fix filters for group members to see and edit group lists

2024-12-02 06:21:09 +00:00 · 2021-10-02 18:09:15 +10:00 · 2021-10-02 18:09:15 +10:00 · 8496f24032
commit 8496f24032
parent 832a9b9890
3 changed files with 12 additions and 22 deletions
--- a/bookwyrm/templates/lists/form.html
+++ b/bookwyrm/templates/lists/form.html
@ -37,14 +37,14 @@
                <input type="radio" name="curation" value="group"{% if list.curation == 'group' %} checked{% endif %} > {% trans "Group" %}
                <p class="help mb-2">{% trans "Group members can add to and remove from this list" %}</p>
                <fieldset class="{% if list.curation != 'group' %}is-hidden{% endif %}" id="list_group_selector">
-                  {% if user_groups %}
+                  {% if user.memberships %}
                <label class="label" for="id_group" id="group">{% trans "Select Group" %}</label>
                <div class="field has-addons">
                    <div class="select control">
                        <select name="group" id="id_group">
                            <option value="" disabled {% if not list.group %} selected{% endif %}>{% trans "Select a list" %}</option>
-                            {% for group in user_groups %}
+                            {% for membership in user.memberships.all %}
-                            <option value="{{ group.id }}" {% if list.group.id == group.id %} selected{% endif %}>{{ group.name }}</option>
+                            <option value="{{ membership.group.id }}" {% if list.group.id == membership.group.id %} selected{% endif %}>{{ membership.group.name }}</option>
                            {% endfor %}
                        </select>
                    </div>
--- a/bookwyrm/templates/lists/list.html
+++ b/bookwyrm/templates/lists/list.html
@ -1,6 +1,7 @@
 {% extends 'lists/layout.html' %}
 {% load i18n %}
 {% load bookwyrm_tags %}
 {% load bookwyrm_group_tags %}
 {% load markdown %}
 {% block panel %}
@ -16,7 +17,7 @@
    <section class="column is-three-quarters">
        {% if request.GET.updated %}
        <div class="notification is-primary">
-            {% if list.curation != "open" and request.user != list.user %}
+            {% if list.curation != "open" and request.user != list.user and not list.group|is_member:request.user %}
            {% trans "You successfully suggested a book for this list!" %}
            {% else %}
            {% trans "You successfully added a book to this list!" %}
@ -66,7 +67,7 @@
                            <p>{% blocktrans with username=item.user.display_name user_path=item.user.local_path %}Added by <a href="{{ user_path }}">{{ username }}</a>{% endblocktrans %}</p>
                            </div>
                        </div>
-                        {% if list.user == request.user or list.curation == 'open' and item.user == request.user %}
+                        {% if list.user == request.user or list.curation == 'open' and item.user == request.user or list.group|is_member:request.user %}
                        <div class="card-footer-item">
                            <form name="set-position" method="post" action="{% url 'list-set-book-position' item.id %}">
                                <div class="field has-addons mb-0">
@ -123,7 +124,7 @@
        </form>
    {% if request.user.is_authenticated and not list.curation == 'closed' or request.user == list.user %}
        <h2 class="title is-5 mt-6">
-            {% if list.curation == 'open' or request.user == list.user or is_group_member %}
+            {% if list.curation == 'open' or request.user == list.user or list.group|is_member:request.user %}
                {% trans "Add Books" %}
            {% else %}
                {% trans "Suggest Books" %}
@ -176,7 +177,7 @@
                            {% csrf_token %}
                            <input type="hidden" name="book" value="{{ book.id }}">
                            <input type="hidden" name="list" value="{{ list.id }}">
-                            <button type="submit" class="button is-small is-link">{% if list.curation == 'open' or request.user == list.user or is_group_member %}{% trans "Add" %}{% else %}{% trans "Suggest" %}{% endif %}</button>
+                            <button type="submit" class="button is-small is-link">{% if list.curation == 'open' or request.user == list.user or list.group|is_member:request.user %}{% trans "Add" %}{% else %}{% trans "Suggest" %}{% endif %}</button>
                        </form>
                    </div>
                </div>
--- a/bookwyrm/views/list.py
+++ b/bookwyrm/views/list.py
@ -45,13 +45,9 @@ class Lists(View):
        lists = privacy_filter(
            request.user, lists, privacy_levels=["public", "followers"]
        )
        user_groups = models.Group.objects.filter(members=request.user).order_by("-updated_date")
        paginated = Paginator(lists, 12)
        data = {
            "lists": paginated.get_page(request.GET.get("page")),
            "user_groups": user_groups,
            "list_form": forms.ListForm(),
            "path": "/list",
        }
@ -96,14 +92,12 @@ class UserLists(View):
        user = get_user_from_username(request.user, username)
        lists = models.List.objects.filter(user=user)
        lists = privacy_filter(request.user, lists)
        user_groups = models.Group.objects.filter(members=request.user).order_by("-updated_date")
        paginated = Paginator(lists, 12)
        data = {
            "user": user,
            "is_self": request.user.id == user.id,
            "lists": paginated.get_page(request.GET.get("page")),
            "user_groups": user_groups,
            "list_form": forms.ListForm(),
            "path": user.local_path + "/lists",
        }
@ -176,8 +170,6 @@ class List(View):
                    ).order_by("-updated_date")
                ][: 5 - len(suggestions)]
        user_groups = models.Group.objects.filter(members=request.user).order_by("-updated_date")
        is_group_member = book_list.group in user_groups
        page = paginated.get_page(request.GET.get("page"))
        data = {
            "list": book_list,
@ -191,9 +183,7 @@ class List(View):
            "query": query or "",
            "sort_form": forms.SortListForm(
                {"direction": direction, "sort_by": sort_by}
-            ),
+            )
            "user_groups": user_groups,
            "is_group_member": is_group_member
        }
        return TemplateResponse(request, "lists/list.html", data)
@ -296,8 +286,7 @@ def add_book(request):
    book_list = get_object_or_404(models.List, id=request.POST.get("list"))
    is_group_member = False
    if book_list.curation == "group":
-        user_groups = models.Group.objects.filter(members=request.user).order_by("-updated_date")
+        is_group_member = models.GroupMember.objects.filter(group=book_list.group, user=request.user).exists()
        is_group_member = book_list.group in user_groups
    if not book_list.visible_to_user(request.user):
        return HttpResponseNotFound()
@ -350,8 +339,8 @@ def remove_book(request, list_id):
    with transaction.atomic():
        book_list = get_object_or_404(models.List, id=list_id)
        item = get_object_or_404(models.ListItem, id=request.POST.get("item"))
-
+        is_group_member = models.GroupMember.objects.filter(group=book_list.group, user=request.user).exists()
-        if not book_list.user == request.user and not item.user == request.user:
+        if not book_list.user == request.user and not item.user == request.user and not is_group_member:
            return HttpResponseNotFound()
        deleted_order = item.order