Updates calls to privacy_filter

bookwyrm/activitystreams.py

@@ -8,7 +8,6 @@ from django.utils import timezone
 from bookwyrm import models
 from bookwyrm.redis_store import RedisStore, r
 from bookwyrm.tasks import app
-from bookwyrm.views.helpers import privacy_filter
 
 
 class ActivityStream(RedisStore):
@@ -43,7 +42,7 @@ class ActivityStream(RedisStore):
     def add_user_statuses(self, viewer, user):
         """add a user's statuses to another user's feed"""
         # only add the statuses that the viewer should be able to see (ie, not dms)
-        statuses = privacy_filter(viewer, user.status_set.all())
+        statuses = models.Status.privacy_filter(viewer).filter(user=user)
         self.bulk_add_objects_to_store(statuses, self.stream_id(viewer))
 
     def remove_user_statuses(self, viewer, user):
@@ -113,9 +112,8 @@ class ActivityStream(RedisStore):
 
     def get_statuses_for_user(self, user):  # pylint: disable=no-self-use
         """given a user, what statuses should they see on this stream"""
-        return privacy_filter(
+        return models.Status.privacy_filter(
             user,
-            models.Status.objects.select_subclasses(),
             privacy_levels=["public", "unlisted", "followers"],
         )
 
@@ -139,9 +137,8 @@ class HomeStream(ActivityStream):
         ).distinct()
 
     def get_statuses_for_user(self, user):
-        return privacy_filter(
+        return models.Status.privacy_filter(
             user,
-            models.Status.objects.select_subclasses(),
             privacy_levels=["public", "unlisted", "followers"],
             following_only=True,
         )
@@ -160,11 +157,10 @@ class LocalStream(ActivityStream):
 
     def get_statuses_for_user(self, user):
         # all public statuses by a local user
-        return privacy_filter(
+        return models.Status.privacy_filter(
             user,
-            models.Status.objects.select_subclasses().filter(user__local=True),
             privacy_levels=["public"],
-        )
+        ).filter(user__local=True)
 
 
 class BooksStream(ActivityStream):
@@ -197,50 +193,53 @@ class BooksStream(ActivityStream):
         books = user.shelfbook_set.values_list(
             "book__parent_work__id", flat=True
         ).distinct()
-        return privacy_filter(
+        return (
-            user,
+            models.Status.privacy_filter(
-            models.Status.objects.select_subclasses()
+                user,
+                privacy_levels=["public"],
+            )
             .filter(
                 Q(comment__book__parent_work__id__in=books)
                 | Q(quotation__book__parent_work__id__in=books)
                 | Q(review__book__parent_work__id__in=books)
                 | Q(mention_books__parent_work__id__in=books)
             )
-            .distinct(),
+            .distinct()
-            privacy_levels=["public"],
         )
 
     def add_book_statuses(self, user, book):
         """add statuses about a book to a user's feed"""
         work = book.parent_work
-        statuses = privacy_filter(
+        statuses = (
-            user,
+            models.Status.privacy_filter(
-            models.Status.objects.select_subclasses()
+                user,
+                privacy_levels=["public"],
+            )
             .filter(
                 Q(comment__book__parent_work=work)
                 | Q(quotation__book__parent_work=work)
                 | Q(review__book__parent_work=work)
                 | Q(mention_books__parent_work=work)
             )
-            .distinct(),
+            .distinct()
-            privacy_levels=["public"],
         )
         self.bulk_add_objects_to_store(statuses, self.stream_id(user))
 
     def remove_book_statuses(self, user, book):
         """add statuses about a book to a user's feed"""
         work = book.parent_work
-        statuses = privacy_filter(
+        statuses = (
-            user,
+            models.Status.privacy_filter(
-            models.Status.objects.select_subclasses()
+                user,
+                privacy_levels=["public"],
+            )
             .filter(
                 Q(comment__book__parent_work=work)
                 | Q(quotation__book__parent_work=work)
                 | Q(review__book__parent_work=work)
                 | Q(mention_books__parent_work=work)
             )
-            .distinct(),
+            .distinct()
-            privacy_levels=["public"],
         )
         self.bulk_remove_objects_from_store(statuses, self.stream_id(user))
 

bookwyrm/models/base_model.py

@@ -107,9 +107,7 @@ class BookWyrmModel(models.Model):
         raise PermissionDenied()
 
