forked from mirrors/bookwyrm
non-owners can't add users to groups
- hide add-user pages from non-owners - hide user searchbox from non-owners - fix find-user searchbox being in wrong place where no results
This commit is contained in:
parent
5237e88aba
commit
70e0128052
3 changed files with 23 additions and 5 deletions
|
@ -61,6 +61,7 @@
|
|||
{% include "snippets/pagination.html" with page=items %}
|
||||
</section>
|
||||
|
||||
{% if group.user == request.user %}
|
||||
<section class="column is-one-quarter">
|
||||
<div class="block">
|
||||
<h2 class="title is-5">Find new members</h2>
|
||||
|
@ -78,6 +79,7 @@
|
|||
</form>
|
||||
</div>
|
||||
</section>
|
||||
{% endif %}
|
||||
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
{% load humanize %}
|
||||
|
||||
{% if suggested_users %}
|
||||
<div class="columns is-mobile scroll-x mb-0">
|
||||
{% for user in suggested_users %}
|
||||
<div class="column is-flex is-flex-grow-0">
|
||||
<div class="box has-text-centered is-shadowless has-background-white-bis m-0">
|
||||
|
@ -37,7 +36,7 @@
|
|||
</div>
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
No potential members found for "{{ query }}"
|
||||
<div >
|
||||
No potential members found for "{{ query }}"
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
||||
|
|
|
@ -114,6 +114,12 @@ class FindUsers(View):
|
|||
|
||||
group = get_object_or_404(models.BookwyrmGroup, id=group_id)
|
||||
|
||||
if not group:
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
if not group.user == request.user:
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
data = {
|
||||
"suggested_users": user_results,
|
||||
"group": group,
|
||||
|
@ -186,7 +192,18 @@ def remove_member(request):
|
|||
except IntegrityError:
|
||||
pass
|
||||
|
||||
# TODO: should send notification to all members including the now ex-member that they have been removed.
|
||||
# let the other members know about it
|
||||
model = apps.get_model("bookwyrm.Notification", require_ready=True)
|
||||
memberships = models.BookwyrmGroupMember.objects.get(group=group)
|
||||
for membership in memberships:
|
||||
member = membership.user
|
||||
if member != request.user:
|
||||
model.objects.create(
|
||||
user=member,
|
||||
related_user=request.user,
|
||||
related_group=request.group,
|
||||
notification_type="REMOVE",
|
||||
)
|
||||
|
||||
return redirect(user.local_path)
|
||||
|
||||
|
|
Loading…
Reference in a new issue