anonymous user may see collection list if owner allows
This commit is contained in:
Your Name
Henri Dickson
parent
d6cee32ecd
commit
ebaf82fb5e
4 changed files with 36 additions and 22 deletions
|
|
@ -29,12 +29,11 @@ class VisibilityType(models.IntegerChoices):
|
|||
|
||||
|
||||
def q_owned_piece_visible_to_user(viewing_user: User, owner: APIdentity):
|
||||
if (
|
||||
not viewing_user
|
||||
or not viewing_user.is_authenticated
|
||||
or not viewing_user.identity
|
||||
):
|
||||
return Q(owner=owner, visibility=0)
|
||||
if not viewing_user or not viewing_user.is_authenticated:
|
||||
if owner.anonymous_viewable:
|
||||
return Q(owner=owner, visibility=0)
|
||||
else:
|
||||
return Q(pk__in=[])
|
||||
viewer = viewing_user.identity
|
||||
if viewer == owner:
|
||||
return Q(owner=owner)
|
||||
|
|
@ -47,11 +46,7 @@ def q_owned_piece_visible_to_user(viewing_user: User, owner: APIdentity):
|
|||
|
||||
|
||||
def max_visiblity_to_user(viewing_user: User, owner: APIdentity):
|
||||
if (
|
||||
not viewing_user
|
||||
or not viewing_user.is_authenticated
|
||||
or not viewing_user.identity
|
||||
):
|
||||
if not viewing_user or not viewing_user.is_authenticated:
|
||||
return 0
|
||||
viewer = viewing_user.identity
|
||||
if viewer == owner:
|
||||
|
|
@ -62,20 +57,20 @@ def max_visiblity_to_user(viewing_user: User, owner: APIdentity):
|
|||
return 0
|
||||
|
||||
|
||||
def q_piece_visible_to_user(user: User):
|
||||
if not user or not user.is_authenticated or not user.identity:
|
||||
def q_piece_visible_to_user(viewing_user: User):
|
||||
if not viewing_user or not viewing_user.is_authenticated:
|
||||
return Q(visibility=0, owner__anonymous_viewable=True)
|
||||
viewer = viewing_user.identity
|
||||
return (
|
||||
Q(visibility=0)
|
||||
| Q(owner_id__in=user.identity.following, visibility=1)
|
||||
| Q(owner_id=user.identity.pk)
|
||||
) & ~Q(owner_id__in=user.identity.ignoring)
|
||||
| Q(owner_id__in=viewer.following, visibility=1)
|
||||
| Q(owner_id=viewer.pk)
|
||||
) & ~Q(owner_id__in=viewer.ignoring)
|
||||
|
||||
|
||||
def q_piece_in_home_feed_of_user(user: User):
|
||||
return Q(owner_id__in=user.identity.following, visibility__lt=2) | Q(
|
||||
owner_id=user.identity.pk
|
||||
)
|
||||
def q_piece_in_home_feed_of_user(viewing_user: User):
|
||||
viewer = viewing_user.identity
|
||||
return Q(owner_id__in=viewer.following, visibility__lt=2) | Q(viewer.pk)
|
||||
|
||||
|
||||
def q_item_in_category(item_category: ItemCategory | AvailableItemCategory):
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@
|
|||
{{ review.html_content | safe }}
|
||||
{% else %}
|
||||
<p class="empty">
|
||||
<span>作者已设置为<a href="{% url 'users:login' %}?next={{ request.path }}">登录</a>后可查看</span>
|
||||
<span>作者已设置仅限<a href="{% url 'users:login' %}?next={{ request.path }}">登录</a>用户查看</span>
|
||||
</p>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -12,7 +12,11 @@ from common.utils import AuthedHttpRequest, get_uuid_or_404
|
|||
from mastodon.api import boost_toot_later, share_collection
|
||||
from users.models import User
|
||||
from users.models.apidentity import APIdentity
|
||||
from users.views import render_user_blocked, render_user_not_found
|
||||
from users.views import (
|
||||
render_user_blocked,
|
||||
render_user_noanonymous,
|
||||
render_user_not_found,
|
||||
)
|
||||
|
||||
from ..forms import *
|
||||
from ..models import *
|
||||
|
|
@ -310,6 +314,8 @@ def collection_edit(request: AuthedHttpRequest, collection_uuid=None):
|
|||
@target_identity_required
|
||||
def user_collection_list(request: AuthedHttpRequest, user_name):
|
||||
target = request.target_identity
|
||||
if not request.user.is_authenticated and not target.anonymous_viewable:
|
||||
return render_user_noanonymous(request)
|
||||
collections = (
|
||||
Collection.objects.filter(owner=target)
|
||||
.filter(q_owned_piece_visible_to_user(request.user, target))
|
||||
|
|
@ -330,6 +336,8 @@ def user_collection_list(request: AuthedHttpRequest, user_name):
|
|||
@target_identity_required
|
||||
def user_liked_collection_list(request: AuthedHttpRequest, user_name):
|
||||
target = request.target_identity
|
||||
if not request.user.is_authenticated and not target.anonymous_viewable:
|
||||
return render_user_noanonymous(request)
|
||||
collections = Collection.objects.filter(
|
||||
interactions__identity=target,
|
||||
interactions__interaction_type="like",
|
||||
|
|
|
|||
|
|
@ -49,6 +49,17 @@ def render_user_blocked(request):
|
|||
)
|
||||
|
||||
|
||||
def render_user_noanonymous(request):
|
||||
msg = _("作者已设置仅限登录用户查看")
|
||||
return render(
|
||||
request,
|
||||
"common/error.html",
|
||||
{
|
||||
"msg": msg,
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
def query_identity(request, handle):
|
||||
try:
|
||||
i = APIdentity.get_by_handler(handle)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue