non-owners can't add users to groups

- hide add-user pages from non-owners - hide user searchbox from non-owners - fix find-user searchbox being in wrong place where no results
2024-12-03 06:46:39 +00:00 · 2021-10-02 14:41:23 +10:00 · 2021-10-02 14:41:23 +10:00 · 70e0128052
commit 70e0128052
parent 5237e88aba
3 changed files with 23 additions and 5 deletions
--- a/bookwyrm/templates/groups/group.html
+++ b/bookwyrm/templates/groups/group.html
@ -61,6 +61,7 @@
        {% include "snippets/pagination.html" with page=items %}
    </section>

+    {% if group.user == request.user %}
    <section class="column is-one-quarter">
      <div class="block">
          <h2 class="title is-5">Find new members</h2>
@ -78,6 +79,7 @@
          </form>
      </div>
    </section>
+    {% endif %}

 </div>
 {% endblock %}
--- a/bookwyrm/templates/groups/suggested_users.html
+++ b/bookwyrm/templates/groups/suggested_users.html
@ -3,7 +3,6 @@
 {% load humanize %}

 {% if suggested_users %}
-<div class="columns is-mobile scroll-x mb-0">
    {% for user in suggested_users %}
    <div class="column is-flex is-flex-grow-0">
        <div class="box has-text-centered is-shadowless has-background-white-bis m-0">
@ -37,7 +36,7 @@
    </div>
    {% endfor %}
    {% else %}
-    No potential members found for "{{ query }}"
+    <div >
+      No potential members found for "{{ query }}"
+    </div>
 {% endif %}
-</div>
-
--- a/bookwyrm/views/group.py
+++ b/bookwyrm/views/group.py
@ -114,6 +114,12 @@ class FindUsers(View):

        group = get_object_or_404(models.BookwyrmGroup, id=group_id)

+        if not group:
+            return HttpResponseBadRequest()
+
+        if not group.user == request.user:
+            return HttpResponseBadRequest()
+
        data = {
          "suggested_users": user_results,
          "group": group,
@ -186,7 +192,18 @@ def remove_member(request):
        except IntegrityError:
            pass

-        # TODO: should send notification to all members including the now ex-member that they have been removed.
+        # let the other members know about it
+        model = apps.get_model("bookwyrm.Notification", require_ready=True)
+        memberships = models.BookwyrmGroupMember.objects.get(group=group)
+        for membership in memberships:
+            member = membership.user 
+            if member != request.user:
+                model.objects.create(
+                    user=member,
+                    related_user=request.user,
+                    related_group=request.group,
+                    notification_type="REMOVE",
+                )

    return redirect(user.local_path)