Better user block privacy

2021-02-23 12:41:37 -08:00 · 2021-02-23 12:41:37 -08:00 · 364b053d9a
commit 364b053d9a
parent a617302006
8 changed files with 28 additions and 16 deletions
--- a/bookwyrm/models/user.py
+++ b/bookwyrm/models/user.py
@ -112,6 +112,16 @@ class User(OrderedCollectionPageMixin, AbstractUser):
    activity_serializer = activitypub.Person
    @classmethod
    def viewer_aware_objects(cls, viewer):
        ''' the user queryset filtered for the context of the logged in user '''
        queryset = cls.objects.filter(is_active=True)
        if viewer.is_authenticated:
            queryset = queryset.exclude(
                blocks=viewer
            )
        return queryset
    def to_outbox(self, filter_type=None, **kwargs):
        ''' an ordered collection of statuses '''
        if filter_type:
--- a/bookwyrm/tests/views/test_helpers.py
+++ b/bookwyrm/tests/views/test_helpers.py
@ -56,12 +56,14 @@ class ViewsHelpers(TestCase):
    def test_get_user_from_username(self):
        ''' works for either localname or username '''
        self.assertEqual(
-            views.helpers.get_user_from_username('mouse'), self.local_user)
+            views.helpers.get_user_from_username(
                self.local_user, 'mouse'), self.local_user)
        self.assertEqual(
            views.helpers.get_user_from_username(
-                'mouse@local.com'), self.local_user)
+                self.local_user, 'mouse@local.com'), self.local_user)
        with self.assertRaises(models.User.DoesNotExist):
-            views.helpers.get_user_from_username('mojfse@example.com')
+            views.helpers.get_user_from_username(
                self.local_user, 'mojfse@example.com')
    def test_is_api_request(self):
--- a/bookwyrm/views/feed.py
+++ b/bookwyrm/views/feed.py
@ -65,7 +65,7 @@ class DirectMessage(View):
        user = None
        if username:
            try:
-                user = get_user_from_username(username)
+                user = get_user_from_username(request.user, username)
            except models.User.DoesNotExist:
                pass
        if user:
--- a/bookwyrm/views/follow.py
+++ b/bookwyrm/views/follow.py
@ -13,7 +13,7 @@ def follow(request):
    ''' follow another user, here or abroad '''
    username = request.POST['user']
    try:
-        to_follow = get_user_from_username(username)
+        to_follow = get_user_from_username(request.user, username)
    except models.User.DoesNotExist:
        return HttpResponseBadRequest()
@ -33,7 +33,7 @@ def unfollow(request):
    ''' unfollow a user '''
    username = request.POST['user']
    try:
-        to_unfollow = get_user_from_username(username)
+        to_unfollow = get_user_from_username(request.user, username)
    except models.User.DoesNotExist:
        return HttpResponseBadRequest()
@ -52,7 +52,7 @@ def accept_follow_request(request):
    ''' a user accepts a follow request '''
    username = request.POST['user']
    try:
-        requester = get_user_from_username(username)
+        requester = get_user_from_username(request.user, username)
    except models.User.DoesNotExist:
        return HttpResponseBadRequest()
@ -75,7 +75,7 @@ def delete_follow_request(request):
    ''' a user rejects a follow request '''
    username = request.POST['user']
    try:
-        requester = get_user_from_username(username)
+        requester = get_user_from_username(request.user, username)
    except models.User.DoesNotExist:
        return HttpResponseBadRequest()
--- a/bookwyrm/views/helpers.py
+++ b/bookwyrm/views/helpers.py
@ -9,13 +9,13 @@ from bookwyrm.status import create_generated_note
 from bookwyrm.utils import regex
-def get_user_from_username(username):
+def get_user_from_username(viewer, username):
    ''' helper function to resolve a localname or a username to a user '''
    # raises DoesNotExist if user is now found
    try:
-        return models.User.objects.get(localname=username)
+        return models.User.viwer_aware_objects(viewer).get(localname=username)
    except models.User.DoesNotExist:
-        return models.User.objects.get(username=username)
+        return models.User.viewer_aware_objects(viewer).get(username=username)
 def is_api_request(request):
--- a/bookwyrm/views/search.py
+++ b/bookwyrm/views/search.py
@ -33,7 +33,7 @@ class Search(View):
            handle_remote_webfinger(query)
        # do a  user search
-        user_results = models.User.objects.annotate(
+        user_results = models.User.viewer_aware_objects(request.user).annotate(
            similarity=Greatest(
                TrigramSimilarity('username', query),
                TrigramSimilarity('localname', query),
--- a/bookwyrm/views/shelf.py
+++ b/bookwyrm/views/shelf.py
@ -19,7 +19,7 @@ class Shelf(View):
    def get(self, request, username, shelf_identifier):
        ''' display a shelf '''
        try:
-            user = get_user_from_username(username)
+            user = get_user_from_username(request.user, username)
        except models.User.DoesNotExist:
            return HttpResponseNotFound()
--- a/bookwyrm/views/user.py
+++ b/bookwyrm/views/user.py
@ -26,7 +26,7 @@ class User(View):
    def get(self, request, username):
        ''' profile page for a user '''
        try:
-            user = get_user_from_username(username)
+            user = get_user_from_username(request.user, username)
        except models.User.DoesNotExist:
            return HttpResponseNotFound()
@ -96,7 +96,7 @@ class Followers(View):
    def get(self, request, username):
        ''' list of followers '''
        try:
-            user = get_user_from_username(username)
+            user = get_user_from_username(request.user, username)
        except models.User.DoesNotExist:
            return HttpResponseNotFound()
@ -121,7 +121,7 @@ class Following(View):
    def get(self, request, username):
        ''' list of followers '''
        try:
-            user = get_user_from_username(username)
+            user = get_user_from_username(request.user, username)
        except models.User.DoesNotExist:
            return HttpResponseNotFound()