fix filters for group members to see and edit group lists

bookwyrm/templates/lists/form.html

@@ -37,14 +37,14 @@
                 <input type="radio" name="curation" value="group"{% if list.curation == 'group' %} checked{% endif %} > {% trans "Group" %}
                 <p class="help mb-2">{% trans "Group members can add to and remove from this list" %}</p>
                 <fieldset class="{% if list.curation != 'group' %}is-hidden{% endif %}" id="list_group_selector">
-                  {% if user_groups %}
+                  {% if user.memberships %}
                 <label class="label" for="id_group" id="group">{% trans "Select Group" %}</label>
                 <div class="field has-addons">
                     <div class="select control">
                         <select name="group" id="id_group">
                             <option value="" disabled {% if not list.group %} selected{% endif %}>{% trans "Select a list" %}</option>
-                            {% for group in user_groups %}
-                            <option value="{{ group.id }}" {% if list.group.id == group.id %} selected{% endif %}>{{ group.name }}</option>
+                            {% for membership in user.memberships.all %}
+                            <option value="{{ membership.group.id }}" {% if list.group.id == membership.group.id %} selected{% endif %}>{{ membership.group.name }}</option>
                             {% endfor %}
                         </select>
                     </div>

bookwyrm/templates/lists/list.html

@@ -1,6 +1,7 @@
 {% extends 'lists/layout.html' %}
 {% load i18n %}
 {% load bookwyrm_tags %}
+{% load bookwyrm_group_tags %}
 {% load markdown %}
 
 {% block panel %}
@@ -16,7 +17,7 @@
     <section class="column is-three-quarters">
         {% if request.GET.updated %}
         <div class="notification is-primary">
-            {% if list.curation != "open" and request.user != list.user %}
+            {% if list.curation != "open" and request.user != list.user and not list.group|is_member:request.user %}
             {% trans "You successfully suggested a book for this list!" %}
             {% else %}
             {% trans "You successfully added a book to this list!" %}
@@ -66,7 +67,7 @@
                             <p>{% blocktrans with username=item.user.display_name user_path=item.user.local_path %}Added by <a href="{{ user_path }}">{{ username }}</a>{% endblocktrans %}</p>
                             </div>
                         </div>
-                        {% if list.user == request.user or list.curation == 'open' and item.user == request.user %}
+                        {% if list.user == request.user or list.curation == 'open' and item.user == request.user or list.group|is_member:request.user %}
                         <div class="card-footer-item">
                             <form name="set-position" method="post" action="{% url 'list-set-book-position' item.id %}">
                                 <div class="field has-addons mb-0">
@@ -123,7 +124,7 @@
         </form>
     {% if request.user.is_authenticated and not list.curation == 'closed' or request.user == list.user %}
         <h2 class="title is-5 mt-6">
-            {% if list.curation == 'open' or request.user == list.user or is_group_member %}
+            {% if list.curation == 'open' or request.user == list.user or list.group|is_member:request.user %}
                 {% trans "Add Books" %}
             {% else %}
                 {% trans "Suggest Books" %}
@@ -176,7 +177,7 @@
                             {% csrf_token %}
                             <input type="hidden" name="book" value="{{ book.id }}">
                             <input type="hidden" name="list" value="{{ list.id }}">
-                            <button type="submit" class="button is-small is-link">{% if list.curation == 'open' or request.user == list.user or is_group_member %}{% trans "Add" %}{% else %}{% trans "Suggest" %}{% endif %}</button>
+                            <button type="submit" class="button is-small is-link">{% if list.curation == 'open' or request.user == list.user or list.group|is_member:request.user %}{% trans "Add" %}{% else %}{% trans "Suggest" %}{% endif %}</button>
                         </form>
                     </div>
                 </div>

bookwyrm/views/list.py

@@ -45,13 +45,9 @@ class Lists(View):
         lists = privacy_filter(
             request.user, lists, privacy_levels=["public", "followers"]
         )
-
-        user_groups = models.Group.objects.filter(members=request.user).order_by("-updated_date")
-
         paginated = Paginator(lists, 12)
         data = {
             "lists": paginated.get_page(request.GET.get("page")),
-            "user_groups": user_groups,
             "list_form": forms.ListForm(),
             "path": "/list",
         }
@@ -96,14 +92,12 @@ class UserLists(View):
         user = get_user_from_username(request.user, username)
         lists = models.List.objects.filter(user=user)
         lists = privacy_filter(request.user, lists)
-        user_groups = models.Group.objects.filter(members=request.user).order_by("-updated_date")
         paginated = Paginator(lists, 12)
 
         data = {
             "user": user,
             "is_self": request.user.id == user.id,
             "lists": paginated.get_page(request.GET.get("page")),
-            "user_groups": user_groups,
             "list_form": forms.ListForm(),
             "path": user.local_path + "/lists",
         }
@@ -176,8 +170,6 @@ class List(View):
                     ).order_by("-updated_date")
                 ][: 5 - len(suggestions)]
 
-        user_groups = models.Group.objects.filter(members=request.user).order_by("-updated_date")
-        is_group_member = book_list.group in user_groups
         page = paginated.get_page(request.GET.get("page"))
         data = {
             "list": book_list,
@@ -191,9 +183,7 @@ class List(View):
             "query": query or "",
             "sort_form": forms.SortListForm(
                 {"direction": direction, "sort_by": sort_by}
-            ),
-            "user_groups": user_groups,
-            "is_group_member": is_group_member
+            )
         }
         return TemplateResponse(request, "lists/list.html", data)
 
@@ -296,8 +286,7 @@ def add_book(request):
     book_list = get_object_or_404(models.List, id=request.POST.get("list"))
     is_group_member = False
     if book_list.curation == "group":
-        user_groups = models.Group.objects.filter(members=request.user).order_by("-updated_date")
-        is_group_member = book_list.group in user_groups
+        is_group_member = models.GroupMember.objects.filter(group=book_list.group, user=request.user).exists()
     if not book_list.visible_to_user(request.user):
         return HttpResponseNotFound()
 
@@ -350,8 +339,8 @@ def remove_book(request, list_id):
     with transaction.atomic():
         book_list = get_object_or_404(models.List, id=list_id)
         item = get_object_or_404(models.ListItem, id=request.POST.get("item"))
-
-        if not book_list.user == request.user and not item.user == request.user:
+        is_group_member = models.GroupMember.objects.filter(group=book_list.group, user=request.user).exists()
+        if not book_list.user == request.user and not item.user == request.user and not is_group_member:
             return HttpResponseNotFound()
 
         deleted_order = item.order