mirrors/bookwyrm
1
0
Fork 1
mirror of https://github.com/bookwyrm-social/bookwyrm.git synced 2025-02-08 23:32:21 +00:00
Code Issues Projects Releases Wiki Activity

Show posts based on privacy settings

Browse source
This commit is contained in:
Mouse Reeve 2020-10-27 15:41:53 -07:00
parent bf2538cab2
commit 9f291d8ebd
1 changed files with 28 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
bookwyrm/views.py
View file

@ -130,17 +130,22 @@ def get_activity_feed(user, filter_level, model=models.Status):
if filter_level in ['friends', 'home']: if filter_level in ['friends', 'home']:
# people you follow and direct mentions # people you follow and direct mentions
activities = activities.filter( activities = activities.filter(
Q(user__in=following, privacy='public') | \ Q(user__in=following, privacy__in=['public', 'unlisted', 'followers']) | \
Q(mention_users=user) Q(mention_users=user) | Q(user=user)
) )
elif filter_level == 'self': elif filter_level == 'self':
activities = activities.filter(user=user, privacy='public') activities = activities.filter(user=user, privacy='public')
elif filter_level == 'local': elif filter_level == 'local':
# everyone on this instance # everyone on this instance except unlisted
activities = activities.filter(user__local=True, privacy='public') activities = activities.filter(
Q(user__in=following, privacy='followers') | Q(privacy='public'),
user__local=True
)
else: else:
# all activities from everyone you federate with # all activities from everyone you federate with
activities = activities.filter(privacy='public') activities = activities.filter(
Q(user__in=following, privacy='followers') | Q(privacy='public')
)
return activities return activities
@ -386,9 +391,14 @@ def status_page(request, username, status_id):
except ValueError: except ValueError:
return HttpResponseNotFound() return HttpResponseNotFound()
# the url should have the poster's username in it
if user != status.user: if user != status.user:
return HttpResponseNotFound() return HttpResponseNotFound()
# make sure the user is authorized to see the status
if not status_visible_to_user(request.user, status):
return HttpResponseNotFound()
if is_api_request(request): if is_api_request(request):
return JsonResponse(status.to_activity(), encoder=ActivityEncoder) return JsonResponse(status.to_activity(), encoder=ActivityEncoder)
@ -397,6 +407,19 @@ def status_page(request, username, status_id):
} }
return TemplateResponse(request, 'status.html', data) return TemplateResponse(request, 'status.html', data)
def status_visible_to_user(viewer, status):
''' is a user authorized to view a status? '''
if viewer == status.user or status.privacy in ['public', 'unlisted']:
return True
if status.privacy == 'followers' and \
status.user.followers.filter(id=viewer.id).first():
return True
if status.privacy == 'direct' and \
status.mention_users.filter(id=viewer.id).first():
return True
return False
@csrf_exempt @csrf_exempt
def replies_page(request, username, status_id): def replies_page(request, username, status_id):