From 681f5482fdf50dbb1d05b8a37b4f9649fd4e4ccc Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Tue, 26 Jan 2021 08:07:38 -0800
Subject: [PATCH] Don't allow blocked users to access user page

---
 bookwyrm/views/user.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/bookwyrm/views/user.py b/bookwyrm/views/user.py
index 6f7873d5..2a4211b8 100644
--- a/bookwyrm/views/user.py
+++ b/bookwyrm/views/user.py
@@ -31,6 +31,11 @@ class User(View):
         except models.User.DoesNotExist:
             return HttpResponseNotFound()
 
+        # make sure we're not blocked
+        if request.user.is_authenticated:
+            if request.user in user.blocks.all():
+                return HttpResponseNotFound()
+
         if is_api_request(request):
             # we have a json request
             return ActivitypubResponse(user.to_activity())