forked from mirrors/bookwyrm
Better user block privacy
This commit is contained in:
parent
a617302006
commit
364b053d9a
8 changed files with 28 additions and 16 deletions
bookwyrm
|
@ -112,6 +112,16 @@ class User(OrderedCollectionPageMixin, AbstractUser):
|
|||
|
||||
activity_serializer = activitypub.Person
|
||||
|
||||
@classmethod
|
||||
def viewer_aware_objects(cls, viewer):
|
||||
''' the user queryset filtered for the context of the logged in user '''
|
||||
queryset = cls.objects.filter(is_active=True)
|
||||
if viewer.is_authenticated:
|
||||
queryset = queryset.exclude(
|
||||
blocks=viewer
|
||||
)
|
||||
return queryset
|
||||
|
||||
def to_outbox(self, filter_type=None, **kwargs):
|
||||
''' an ordered collection of statuses '''
|
||||
if filter_type:
|
||||
|
|
|
@ -56,12 +56,14 @@ class ViewsHelpers(TestCase):
|
|||
def test_get_user_from_username(self):
|
||||
''' works for either localname or username '''
|
||||
self.assertEqual(
|
||||
views.helpers.get_user_from_username('mouse'), self.local_user)
|
||||
views.helpers.get_user_from_username(
|
||||
self.local_user, 'mouse'), self.local_user)
|
||||
self.assertEqual(
|
||||
views.helpers.get_user_from_username(
|
||||
'mouse@local.com'), self.local_user)
|
||||
self.local_user, 'mouse@local.com'), self.local_user)
|
||||
with self.assertRaises(models.User.DoesNotExist):
|
||||
views.helpers.get_user_from_username('mojfse@example.com')
|
||||
views.helpers.get_user_from_username(
|
||||
self.local_user, 'mojfse@example.com')
|
||||
|
||||
|
||||
def test_is_api_request(self):
|
||||
|
|
|
@ -65,7 +65,7 @@ class DirectMessage(View):
|
|||
user = None
|
||||
if username:
|
||||
try:
|
||||
user = get_user_from_username(username)
|
||||
user = get_user_from_username(request.user, username)
|
||||
except models.User.DoesNotExist:
|
||||
pass
|
||||
if user:
|
||||
|
|
|
@ -13,7 +13,7 @@ def follow(request):
|
|||
''' follow another user, here or abroad '''
|
||||
username = request.POST['user']
|
||||
try:
|
||||
to_follow = get_user_from_username(username)
|
||||
to_follow = get_user_from_username(request.user, username)
|
||||
except models.User.DoesNotExist:
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
|
@ -33,7 +33,7 @@ def unfollow(request):
|
|||
''' unfollow a user '''
|
||||
username = request.POST['user']
|
||||
try:
|
||||
to_unfollow = get_user_from_username(username)
|
||||
to_unfollow = get_user_from_username(request.user, username)
|
||||
except models.User.DoesNotExist:
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
|
@ -52,7 +52,7 @@ def accept_follow_request(request):
|
|||
''' a user accepts a follow request '''
|
||||
username = request.POST['user']
|
||||
try:
|
||||
requester = get_user_from_username(username)
|
||||
requester = get_user_from_username(request.user, username)
|
||||
except models.User.DoesNotExist:
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
|
@ -75,7 +75,7 @@ def delete_follow_request(request):
|
|||
''' a user rejects a follow request '''
|
||||
username = request.POST['user']
|
||||
try:
|
||||
requester = get_user_from_username(username)
|
||||
requester = get_user_from_username(request.user, username)
|
||||
except models.User.DoesNotExist:
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
|
|
|
@ -9,13 +9,13 @@ from bookwyrm.status import create_generated_note
|
|||
from bookwyrm.utils import regex
|
||||
|
||||
|
||||
def get_user_from_username(username):
|
||||
def get_user_from_username(viewer, username):
|
||||
''' helper function to resolve a localname or a username to a user '''
|
||||
# raises DoesNotExist if user is now found
|
||||
try:
|
||||
return models.User.objects.get(localname=username)
|
||||
return models.User.viwer_aware_objects(viewer).get(localname=username)
|
||||
except models.User.DoesNotExist:
|
||||
return models.User.objects.get(username=username)
|
||||
return models.User.viewer_aware_objects(viewer).get(username=username)
|
||||
|
||||
|
||||
def is_api_request(request):
|
||||
|
|
|
@ -33,7 +33,7 @@ class Search(View):
|
|||
handle_remote_webfinger(query)
|
||||
|
||||
# do a user search
|
||||
user_results = models.User.objects.annotate(
|
||||
user_results = models.User.viewer_aware_objects(request.user).annotate(
|
||||
similarity=Greatest(
|
||||
TrigramSimilarity('username', query),
|
||||
TrigramSimilarity('localname', query),
|
||||
|
|
|
@ -19,7 +19,7 @@ class Shelf(View):
|
|||
def get(self, request, username, shelf_identifier):
|
||||
''' display a shelf '''
|
||||
try:
|
||||
user = get_user_from_username(username)
|
||||
user = get_user_from_username(request.user, username)
|
||||
except models.User.DoesNotExist:
|
||||
return HttpResponseNotFound()
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ class User(View):
|
|||
def get(self, request, username):
|
||||
''' profile page for a user '''
|
||||
try:
|
||||
user = get_user_from_username(username)
|
||||
user = get_user_from_username(request.user, username)
|
||||
except models.User.DoesNotExist:
|
||||
return HttpResponseNotFound()
|
||||
|
||||
|
@ -96,7 +96,7 @@ class Followers(View):
|
|||
def get(self, request, username):
|
||||
''' list of followers '''
|
||||
try:
|
||||
user = get_user_from_username(username)
|
||||
user = get_user_from_username(request.user, username)
|
||||
except models.User.DoesNotExist:
|
||||
return HttpResponseNotFound()
|
||||
|
||||
|
@ -121,7 +121,7 @@ class Following(View):
|
|||
def get(self, request, username):
|
||||
''' list of followers '''
|
||||
try:
|
||||
user = get_user_from_username(username)
|
||||
user = get_user_from_username(request.user, username)
|
||||
except models.User.DoesNotExist:
|
||||
return HttpResponseNotFound()
|
||||
|
||||
|
|
Loading…
Reference in a new issue