yul
/
bookwyrm-mastodon
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Uses new visible/editable/deleteable functions

This commit is contained in:
Mouse Reeve 2021-09-27 16:04:40 -07:00
parent e6ae500569
commit dfa8bafe18
9 changed files with 51 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
bookwyrm/views/block.py
View File

@ -1,6 +1,5 @@
""" views for actions you can take in the application """ """ views for actions you can take in the application """
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.http import HttpResponseNotFound
from django.shortcuts import get_object_or_404, redirect from django.shortcuts import get_object_or_404, redirect
from django.template.response import TemplateResponse from django.template.response import TemplateResponse
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
@ -32,12 +31,10 @@ class Block(View):
def unblock(request, user_id): def unblock(request, user_id):
"""undo a block""" """undo a block"""
to_unblock = get_object_or_404(models.User, id=user_id) to_unblock = get_object_or_404(models.User, id=user_id)
try: block = get_object_or_404(
block = models.UserBlocks.objects.get( models.UserBlocks,
user_subject=request.user, user_subject=request.user,
user_object=to_unblock, user_object=to_unblock,
) )
except models.UserBlocks.DoesNotExist:
return HttpResponseNotFound()
block.delete() block.delete()
return redirect("prefs-block") return redirect("prefs-block")

17
bookwyrm/views/feed.py
View File

@ -3,6 +3,7 @@ from django.contrib.auth.decorators import login_required
from django.core.paginator import Paginator from django.core.paginator import Paginator
from django.db.models import Q from django.db.models import Q
from django.http import HttpResponseNotFound, Http404 from django.http import HttpResponseNotFound, Http404
from django.shortcuts import get_object_or_404
from django.template.response import TemplateResponse from django.template.response import TemplateResponse
from django.utils import timezone from django.utils import timezone
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
@ -93,17 +94,12 @@ class Status(View):
def get(self, request, username, status_id): def get(self, request, username, status_id):
"""display a particular status (and replies, etc)""" """display a particular status (and replies, etc)"""
try: user = get_user_from_username(request.user, username)
user = get_user_from_username(request.user, username) status = get_object_or_404(models.Status.objects.select_subclasses(),
status = models.Status.objects.select_subclasses().get( user=user, id=status_id, deleted=False
user=user, id=status_id, deleted=False )
)
except (ValueError, models.Status.DoesNotExist):
return HttpResponseNotFound()
# make sure the user is authorized to see the status # make sure the user is authorized to see the status
if not status.visible_to_user(request.user): status.raise_visible_to_user(request.user)
return HttpResponseNotFound()
if is_api_request(request): if is_api_request(request):
return ActivitypubResponse( return ActivitypubResponse(
@ -133,6 +129,7 @@ class Replies(View):
status = models.Status.objects.get(id=status_id) status = models.Status.objects.get(id=status_id)
if status.user.localname != username: if status.user.localname != username:
return HttpResponseNotFound() return HttpResponseNotFound()
status.raise_visible_to_user(request.user)
return ActivitypubResponse(status.to_replies(**request.GET)) return ActivitypubResponse(status.to_replies(**request.GET))

13
bookwyrm/views/follow.py
View File

@ -1,8 +1,7 @@
""" views for actions you can take in the application """ """ views for actions you can take in the application """
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.db import IntegrityError from django.db import IntegrityError
from django.http import HttpResponseBadRequest from django.shortcuts import get_object_or_404, redirect
from django.shortcuts import redirect
from django.views.decorators.http import require_POST from django.views.decorators.http import require_POST
from bookwyrm import models from bookwyrm import models
@ -78,12 +77,10 @@ def delete_follow_request(request):
username = request.POST["user"] username = request.POST["user"]
requester = get_user_from_username(request.user, username) requester = get_user_from_username(request.user, username)
try: follow_request = get_object_or_404(models.UserFollowRequest,
follow_request = models.UserFollowRequest.objects.get( user_subject=requester, user_object=request.user
user_subject=requester, user_object=request.user )
) follow_request.raise_not_deletable(request.user)
except models.UserFollowRequest.DoesNotExist:
return HttpResponseBadRequest()
follow_request.delete() follow_request.delete()
return redirect(f"/user/{request.user.localname}") return redirect(f"/user/{request.user.localname}")

