From ebaf82fb5e2f200b1d6247dedc7bcf2927be8560 Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 31 Dec 2023 13:02:37 -0500 Subject: [PATCH] anonymous user may see collection list if owner allows --- journal/models/common.py | 35 +++++++++++++++-------------------- journal/templates/review.html | 2 +- journal/views/collection.py | 10 +++++++++- users/views.py | 11 +++++++++++ 4 files changed, 36 insertions(+), 22 deletions(-) diff --git a/journal/models/common.py b/journal/models/common.py index 5642a0bd..d5bf48f1 100644 --- a/journal/models/common.py +++ b/journal/models/common.py @@ -29,12 +29,11 @@ class VisibilityType(models.IntegerChoices): def q_owned_piece_visible_to_user(viewing_user: User, owner: APIdentity): - if ( - not viewing_user - or not viewing_user.is_authenticated - or not viewing_user.identity - ): - return Q(owner=owner, visibility=0) + if not viewing_user or not viewing_user.is_authenticated: + if owner.anonymous_viewable: + return Q(owner=owner, visibility=0) + else: + return Q(pk__in=[]) viewer = viewing_user.identity if viewer == owner: return Q(owner=owner) @@ -47,11 +46,7 @@ def q_owned_piece_visible_to_user(viewing_user: User, owner: APIdentity): def max_visiblity_to_user(viewing_user: User, owner: APIdentity): - if ( - not viewing_user - or not viewing_user.is_authenticated - or not viewing_user.identity - ): + if not viewing_user or not viewing_user.is_authenticated: return 0 viewer = viewing_user.identity if viewer == owner: @@ -62,20 +57,20 @@ def max_visiblity_to_user(viewing_user: User, owner: APIdentity): return 0 -def q_piece_visible_to_user(user: User): - if not user or not user.is_authenticated or not user.identity: +def q_piece_visible_to_user(viewing_user: User): + if not viewing_user or not viewing_user.is_authenticated: return Q(visibility=0, owner__anonymous_viewable=True) + viewer = viewing_user.identity return ( Q(visibility=0) - | Q(owner_id__in=user.identity.following, visibility=1) - | Q(owner_id=user.identity.pk) - ) & ~Q(owner_id__in=user.identity.ignoring) + | Q(owner_id__in=viewer.following, visibility=1) + | Q(owner_id=viewer.pk) + ) & ~Q(owner_id__in=viewer.ignoring) -def q_piece_in_home_feed_of_user(user: User): - return Q(owner_id__in=user.identity.following, visibility__lt=2) | Q( - owner_id=user.identity.pk - ) +def q_piece_in_home_feed_of_user(viewing_user: User): + viewer = viewing_user.identity + return Q(owner_id__in=viewer.following, visibility__lt=2) | Q(viewer.pk) def q_item_in_category(item_category: ItemCategory | AvailableItemCategory): diff --git a/journal/templates/review.html b/journal/templates/review.html index e5b61dbc..8aba901e 100644 --- a/journal/templates/review.html +++ b/journal/templates/review.html @@ -63,7 +63,7 @@ {{ review.html_content | safe }} {% else %}

- 作者已设置为登录后可查看 + 作者已设置仅限登录用户查看

{% endif %} diff --git a/journal/views/collection.py b/journal/views/collection.py index fe6fe66b..27cafc74 100644 --- a/journal/views/collection.py +++ b/journal/views/collection.py @@ -12,7 +12,11 @@ from common.utils import AuthedHttpRequest, get_uuid_or_404 from mastodon.api import boost_toot_later, share_collection from users.models import User from users.models.apidentity import APIdentity -from users.views import render_user_blocked, render_user_not_found +from users.views import ( + render_user_blocked, + render_user_noanonymous, + render_user_not_found, +) from ..forms import * from ..models import * @@ -310,6 +314,8 @@ def collection_edit(request: AuthedHttpRequest, collection_uuid=None): @target_identity_required def user_collection_list(request: AuthedHttpRequest, user_name): target = request.target_identity + if not request.user.is_authenticated and not target.anonymous_viewable: + return render_user_noanonymous(request) collections = ( Collection.objects.filter(owner=target) .filter(q_owned_piece_visible_to_user(request.user, target)) @@ -330,6 +336,8 @@ def user_collection_list(request: AuthedHttpRequest, user_name): @target_identity_required def user_liked_collection_list(request: AuthedHttpRequest, user_name): target = request.target_identity + if not request.user.is_authenticated and not target.anonymous_viewable: + return render_user_noanonymous(request) collections = Collection.objects.filter( interactions__identity=target, interactions__interaction_type="like", diff --git a/users/views.py b/users/views.py index 5902339b..4a77750a 100644 --- a/users/views.py +++ b/users/views.py @@ -49,6 +49,17 @@ def render_user_blocked(request): ) +def render_user_noanonymous(request): + msg = _("作者已设置仅限登录用户查看") + return render( + request, + "common/error.html", + { + "msg": msg, + }, + ) + + def query_identity(request, handle): try: i = APIdentity.get_by_handler(handle)