diff --git a/bookwyrm/templates/user/layout.html b/bookwyrm/templates/user/layout.html
index 357ad467..0d07b199 100755
--- a/bookwyrm/templates/user/layout.html
+++ b/bookwyrm/templates/user/layout.html
@@ -75,8 +75,7 @@
{% trans "Lists" %}
{% endif %}
-
- {% if is_self or user.groups_set.exists %}
+ {% if is_self or has_groups %}
{% url 'user-groups' user|username as url %}
{% trans "Groups" %}
diff --git a/bookwyrm/views/group.py b/bookwyrm/views/group.py
index 9319b659..dfb44a4c 100644
--- a/bookwyrm/views/group.py
+++ b/bookwyrm/views/group.py
@@ -23,9 +23,17 @@ class Group(View):
def get(self, request, group_id):
"""display a group"""
+ # TODO: use get_or_404?
+ # TODO: what is the difference between privacy filter and visible to user?
+ # get_object_or_404(models.Group, id=group_id)
group = models.Group.objects.get(id=group_id)
lists = models.List.objects.filter(group=group).order_by("-updated_date")
lists = privacy_filter(request.user, lists)
+
+ # don't show groups to users who shouldn't see them
+ if not group.visible_to_user(request.user):
+ return HttpResponseNotFound()
+
data = {
"group": group,
"lists": lists,
@@ -58,7 +66,7 @@ class UserGroups(View):
data = {
"user": user,
- "is_self": request.user.id == user.id, # CHECK is this relevant here?
+ "has_groups": models.GroupMember.objects.filter(user=user).exists(),
"groups": paginated.get_page(request.GET.get("page")),
"group_form": forms.GroupForm(),
"path": user.local_path + "/group",
diff --git a/bookwyrm/views/user.py b/bookwyrm/views/user.py
index 63194ceb..d3f52e72 100644
--- a/bookwyrm/views/user.py
+++ b/bookwyrm/views/user.py
@@ -83,6 +83,7 @@ class User(View):
data = {
"user": user,
"is_self": is_self,
+ "has_groups": models.GroupMember.objects.filter(user=user).exists(),
"shelves": shelf_preview,
"shelf_count": shelves.count(),
"activities": paginated.get_page(request.GET.get("page", 1)),