6
bookwyrm/views/get_started.py
View File

@ -5,7 +5,6 @@ from django.contrib.auth.decorators import login_required
from django.contrib.postgres.search import TrigramSimilarity from django.contrib.postgres.search import TrigramSimilarity
from django.db.models.functions import Greatest from django.db.models.functions import Greatest
from django.db.models import Count, Q from django.db.models import Count, Q
from django.http import HttpResponseNotFound
from django.shortcuts import get_object_or_404, redirect from django.shortcuts import get_object_or_404, redirect
from django.template.response import TemplateResponse from django.template.response import TemplateResponse
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
@ -91,9 +90,8 @@ class GetStartedBooks(View):
for (book_id, shelf_id) in shelve_actions: for (book_id, shelf_id) in shelve_actions:
book = get_object_or_404(models.Edition, id=book_id) book = get_object_or_404(models.Edition, id=book_id)
shelf = get_object_or_404(models.Shelf, id=shelf_id) shelf = get_object_or_404(models.Shelf, id=shelf_id)
if shelf.user != request.user: shelf.raise_not_editable(request.user)
# hmmmmm
return HttpResponseNotFound()
models.ShelfBook.objects.create(book=book, shelf=shelf, user=request.user) models.ShelfBook.objects.create(book=book, shelf=shelf, user=request.user)
return redirect(self.next_view) return redirect(self.next_view)

19
bookwyrm/views/goal.py
View File

@ -31,8 +31,7 @@ class Goal(View):
if not goal and year != timezone.now().year: if not goal and year != timezone.now().year:
return redirect("user-goal", username, current_year) return redirect("user-goal", username, current_year)
if goal and not goal.visible_to_user(request.user): goal.raise_visible_to_user(request.user)
return HttpResponseNotFound()
data = { data = {
"goal_form": forms.GoalForm(instance=goal), "goal_form": forms.GoalForm(instance=goal),
@ -45,12 +44,12 @@ class Goal(View):
def post(self, request, username, year): def post(self, request, username, year):
"""update or create an annual goal""" """update or create an annual goal"""
user = get_user_from_username(request.user, username)
if user != request.user:
return HttpResponseNotFound()
year = int(year) year = int(year)
goal = models.AnnualGoal.objects.filter(year=year, user=request.user).first() user = get_user_from_username(request.user, username)
goal = models.AnnualGoal.objects.filter(year=year, user=user).first()
if goal:
goal.raise_not_editable(request.user)
form = forms.GoalForm(request.POST, instance=goal) form = forms.GoalForm(request.POST, instance=goal)
if not form.is_valid(): if not form.is_valid():
data = { data = {
@ -62,11 +61,11 @@ class Goal(View):
goal = form.save() goal = form.save()
if request.POST.get("post-status"): if request.POST.get("post-status"):
# create status, if appropraite # create status, if appropriate
template = get_template("snippets/generated_status/goal.html") template = get_template("snippets/generated_status/goal.html")
create_generated_note( create_generated_note(
request.user, request.user,
template.render({"goal": goal, "user": request.user}).strip(), template.render({"goal": goal, "user": user}).strip(),
privacy=goal.privacy, privacy=goal.privacy,
) )
@ -78,5 +77,5 @@ class Goal(View):
def hide_goal(request): def hide_goal(request):
"""don't keep bugging people to set a goal""" """don't keep bugging people to set a goal"""
request.user.show_goal = False request.user.show_goal = False
request.user.save(broadcast=False) request.user.save(broadcast=False, update_fields=["show_goal"])
return redirect(request.headers.get("Referer", "/")) return redirect(request.headers.get("Referer", "/"))

