From 81e5ff5b76e087f301cff63193830b10a064985c Mon Sep 17 00:00:00 2001
From: Hugh Rundle <hugh@hughrundle.net>
Date: Mon, 27 Sep 2021 17:51:18 +1000
Subject: [PATCH] show groups on member pages if allowed

- display groups on user pages when not the logged in user
- restrict visibility of groups on user pages and group pages themselves according to privacy settings
---
 bookwyrm/templates/user/layout.html |  3 +--
 bookwyrm/views/group.py             | 10 +++++++++-
 bookwyrm/views/user.py              |  1 +
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/bookwyrm/templates/user/layout.html b/bookwyrm/templates/user/layout.html
index 357ad4679..0d07b199b 100755
--- a/bookwyrm/templates/user/layout.html
+++ b/bookwyrm/templates/user/layout.html
@@ -75,8 +75,7 @@
             <a href="{{ url }}">{% trans "Lists" %}</a>
         </li>
         {% endif %}
-        <!-- TODO: fix this: user.groups_set isn't what you think! -->
-        {% if is_self or user.groups_set.exists %}
+        {% if is_self or has_groups %}
         {% url 'user-groups' user|username as url %}
         <li{% if url in request.path %} class="is-active"{% endif %}>
             <a href="{{ url }}">{% trans "Groups" %}</a>
diff --git a/bookwyrm/views/group.py b/bookwyrm/views/group.py
index 9319b6599..dfb44a4c8 100644
--- a/bookwyrm/views/group.py
+++ b/bookwyrm/views/group.py
@@ -23,9 +23,17 @@ class Group(View):
     def get(self, request, group_id):
         """display a group"""
 
+        # TODO: use get_or_404?
+        # TODO: what is the difference between privacy filter and visible to user?
+        # get_object_or_404(models.Group, id=group_id)
         group = models.Group.objects.get(id=group_id) 
         lists = models.List.objects.filter(group=group).order_by("-updated_date")
         lists = privacy_filter(request.user, lists)
+
+        # don't show groups to users who shouldn't see them
+        if not group.visible_to_user(request.user):
+            return HttpResponseNotFound()
+
         data = {
             "group": group,
             "lists": lists,
@@ -58,7 +66,7 @@ class UserGroups(View):
 
         data = {
             "user": user,
-            "is_self": request.user.id == user.id, # CHECK is this relevant here?
+            "has_groups": models.GroupMember.objects.filter(user=user).exists(),
             "groups": paginated.get_page(request.GET.get("page")),
             "group_form": forms.GroupForm(),
             "path": user.local_path + "/group",
diff --git a/bookwyrm/views/user.py b/bookwyrm/views/user.py
index 63194ceb7..d3f52e729 100644
--- a/bookwyrm/views/user.py
+++ b/bookwyrm/views/user.py
@@ -83,6 +83,7 @@ class User(View):
         data = {
             "user": user,
             "is_self": is_self,
+            "has_groups": models.GroupMember.objects.filter(user=user).exists(),
             "shelves": shelf_preview,
             "shelf_count": shelves.count(),
             "activities": paginated.get_page(request.GET.get("page", 1)),