     @classmethod
-    def privacy_filter(
+    def privacy_filter(cls, viewer, privacy_levels=None, following_only=False):
-        cls, viewer, privacy_levels=None, following_only=False, **filters
-    ):
         """filter objects that have "user" and "privacy" fields"""
         queryset = cls.objects
         if hasattr(queryset, "select_subclasses"):

bookwyrm/templatetags/bookwyrm_tags.py

@@ -2,7 +2,7 @@
 from django import template
 from django.db.models import Avg
 
-from bookwyrm import models, views
+from bookwyrm import models
 
 
 register = template.Library()
@@ -11,8 +11,8 @@ register = template.Library()
 @register.filter(name="rating")
 def get_rating(book, user):
     """get the overall rating of a book"""
-    queryset = views.helpers.privacy_filter(
+    queryset = models.Review.privacy_filter(user).filter(
-        user, models.Review.objects.filter(book__parent_work__editions=book)
+        book__parent_work__editions=book
     )
     return queryset.aggregate(Avg("rating"))["rating__avg"]
 

bookwyrm/views/books/books.py

@@ -16,7 +16,7 @@ from bookwyrm.activitypub import ActivitypubResponse
 from bookwyrm.connectors import connector_manager
 from bookwyrm.connectors.abstract_connector import get_image
 from bookwyrm.settings import PAGE_LENGTH
-from bookwyrm.views.helpers import is_api_request, privacy_filter
+from bookwyrm.views.helpers import is_api_request
 
 
 # pylint: disable=no-self-use
@@ -48,8 +48,8 @@ class Book(View):
             raise Http404()
 
         # all reviews for all editions of the book
-        reviews = privacy_filter(
+        reviews = models.Review.privacy_filter(request.user).filter(
-            request.user, models.Review.objects.filter(book__parent_work__editions=book)
+            book__parent_work__editions=book
         )
 
         # the reviews to show
@@ -66,12 +66,9 @@ class Book(View):
         queryset = queryset.select_related("user").order_by("-published_date")
         paginated = Paginator(queryset, PAGE_LENGTH)
 
-        lists = privacy_filter(
+        lists = models.List.privacy_filter(request.user,).filter(
-            request.user,
+            listitem__approved=True,
-            models.List.objects.filter(
+            listitem__book__in=book.parent_work.editions.all(),
-                listitem__approved=True,
-                listitem__book__in=book.parent_work.editions.all(),
-            ),
         )
         data = {
             "book": book,

bookwyrm/views/feed.py

@@ -13,7 +13,7 @@ from bookwyrm import activitystreams, forms, models
 from bookwyrm.activitypub import ActivitypubResponse
 from bookwyrm.settings import PAGE_LENGTH, STREAMS
 from bookwyrm.suggested_users import suggested_users
-from .helpers import get_user_from_username, privacy_filter
+from .helpers import get_user_from_username
 from .helpers import is_api_request, is_bookwyrm_request
 
 
@@ -56,11 +56,15 @@ class DirectMessage(View):
     def get(self, request, username=None):
         """like a feed but for dms only"""
         # remove fancy subclasses of status, keep just good ol' notes
-        queryset = models.Status.objects.filter(
+        activities = (
-            review__isnull=True,
+            models.Status.privacy_filter(request.user, privacy_levels=["direct"])
-            comment__isnull=True,
+            .filter(
-            quotation__isnull=True,
+                review__isnull=True,
-            generatednote__isnull=True,
+                comment__isnull=True,
+                quotation__isnull=True,
+                generatednote__isnull=True,
+            )
+            .order_by("-published_date")
         )
 
         user = None
@@ -70,11 +74,7 @@ class DirectMessage(View):
             except Http404:
                 pass
         if user:
-            queryset = queryset.filter(Q(user=user) | Q(mention_users=user))
+            activities = activities.filter(Q(user=user) | Q(mention_users=user))
-
-        activities = privacy_filter(
-            request.user, queryset, privacy_levels=["direct"]
-        ).order_by("-published_date")
 
         paginated = Paginator(activities, PAGE_LENGTH)
         data = {
@@ -109,9 +109,11 @@ class Status(View):
                 status.to_activity(pure=not is_bookwyrm_request(request))
             )
 
-        visible_thread = privacy_filter(
+        visible_thread = (
-            request.user, models.Status.objects.filter(thread_id=status.thread_id)
+            models.Status.privacy_filter(request.user)
-        ).values_list("id", flat=True)
+            .filter(thread_id=status.thread_id)
+            .values_list("id", flat=True)
+        )
         visible_thread = list(visible_thread)
 
         ancestors = models.Status.objects.select_subclasses().raw(

bookwyrm/views/list.py

@@ -18,7 +18,7 @@ from django.views.decorators.http import require_POST
 from bookwyrm import book_search, forms, models
 from bookwyrm.activitypub import ActivitypubResponse
 from bookwyrm.settings import PAGE_LENGTH
-from .helpers import is_api_request, privacy_filter
+from .helpers import is_api_request
 from .helpers import get_user_from_username
 
