm/models/user.py

@@ -112,6 +112,16 @@ class User(OrderedCollectionPageMixin, AbstractUser):
 
     activity_serializer = activitypub.Person
 
+    @classmethod
+    def viewer_aware_objects(cls, viewer):
+        ''' the user queryset filtered for the context of the logged in user '''
+        queryset = cls.objects.filter(is_active=True)
+        if viewer.is_authenticated:
+            queryset = queryset.exclude(
+                blocks=viewer
+            )
+        return queryset
+
     def to_outbox(self, filter_type=None, **kwargs):
         ''' an ordered collection of statuses '''
         if filter_type:

bookwyrm/tests/views/test_helpers.py

@@ -56,12 +56,14 @@ class ViewsHelpers(TestCase):
     def test_get_user_from_username(self):
         ''' works for either localname or username '''
         self.assertEqual(
-            views.helpers.get_user_from_username('mouse'), self.local_user)
+            views.helpers.get_user_from_username(
+                self.local_user, 'mouse'), self.local_user)
         self.assertEqual(
             views.helpers.get_user_from_username(
-                'mouse@local.com'), self.local_user)
+                self.local_user, 'mouse@local.com'), self.local_user)
         with self.assertRaises(models.User.DoesNotExist):
-            views.helpers.get_user_from_username('mojfse@example.com')
+            views.helpers.get_user_from_username(
+                self.local_user, 'mojfse@example.com')
 
 
     def test_is_api_request(self):

bookwyrm/views/feed.py

@@ -65,7 +65,7 @@ class DirectMessage(View):
         user = None
         if username:
             try:
-                user = get_user_from_username(username)
+                user = get_user_from_username(request.user, username)
             except models.User.DoesNotExist:
                 pass
         if user:

bookwyrm/views/follow.py

@@ -13,7 +13,7 @@ def follow(request):
     ''' follow another user, here or abroad '''
     username = request.POST['user']
     try:
-        to_follow = get_user_from_username(username)
+        to_follow = get_user_from_username(request.user, username)
     except models.User.DoesNotExist:
         return HttpResponseBadRequest()
 
@@ -33,7 +33,7 @@ def unfollow(request):
     ''' unfollow a user '''
     username = request.POST['user']
     try:
-        to_unfollow = get_user_from_username(username)
+        to_unfollow = get_user_from_username(request.user, username)
     except models.User.DoesNotExist:
         return HttpResponseBadRequest()
 
@@ -52,7 +52,7 @@ def accept_follow_request(request):
     ''' a user accepts a follow request '''
     username = request.POST['user']
     try:
-        requester = get_user_from_username(username)
+        requester = get_user_from_username(request.user, username)
     except models.User.DoesNotExist:
         return HttpResponseBadRequest()
 
@@ -75,7 +75,7 @@ def delete_follow_request(request):
     ''' a user rejects a follow request '''
     username = request.POST['user']
     try:
-        requester = get_user_from_username(username)
+        requester = get_user_from_username(request.user, username)
     except models.User.DoesNotExist:
         return HttpResponseBadRequest()
 

bookwyrm/views/helpers.py

@@ -9,13 +9,13 @@ from bookwyrm.status import create_generated_note
 from bookwyrm.utils import regex
 
 
-def get_user_from_username(username):
+def get_user_from_username(viewer, username):
     ''' helper function to resolve a localname or a username to a user '''
     # raises DoesNotExist if user is now found
     try:
-        return models.User.objects.get(localname=username)
+        return models.User.viwer_aware_objects(viewer).get(localname=username)
     except models.User.DoesNotExist:
-        return models.User.objects.get(username=username)
+        return models.User.viewer_aware_objects(viewer).get(username=username)
 
 
 def is_api_request(request):

bookwyrm/views/search.py

@@ -33,7 +33,7 @@ class Search(View):
             handle_remote_webfinger(query)
 
         # do a  user search
-        user_results = models.User.objects.annotate(
+        user_results = models.User.viewer_aware_objects(request.user).annotate(
             similarity=Greatest(
                 TrigramSimilarity('username', query),
                 TrigramSimilarity('localname', query),

bookwyrm/views/shelf.py

@@ -19,7 +19,7 @@ class Shelf(View):
     def get(self, request, username, shelf_identifier):
         ''' display a shelf '''
         try:
-            user = get_user_from_username(username)
+            user = get_user_from_username(request.user, username)
         except models.User.DoesNotExist:
             return HttpResponseNotFound()
 

bookwyrm/views/user.py

@@ -26,7 +26,7 @@ class User(View):
     def get(self, request, username):
         ''' profile page for a user '''
         try:
-            user = get_user_from_username(username)
+            user = get_user_from_username(request.user, username)
         except models.User.DoesNotExist:
             return HttpResponseNotFound()
 
@@ -96,7 +96,7 @@ class Followers(View):
     def get(self, request, username):
         ''' list of followers '''
         try:
-            user = get_user_from_username(username)
+            user = get_user_from_username(request.user, username)
         except models.User.DoesNotExist:
             return HttpResponseNotFound()
 
@@ -121,7 +121,7 @@ class Following(View):
     def get(self, request, username):
         ''' list of followers '''
         try:
-            user = get_user_from_username(username)
+            user = get_user_from_username(request.user, username)
         except models.User.DoesNotExist:
             return HttpResponseNotFound()