From a05942fe15981f77761822ca1cc691d4658d76e5 Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Sun, 6 Aug 2023 18:23:57 -0700 Subject: [PATCH 1/2] Allow searching for local users when logged out --- bookwyrm/views/search.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/bookwyrm/views/search.py b/bookwyrm/views/search.py index bc3b2aa57..2b7303fd7 100644 --- a/bookwyrm/views/search.py +++ b/bookwyrm/views/search.py @@ -91,18 +91,15 @@ def book_search(request): def user_search(request): - """cool kids members only user search""" + """user search: search for a user""" viewer = request.user query = request.GET.get("q") query = query.strip() data = {"type": "user", "query": query} - # logged out viewers can't search users - if not viewer.is_authenticated: - return TemplateResponse(request, "search/user.html", data) # use webfinger for mastodon style account@domain.com username to load the user if # they don't exist locally (handle_remote_webfinger will check the db) - if re.match(regex.FULL_USERNAME, query): + if re.match(regex.FULL_USERNAME, query) and viewer.is_authenticated: handle_remote_webfinger(query) results = ( @@ -118,6 +115,11 @@ def user_search(request): ) .order_by("-similarity") ) + + # don't expose remote users + if not viewer.is_authenticated: + results = results.filter(local=True) + paginated = Paginator(results, PAGE_LENGTH) page = paginated.get_page(request.GET.get("page")) data["results"] = page From b3bfcf86651bad0f3892090311bae532ad29f26f Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Mon, 2 Oct 2023 10:02:42 -0700 Subject: [PATCH 2/2] Updates test for new logic --- bookwyrm/tests/views/test_search.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bookwyrm/tests/views/test_search.py b/bookwyrm/tests/views/test_search.py index bf7bb2a5b..28f8268e3 100644 --- a/bookwyrm/tests/views/test_search.py +++ b/bookwyrm/tests/views/test_search.py @@ -156,7 +156,7 @@ class Views(TestCase): response = view(request) validate_html(response.render()) - self.assertFalse("results" in response.context_data) + self.assertTrue("results" in response.context_data) def test_search_lists(self): """searches remote connectors"""