Makes visibility evaluator a model function

2021-04-11 09:26:12 -07:00
parent 26f16cf5a4
commit b6a7871b04
9 changed files with 101 additions and 95 deletions
--- a/bookwyrm/views/feed.py
+++ b/bookwyrm/views/feed.py
@ -12,7 +12,7 @@ from bookwyrm import activitystreams, forms, models
 from bookwyrm.activitypub import ActivitypubResponse
 from bookwyrm.settings import PAGE_LENGTH, STREAMS
 from .helpers import get_user_from_username, privacy_filter, get_suggested_users
-from .helpers import is_api_request, is_bookwyrm_request, object_visible_to_user
+from .helpers import is_api_request, is_bookwyrm_request


 # pylint: disable= no-self-use
@ -113,7 +113,7 @@ class Status(View):
            return HttpResponseNotFound()

        # make sure the user is authorized to see the status
-        if not object_visible_to_user(request.user, status):
+        if not status.visible_to_user(request.user):
            return HttpResponseNotFound()

        if is_api_request(request):
--- a/bookwyrm/views/goal.py
+++ b/bookwyrm/views/goal.py
@ -10,7 +10,7 @@ from django.views.decorators.http import require_POST

 from bookwyrm import forms, models
 from bookwyrm.status import create_generated_note
-from .helpers import get_user_from_username, object_visible_to_user
+from .helpers import get_user_from_username


 # pylint: disable= no-self-use
@ -26,7 +26,7 @@ class Goal(View):
        if not goal and user != request.user:
            return HttpResponseNotFound()

-        if goal and not object_visible_to_user(request.user, goal):
+        if goal and not goal.visible_to_user(request.user):
            return HttpResponseNotFound()

        data = {
--- a/bookwyrm/views/helpers.py
+++ b/bookwyrm/views/helpers.py
@ -32,30 +32,6 @@ def is_bookwyrm_request(request):
    return True


-def object_visible_to_user(viewer, obj):
-    """ is a user authorized to view an object? """
-    if not obj:
-        return False
-
-    # viewer can't see it if the object's owner blocked them
-    if viewer in obj.user.blocks.all():
-        return False
-
-    # you can see your own posts and any public or unlisted posts
-    if viewer == obj.user or obj.privacy in ["public", "unlisted"]:
-        return True
-
-    # you can see the followers only posts of people you follow
-    if obj.privacy == "followers" and obj.user.followers.filter(id=viewer.id).first():
-        return True
-
-    # you can see dms you are tagged in
-    if isinstance(obj, models.Status):
-        if obj.privacy == "direct" and obj.mention_users.filter(id=viewer.id).first():
-            return True
-    return False
-
-
 def privacy_filter(viewer, queryset, privacy_levels=None, following_only=False):
    """ filter objects that have "user" and "privacy" fields """
    privacy_levels = privacy_levels or ["public", "unlisted", "followers", "direct"]
--- a/bookwyrm/views/list.py
+++ b/bookwyrm/views/list.py
@ -13,7 +13,7 @@ from django.views.decorators.http import require_POST
 from bookwyrm import forms, models
 from bookwyrm.activitypub import ActivitypubResponse
 from bookwyrm.connectors import connector_manager
-from .helpers import is_api_request, object_visible_to_user, privacy_filter
+from .helpers import is_api_request, privacy_filter
 from .helpers import get_user_from_username

 # pylint: disable=no-self-use
@ -92,7 +92,7 @@ class List(View):
    def get(self, request, list_id):
        """ display a book list """
        book_list = get_object_or_404(models.List, id=list_id)
-        if not object_visible_to_user(request.user, book_list):
+        if not book_list.visible_to_user(request.user):
            return HttpResponseNotFound()

        if is_api_request(request):
@ -176,7 +176,7 @@ class Curate(View):
 def add_book(request):
    """ put a book on a list """
    book_list = get_object_or_404(models.List, id=request.POST.get("list"))
-    if not object_visible_to_user(request.user, book_list):
+    if not book_list.visible_to_user(request.user):
        return HttpResponseNotFound()

    book = get_object_or_404(models.Edition, id=request.POST.get("book"))
--- a/bookwyrm/views/shelf.py
+++ b/bookwyrm/views/shelf.py
@ -16,7 +16,7 @@ from bookwyrm import forms, models
 from bookwyrm.activitypub import ActivitypubResponse
 from bookwyrm.settings import PAGE_LENGTH
 from .helpers import is_api_request, get_edition, get_user_from_username
-from .helpers import handle_reading_status, privacy_filter, object_visible_to_user
+from .helpers import handle_reading_status, privacy_filter


 # pylint: disable= no-self-use
@ -43,7 +43,7 @@ class Shelf(View):
                shelf = user.shelf_set.get(identifier=shelf_identifier)
            except models.Shelf.DoesNotExist:
                return HttpResponseNotFound()
-            if not object_visible_to_user(request.user, shelf):
+            if not shelf.visible_to_user(request.user):
                return HttpResponseNotFound()
        # this is a constructed "all books" view, with a fake "shelf" obj
        else:
--- a/bookwyrm/views/user.py
+++ b/bookwyrm/views/user.py
@ -17,7 +17,7 @@ from bookwyrm import forms, models
 from bookwyrm.activitypub import ActivitypubResponse
 from bookwyrm.settings import PAGE_LENGTH
 from .helpers import get_user_from_username, is_api_request
-from .helpers import is_blocked, privacy_filter, object_visible_to_user
+from .helpers import is_blocked, privacy_filter


 # pylint: disable= no-self-use
@ -80,7 +80,7 @@ class User(View):
        goal = models.AnnualGoal.objects.filter(
            user=user, year=timezone.now().year
        ).first()
-        if not object_visible_to_user(request.user, goal):
+        if not goal.visible_to_user(request.user):
            goal = None
        data = {
            "user": user,