yul/bookwyrm-mastodon
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

non-owners can't add users to groups

Browse Source 
- hide add-user pages from non-owners
- hide user searchbox from non-owners
- fix find-user searchbox being in wrong place where no results
This commit is contained in:
Hugh Rundle
2021-10-02 14:41:23 +10:00
parent 5237e88aba
commit 70e0128052
3 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
bookwyrm/views/group.py
View File

@ -114,6 +114,12 @@ class FindUsers(View):
group = get_object_or_404(models.BookwyrmGroup, id=group_id)
if not group:
return HttpResponseBadRequest()
if not group.user == request.user:
return HttpResponseBadRequest()
data = {
"suggested_users": user_results,
"group": group,
@ -186,7 +192,18 @@ def remove_member(request):
except IntegrityError:
pass
# TODO: should send notification to all members including the now ex-member that they have been removed.
# let the other members know about it
model = apps.get_model("bookwyrm.Notification", require_ready=True)
memberships = models.BookwyrmGroupMember.objects.get(group=group)
for membership in memberships:
member = membership.user
if member != request.user:
model.objects.create(
user=member,
related_user=request.user,
related_group=request.group,
notification_type="REMOVE",
)
return redirect(user.local_path)