18
bookwyrm/views/list.py
View File

@ -7,7 +7,7 @@ from django.core.paginator import Paginator
from django.db import IntegrityError, transaction from django.db import IntegrityError, transaction
from django.db.models import Avg, Count, DecimalField, Q, Max from django.db.models import Avg, Count, DecimalField, Q, Max
from django.db.models.functions import Coalesce from django.db.models.functions import Coalesce
from django.http import HttpResponseNotFound, HttpResponseBadRequest, HttpResponse from django.http import HttpResponseBadRequest, HttpResponse
from django.shortcuts import get_object_or_404, redirect from django.shortcuts import get_object_or_404, redirect
from django.template.response import TemplateResponse from django.template.response import TemplateResponse
from django.urls import reverse from django.urls import reverse
@ -110,8 +110,7 @@ class List(View):
def get(self, request, list_id): def get(self, request, list_id):
"""display a book list""" """display a book list"""
book_list = get_object_or_404(models.List, id=list_id) book_list = get_object_or_404(models.List, id=list_id)
if not book_list.visible_to_user(request.user): book_list.raise_visible_to_user(request.user)
return HttpResponseNotFound()
if is_api_request(request): if is_api_request(request):
return ActivitypubResponse(book_list.to_activity(**request.GET)) return ActivitypubResponse(book_list.to_activity(**request.GET))
@ -192,6 +191,8 @@ class List(View):
def post(self, request, list_id): def post(self, request, list_id):
"""edit a list""" """edit a list"""
book_list = get_object_or_404(models.List, id=list_id) book_list = get_object_or_404(models.List, id=list_id)
book_list.raise_not_editable(request.user)
form = forms.ListForm(request.POST, instance=book_list) form = forms.ListForm(request.POST, instance=book_list)
if not form.is_valid(): if not form.is_valid():
return redirect("list", book_list.id) return redirect("list", book_list.id)
@ -206,9 +207,7 @@ class Curate(View):
def get(self, request, list_id): def get(self, request, list_id):
"""display a pending list""" """display a pending list"""
book_list = get_object_or_404(models.List, id=list_id) book_list = get_object_or_404(models.List, id=list_id)
if not book_list.user == request.user: book_list.raise_not_editable(request.user)
# only the creater can curate the list
return HttpResponseNotFound()
data = { data = {
"list": book_list, "list": book_list,
@ -222,6 +221,8 @@ class Curate(View):
def post(self, request, list_id): def post(self, request, list_id):
"""edit a book_list""" """edit a book_list"""
book_list = get_object_or_404(models.List, id=list_id) book_list = get_object_or_404(models.List, id=list_id)
book_list.raise_not_editable(request.user)
suggestion = get_object_or_404(models.ListItem, id=request.POST.get("item")) suggestion = get_object_or_404(models.ListItem, id=request.POST.get("item"))
approved = request.POST.get("approved") == "true" approved = request.POST.get("approved") == "true"
if approved: if approved:
@ -269,7 +270,7 @@ def delete_list(request, list_id):
book_list = get_object_or_404(models.List, id=list_id) book_list = get_object_or_404(models.List, id=list_id)
# only the owner or a moderator can delete a list # only the owner or a moderator can delete a list
book_list.raise_not_editable(request.user) book_list.raise_not_deletable(request.user)
book_list.delete() book_list.delete()
return redirect("lists") return redirect("lists")
@ -280,8 +281,7 @@ def delete_list(request, list_id):
def add_book(request): def add_book(request):
"""put a book on a list""" """put a book on a list"""
book_list = get_object_or_404(models.List, id=request.POST.get("list")) book_list = get_object_or_404(models.List, id=request.POST.get("list"))
if not book_list.visible_to_user(request.user): book_list.raise_visible_to_user(request.user)
return HttpResponseNotFound()
book = get_object_or_404(models.Edition, id=request.POST.get("book")) book = get_object_or_404(models.Edition, id=request.POST.get("book"))
# do you have permission to add to the list? # do you have permission to add to the list?

