Changes visiblity function to raise

2021-09-27 15:54:58 -07:00 · 2021-09-27 15:54:58 -07:00 · 3f10ae248a
parent 3657f9e0df
commit 3f10ae248a
2 changed files with 29 additions and 22 deletions
--- a/bookwyrm/models/base_model.py
+++ b/bookwyrm/models/base_model.py
@ -5,6 +5,7 @@ from Crypto import Random
 from django.core.exceptions import PermissionDenied
 from django.db import models
 from django.dispatch import receiver
+from django.http import Http404
 from django.utils.translation import gettext_lazy as _

 from bookwyrm.settings import DOMAIN
@ -50,26 +51,26 @@ class BookWyrmModel(models.Model):
        """how to link to this object in the local app"""
        return self.get_remote_id().replace(f"https://{DOMAIN}", "")

-    def visible_to_user(self, viewer):
+    def raise_visible_to_user(self, viewer):
        """is a user authorized to view an object?"""
        # make sure this is an object with privacy owned by a user
        if not hasattr(self, "user") or not hasattr(self, "privacy"):
-            return None
+            return

        # viewer can't see it if the object's owner blocked them
        if viewer in self.user.blocks.all():
-            return False
+            raise Http404()

        # you can see your own posts and any public or unlisted posts
        if viewer == self.user or self.privacy in ["public", "unlisted"]:
-            return True
+            return

        # you can see the followers only posts of people you follow
        if (
            self.privacy == "followers"
            and self.user.followers.filter(id=viewer.id).first()
        ):
-            return True
+            return

        # you can see dms you are tagged in
        if hasattr(self, "mention_users"):
@ -77,8 +78,8 @@ class BookWyrmModel(models.Model):
                self.privacy == "direct"
                and self.mention_users.filter(id=viewer.id).first()
            ):
-                return True
-        return False
+                return
+        raise Http404()

    def raise_not_editable(self, viewer):
        """does this user have permission to edit this object? liable to be overwritten
@ -90,7 +91,7 @@ class BookWyrmModel(models.Model):
        if self.user == viewer:
            return

-        raise PermissionDenied
+        raise PermissionDenied()

    def raise_not_deletable(self, viewer):
        """does this user have permission to delete this object? liable to be
@ -102,7 +103,7 @@ class BookWyrmModel(models.Model):
        if self.user == viewer or viewer.has_perm("moderate_post"):
            return

-        raise PermissionDenied
+        raise PermissionDenied()



--- a/bookwyrm/tests/models/test_base_model.py
+++ b/bookwyrm/tests/models/test_base_model.py
@ -1,5 +1,6 @@
 """ testing models """
 from unittest.mock import patch
+from django.http import Http404
 from django.test import TestCase

 from bookwyrm import models
@ -39,14 +40,14 @@ class BaseModel(TestCase):
        """these should be generated"""
        self.test_model.id = 1
        expected = self.test_model.get_remote_id()
-        self.assertEqual(expected, "https://%s/bookwyrmtestmodel/1" % DOMAIN)
+        self.assertEqual(expected, f"https://{DOMAIN}/bookwyrmtestmodel/1")

    def test_remote_id_with_user(self):
        """format of remote id when there's a user object"""
        self.test_model.user = self.local_user
        self.test_model.id = 1
        expected = self.test_model.get_remote_id()
-        self.assertEqual(expected, "https://%s/user/mouse/bookwyrmtestmodel/1" % DOMAIN)
+        self.assertEqual(expected, f"https://{DOMAIN}/user/mouse/bookwyrmtestmodel/1")

    def test_set_remote_id(self):
        """this function sets remote ids after creation"""
@ -56,7 +57,7 @@ class BaseModel(TestCase):
        instance.remote_id = None
        base_model.set_remote_id(None, instance, True)
        self.assertEqual(
-            instance.remote_id, "https://%s/book/%d" % (DOMAIN, instance.id)
+            instance.remote_id, f"https://{DOMAIN}/book/{instance.id}"
        )

        # shouldn't set remote_id if it's not created
@ -70,28 +71,30 @@ class BaseModel(TestCase):
        obj = models.Status.objects.create(
            content="hi", user=self.remote_user, privacy="public"
        )
-        self.assertTrue(obj.visible_to_user(self.local_user))
+        self.assertIsNone(obj.raise_visible_to_user(self.local_user))

        obj = models.Shelf.objects.create(
            name="test", user=self.remote_user, privacy="unlisted"
        )
-        self.assertTrue(obj.visible_to_user(self.local_user))
+        self.assertIsNone(obj.raise_visible_to_user(self.local_user))

        obj = models.Status.objects.create(
            content="hi", user=self.remote_user, privacy="followers"
        )
-        self.assertFalse(obj.visible_to_user(self.local_user))
+        with self.assertRaise(Http404):
+            obj.raise_visible_to_user(self.local_user)

        obj = models.Status.objects.create(
            content="hi", user=self.remote_user, privacy="direct"
        )
-        self.assertFalse(obj.visible_to_user(self.local_user))
+        with self.assertRaise(Http404):
+            obj.raise_visible_to_user(self.local_user)

        obj = models.Status.objects.create(
            content="hi", user=self.remote_user, privacy="direct"
        )
        obj.mention_users.add(self.local_user)
-        self.assertTrue(obj.visible_to_user(self.local_user))
+        self.assertIsNone(obj.raise_visible_to_user(self.local_user))

    @patch("bookwyrm.activitystreams.add_status_task.delay")
    def test_object_visible_to_user_follower(self, _):
@ -100,18 +103,19 @@ class BaseModel(TestCase):
        obj = models.Status.objects.create(
            content="hi", user=self.remote_user, privacy="followers"
        )
-        self.assertTrue(obj.visible_to_user(self.local_user))
+        self.assertIsNone(obj.raise_visible_to_user(self.local_user))

        obj = models.Status.objects.create(
            content="hi", user=self.remote_user, privacy="direct"
        )
-        self.assertFalse(obj.visible_to_user(self.local_user))
+        with self.assertRaise(Http404):
+            obj.raise_visible_to_user(self.local_user)

        obj = models.Status.objects.create(
            content="hi", user=self.remote_user, privacy="direct"
        )
        obj.mention_users.add(self.local_user)
-        self.assertTrue(obj.visible_to_user(self.local_user))
+        self.assertIsNone(obj.raise_visible_to_user(self.local_user))

    @patch("bookwyrm.activitystreams.add_status_task.delay")
    def test_object_visible_to_user_blocked(self, _):
@ -120,9 +124,11 @@ class BaseModel(TestCase):
        obj = models.Status.objects.create(
            content="hi", user=self.remote_user, privacy="public"
        )
-        self.assertFalse(obj.visible_to_user(self.local_user))
+        with self.assertRaise(Http404):
+            obj.raise_visible_to_user(self.local_user)

        obj = models.Shelf.objects.create(
            name="test", user=self.remote_user, privacy="unlisted"
        )
-        self.assertFalse(obj.visible_to_user(self.local_user))
+        with self.assertRaise(Http404):
+            obj.raise_visible_to_user(self.local_user)