rafaelcaricio/moviewyrm
1
0
Fork 0
forked from mirrors/bookwyrm
Code Issues 4 Pull requests Projects Releases Wiki Activity

Proper privacy on user page shelf previews

Browse source
This commit is contained in:
Mouse Reeve 2020-11-11 10:14:04 -08:00
parent c08be903b1
commit 1d0b7fa64f
1 changed files with 24 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
bookwyrm/views.py
View file

@ -323,25 +323,36 @@ def user_page(request, username):
return JsonResponse(user.to_activity(), encoder=ActivityEncoder) return JsonResponse(user.to_activity(), encoder=ActivityEncoder)
# otherwise we're at a UI view # otherwise we're at a UI view
shelves = [] shelf_preview = []
for user_shelf in user.shelf_set.all():
# only show other shelves that should be visible
shelves = user.shelf_set
is_self = request.user.id == user.id
if not is_self:
follower = user.followers.filter(id=request.user.id).exists()
if follower:
shelves = shelves.filter(privacy__in=['public', 'followers'])
else:
shelves = shelves.filter(privacy='public')
for user_shelf in shelves.all():
if not user_shelf.books.count(): if not user_shelf.books.count():
continue continue
shelves.append({ shelf_preview.append({
'name': user_shelf.name, 'name': user_shelf.name,
'remote_id': user_shelf.remote_id, 'remote_id': user_shelf.remote_id,
'books': user_shelf.books.all()[:3], 'books': user_shelf.books.all()[:3],
'size': user_shelf.books.count(), 'size': user_shelf.books.count(),
}) })
if len(shelves) > 2: if len(shelf_preview) > 2:
break break
data = { data = {
'title': user.name, 'title': user.name,
'user': user, 'user': user,
'is_self': request.user.id == user.id, 'is_self': is_self,
'shelves': shelves, 'shelves': shelf_preview,
'shelf_count': user.shelf_set.count(), 'shelf_count': shelves.count(),
'activities': get_activity_feed(user, 'self')[:15], 'activities': get_activity_feed(user, 'self')[:15],
} }
@ -394,12 +405,6 @@ def following_page(request, username):
return TemplateResponse(request, 'following.html', data) return TemplateResponse(request, 'following.html', data)
@csrf_exempt
def user_shelves_page(request, username):
''' list of followers '''
return shelf_page(request, username, None)
@csrf_exempt @csrf_exempt
def status_page(request, username, status_id): def status_page(request, username, status_id):
''' display a particular status (and replies, etc) ''' ''' display a particular status (and replies, etc) '''
@ -606,6 +611,12 @@ def tag_page(request, tag_id):
return TemplateResponse(request, 'tag.html', data) return TemplateResponse(request, 'tag.html', data)
@csrf_exempt
def user_shelves_page(request, username):
''' list of followers '''
return shelf_page(request, username, None)
def shelf_page(request, username, shelf_identifier): def shelf_page(request, username, shelf_identifier):
''' display a shelf ''' ''' display a shelf '''
try: try:
@ -632,7 +643,6 @@ def shelf_page(request, username, shelf_identifier):
if follower: if follower:
shelves = shelves.filter(privacy__in=['public', 'followers']) shelves = shelves.filter(privacy__in=['public', 'followers'])
else: else:
print('hi')
shelves = shelves.filter(privacy='public') shelves = shelves.filter(privacy='public')