non-owners can't add users to groups

- hide add-user pages from non-owners
- hide user searchbox from non-owners
- fix find-user searchbox being in wrong place where no results
This commit is contained in:
Hugh Rundle 2021-10-02 14:41:23 +10:00
parent 5237e88aba
commit 70e0128052
3 changed files with 23 additions and 5 deletions

View file

@ -61,6 +61,7 @@
{% include "snippets/pagination.html" with page=items %} {% include "snippets/pagination.html" with page=items %}
</section> </section>
{% if group.user == request.user %}
<section class="column is-one-quarter"> <section class="column is-one-quarter">
<div class="block"> <div class="block">
<h2 class="title is-5">Find new members</h2> <h2 class="title is-5">Find new members</h2>
@ -78,6 +79,7 @@
</form> </form>
</div> </div>
</section> </section>
{% endif %}
</div> </div>
{% endblock %} {% endblock %}

View file

@ -3,7 +3,6 @@
{% load humanize %} {% load humanize %}
{% if suggested_users %} {% if suggested_users %}
<div class="columns is-mobile scroll-x mb-0">
{% for user in suggested_users %} {% for user in suggested_users %}
<div class="column is-flex is-flex-grow-0"> <div class="column is-flex is-flex-grow-0">
<div class="box has-text-centered is-shadowless has-background-white-bis m-0"> <div class="box has-text-centered is-shadowless has-background-white-bis m-0">
@ -37,7 +36,7 @@
</div> </div>
{% endfor %} {% endfor %}
{% else %} {% else %}
No potential members found for "{{ query }}" <div >
No potential members found for "{{ query }}"
</div>
{% endif %} {% endif %}
</div>

View file

@ -114,6 +114,12 @@ class FindUsers(View):
group = get_object_or_404(models.BookwyrmGroup, id=group_id) group = get_object_or_404(models.BookwyrmGroup, id=group_id)
if not group:
return HttpResponseBadRequest()
if not group.user == request.user:
return HttpResponseBadRequest()
data = { data = {
"suggested_users": user_results, "suggested_users": user_results,
"group": group, "group": group,
@ -186,7 +192,18 @@ def remove_member(request):
except IntegrityError: except IntegrityError:
pass pass
# TODO: should send notification to all members including the now ex-member that they have been removed. # let the other members know about it
model = apps.get_model("bookwyrm.Notification", require_ready=True)
memberships = models.BookwyrmGroupMember.objects.get(group=group)
for membership in memberships:
member = membership.user
if member != request.user:
model.objects.create(
user=member,
related_user=request.user,
related_group=request.group,
notification_type="REMOVE",
)
return redirect(user.local_path) return redirect(user.local_path)