19
bookwyrm/views/reading.py
View File

@ -45,9 +45,9 @@ class ReadingStatus(View):
if not identifier: if not identifier:
return HttpResponseBadRequest() return HttpResponseBadRequest()
desired_shelf = models.Shelf.objects.filter( desired_shelf = get_object_or_404(models.Shelf,
identifier=identifier, user=request.user identifier=identifier, user=request.user
).first() )
book = ( book = (
models.Edition.viewer_aware_objects(request.user) models.Edition.viewer_aware_objects(request.user)
@ -138,10 +138,7 @@ def update_readthrough_on_shelve(
def edit_readthrough(request): def edit_readthrough(request):
"""can't use the form because the dates are too finnicky""" """can't use the form because the dates are too finnicky"""
readthrough = get_object_or_404(models.ReadThrough, id=request.POST.get("id")) readthrough = get_object_or_404(models.ReadThrough, id=request.POST.get("id"))
readthrough.raise_not_editable(request.user)
# don't let people edit other people's data
if request.user != readthrough.user:
return HttpResponseBadRequest()
readthrough.start_date = load_date_in_user_tz_as_utc( readthrough.start_date = load_date_in_user_tz_as_utc(
request.POST.get("start_date"), request.user request.POST.get("start_date"), request.user
@ -178,10 +175,7 @@ def edit_readthrough(request):
def delete_readthrough(request): def delete_readthrough(request):
"""remove a readthrough""" """remove a readthrough"""
readthrough = get_object_or_404(models.ReadThrough, id=request.POST.get("id")) readthrough = get_object_or_404(models.ReadThrough, id=request.POST.get("id"))
readthrough.raise_not_deletable(request.user)
# don't let people edit other people's data
if request.user != readthrough.user:
return HttpResponseBadRequest()
readthrough.delete() readthrough.delete()
return redirect(request.headers.get("Referer", "/")) return redirect(request.headers.get("Referer", "/"))
@ -225,10 +219,7 @@ def load_date_in_user_tz_as_utc(date_str: str, user: models.User) -> datetime:
def delete_progressupdate(request): def delete_progressupdate(request):
"""remove a progress update""" """remove a progress update"""
update = get_object_or_404(models.ProgressUpdate, id=request.POST.get("id")) update = get_object_or_404(models.ProgressUpdate, id=request.POST.get("id"))
update.raise_not_deletable(request.user)
# don't let people edit other people's data
if request.user != update.user:
return HttpResponseBadRequest()
update.delete() update.delete()
return redirect(request.headers.get("Referer", "/")) return redirect(request.headers.get("Referer", "/"))

9
bookwyrm/views/user.py
View File

@ -1,6 +1,7 @@
""" non-interactive pages """ """ non-interactive pages """
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.core.paginator import Paginator from django.core.paginator import Paginator
from django.http import Http404
from django.shortcuts import redirect from django.shortcuts import redirect
from django.template.response import TemplateResponse from django.template.response import TemplateResponse
from django.utils import timezone from django.utils import timezone
@ -77,8 +78,12 @@ class User(View):
goal = models.AnnualGoal.objects.filter( goal = models.AnnualGoal.objects.filter(
user=user, year=timezone.now().year user=user, year=timezone.now().year
).first() ).first()
if goal and not goal.visible_to_user(request.user): if goal:
goal = None try:
goal.raise_visible_to_user(request.user)
except Http404:
goal = None
data = { data = {
"user": user, "user": user,
"is_self": is_self, "is_self": is_self,

6
bookwyrm/views/wellknown.py
View File

@ -3,6 +3,7 @@
from dateutil.relativedelta import relativedelta from dateutil.relativedelta import relativedelta
from django.http import HttpResponseNotFound from django.http import HttpResponseNotFound
from django.http import JsonResponse from django.http import JsonResponse
from django.shortcuts import get_object_or_404
from django.template.response import TemplateResponse from django.template.response import TemplateResponse
from django.utils import timezone from django.utils import timezone
from django.views.decorators.http import require_GET from django.views.decorators.http import require_GET
@ -19,10 +20,7 @@ def webfinger(request):
return HttpResponseNotFound() return HttpResponseNotFound()
username = resource.replace("acct:", "") username = resource.replace("acct:", "")
try: user = get_object_or_404(models.User, username__iexact=username)
user = models.User.objects.get(username__iexact=username)
except models.User.DoesNotExist:
return HttpResponseNotFound("No account found")
return JsonResponse( return JsonResponse(
{ {