mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-12-11 10:46:37 +00:00
non-owners can't add users to groups
- hide add-user pages from non-owners - hide user searchbox from non-owners - fix find-user searchbox being in wrong place where no results
This commit is contained in:
parent
5237e88aba
commit
70e0128052
3 changed files with 23 additions and 5 deletions
|
@ -61,6 +61,7 @@
|
||||||
{% include "snippets/pagination.html" with page=items %}
|
{% include "snippets/pagination.html" with page=items %}
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
{% if group.user == request.user %}
|
||||||
<section class="column is-one-quarter">
|
<section class="column is-one-quarter">
|
||||||
<div class="block">
|
<div class="block">
|
||||||
<h2 class="title is-5">Find new members</h2>
|
<h2 class="title is-5">Find new members</h2>
|
||||||
|
@ -78,6 +79,7 @@
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
</section>
|
</section>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
{% load humanize %}
|
{% load humanize %}
|
||||||
|
|
||||||
{% if suggested_users %}
|
{% if suggested_users %}
|
||||||
<div class="columns is-mobile scroll-x mb-0">
|
|
||||||
{% for user in suggested_users %}
|
{% for user in suggested_users %}
|
||||||
<div class="column is-flex is-flex-grow-0">
|
<div class="column is-flex is-flex-grow-0">
|
||||||
<div class="box has-text-centered is-shadowless has-background-white-bis m-0">
|
<div class="box has-text-centered is-shadowless has-background-white-bis m-0">
|
||||||
|
@ -37,7 +36,7 @@
|
||||||
</div>
|
</div>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% else %}
|
{% else %}
|
||||||
No potential members found for "{{ query }}"
|
<div >
|
||||||
|
No potential members found for "{{ query }}"
|
||||||
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
|
||||||
|
|
||||||
|
|
|
@ -114,6 +114,12 @@ class FindUsers(View):
|
||||||
|
|
||||||
group = get_object_or_404(models.BookwyrmGroup, id=group_id)
|
group = get_object_or_404(models.BookwyrmGroup, id=group_id)
|
||||||
|
|
||||||
|
if not group:
|
||||||
|
return HttpResponseBadRequest()
|
||||||
|
|
||||||
|
if not group.user == request.user:
|
||||||
|
return HttpResponseBadRequest()
|
||||||
|
|
||||||
data = {
|
data = {
|
||||||
"suggested_users": user_results,
|
"suggested_users": user_results,
|
||||||
"group": group,
|
"group": group,
|
||||||
|
@ -186,7 +192,18 @@ def remove_member(request):
|
||||||
except IntegrityError:
|
except IntegrityError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
# TODO: should send notification to all members including the now ex-member that they have been removed.
|
# let the other members know about it
|
||||||
|
model = apps.get_model("bookwyrm.Notification", require_ready=True)
|
||||||
|
memberships = models.BookwyrmGroupMember.objects.get(group=group)
|
||||||
|
for membership in memberships:
|
||||||
|
member = membership.user
|
||||||
|
if member != request.user:
|
||||||
|
model.objects.create(
|
||||||
|
user=member,
|
||||||
|
related_user=request.user,
|
||||||
|
related_group=request.group,
|
||||||
|
notification_type="REMOVE",
|
||||||
|
)
|
||||||
|
|
||||||
return redirect(user.local_path)
|
return redirect(user.local_path)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue