From ec93d1812a9faefa3822034f4e01931b64730d66 Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Mon, 28 Feb 2022 12:04:47 -0800
Subject: [PATCH] Block access to follow views

---
 bookwyrm/views/user.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/bookwyrm/views/user.py b/bookwyrm/views/user.py
index 15ed5d29f..eaddf5852 100644
--- a/bookwyrm/views/user.py
+++ b/bookwyrm/views/user.py
@@ -1,5 +1,6 @@
 """ non-interactive pages """
 from django.contrib.auth.decorators import login_required
+from django.core.exceptions import PermissionDenied
 from django.core.paginator import Paginator
 from django.db.models import Q, Count
 from django.http import Http404
@@ -105,6 +106,9 @@ class Followers(View):
         if is_api_request(request):
             return ActivitypubResponse(user.to_followers_activity(**request.GET))
 
+        if user.hide_follows:
+            raise PermissionDenied()
+
         followers = annotate_if_follows(request.user, user.followers)
         paginated = Paginator(followers.all(), PAGE_LENGTH)
         data = {
@@ -125,6 +129,9 @@ class Following(View):
         if is_api_request(request):
             return ActivitypubResponse(user.to_following_activity(**request.GET))
 
+        if user.hide_follows:
+            raise PermissionDenied()
+
         following = annotate_if_follows(request.user, user.following)
         paginated = Paginator(following.all(), PAGE_LENGTH)
         data = {