 
@@ -30,9 +30,10 @@ class Lists(View):
         """display a book list"""
         # hide lists with no approved books
         lists = (
-            models.List.objects.annotate(
+            models.List.privacy_filter(
-                item_count=Count("listitem", filter=Q(listitem__approved=True))
+                request.user, privacy_levels=["public", "followers"]
             )
+            .annotate(item_count=Count("listitem", filter=Q(listitem__approved=True)))
             .filter(item_count__gt=0)
             .select_related("user")
             .prefetch_related("listitem_set")
@@ -40,10 +41,6 @@ class Lists(View):
             .distinct()
         )
 
-        lists = privacy_filter(
-            request.user, lists, privacy_levels=["public", "followers"]
-        )
-
         paginated = Paginator(lists, 12)
         data = {
             "lists": paginated.get_page(request.GET.get("page")),
@@ -89,8 +86,7 @@ class UserLists(View):
     def get(self, request, username):
         """display a book list"""
         user = get_user_from_username(request.user, username)
-        lists = models.List.objects.filter(user=user)
+        lists = models.List.privacy_filter(request.user).filter(user=user)
-        lists = privacy_filter(request.user, lists)
         paginated = Paginator(lists, 12)
 
         data = {

bookwyrm/views/rss_feed.py

@@ -4,7 +4,8 @@ from django.contrib.syndication.views import Feed
 from django.template.loader import get_template
 from django.utils.translation import gettext_lazy as _
 
-from .helpers import get_user_from_username, privacy_filter
+from bookwyrm import models
+from .helpers import get_user_from_username
 
 # pylint: disable=no-self-use, unused-argument
 class RssFeed(Feed):
@@ -35,11 +36,10 @@ class RssFeed(Feed):
 
     def items(self, obj):
         """the user's activity feed"""
-        return privacy_filter(
+        return models.Status.privacy_filter(
             obj,
-            obj.status_set.select_subclasses(),
             privacy_levels=["public", "unlisted"],
-        )
+        ).filter(user=obj)
 
     def item_link(self, item):
         """link to the status"""

bookwyrm/views/search.py

@@ -13,7 +13,7 @@ from bookwyrm.connectors import connector_manager
 from bookwyrm.book_search import search, format_search_result
 from bookwyrm.settings import PAGE_LENGTH
 from bookwyrm.utils import regex
-from .helpers import is_api_request, privacy_filter
+from .helpers import is_api_request
 from .helpers import handle_remote_webfinger
 
 
@@ -108,9 +108,8 @@ def user_search(query, viewer, *_):
 def list_search(query, viewer, *_):
     """any relevent lists?"""
     return (
-        privacy_filter(
+        models.List.privacy_filter(
             viewer,
-            models.List.objects,
             privacy_levels=["public", "followers"],
         )
         .annotate(

bookwyrm/views/shelf.py

@@ -17,7 +17,6 @@ from bookwyrm import forms, models
 from bookwyrm.activitypub import ActivitypubResponse
 from bookwyrm.settings import PAGE_LENGTH
 from .helpers import is_api_request, get_user_from_username
-from .helpers import privacy_filter
 
 
 # pylint: disable=no-self-use
@@ -33,7 +32,7 @@ class Shelf(View):
         if is_self:
             shelves = user.shelf_set.all()
         else:
-            shelves = privacy_filter(request.user, user.shelf_set).all()
+            shelves = models.Shelf.privacy_filter(request.user).filter(user=user).all()
 
         # get the shelf and make sure the logged in user should be able to see it
         if shelf_identifier:
@@ -58,16 +57,17 @@ class Shelf(View):
         if is_api_request(request):
             return ActivitypubResponse(shelf.to_activity(**request.GET))
 
-        reviews = models.Review.objects.filter(
+        reviews = models.Review.objects
+        if not is_self:
+            reviews = models.Review.privacy_filter(request.user)
+
+        reviews = reviews.filter(
             user=user,
             rating__isnull=False,
             book__id=OuterRef("id"),
             deleted=False,
         ).order_by("-published_date")
 
-        if not is_self:
-            reviews = privacy_filter(request.user, reviews)
-
         books = books.annotate(
             rating=Subquery(reviews.values("rating")[:1]),
             shelved_date=F("shelfbook__shelved_date"),

bookwyrm/views/user.py

@@ -12,7 +12,6 @@ from bookwyrm import models
 from bookwyrm.activitypub import ActivitypubResponse
 from bookwyrm.settings import PAGE_LENGTH
 from .helpers import get_user_from_username, is_api_request
-from .helpers import privacy_filter
 
 
 # pylint: disable=no-self-use
@@ -56,10 +55,10 @@ class User(View):
 
         # user's posts
         activities = (
-            privacy_filter(
+            models.Status.privacy_filter(
                 request.user,
-                user.status_set.select_subclasses(),
             )
+            .filter(user=user)
             .select_related(
                 "user",
                 "reply_parent",