Merge pull request #555 from mouse-reeve/blocking

Blocking

bookwyrm/views/__init__.py

@@ -1,6 +1,7 @@
 ''' make sure all our nice views are available '''
 from .authentication import Login, Register, Logout
 from .author import Author, EditAuthor
+from .block import Block, unblock
 from .books import Book, EditBook, Editions
 from .books import upload_cover, add_description, switch_edition, resolve_book
 from .direct_message import DirectMessage

bookwyrm/views/block.py

@@ -0,0 +1,58 @@
+''' views for actions you can take in the application '''
+from django.contrib.auth.decorators import login_required
+from django.http import HttpResponseNotFound
+from django.shortcuts import get_object_or_404, redirect
+from django.template.response import TemplateResponse
+from django.utils.decorators import method_decorator
+from django.views import View
+from django.views.decorators.http import require_POST
+
+from bookwyrm import models
+from bookwyrm.broadcast import broadcast
+
+# pylint: disable= no-self-use
+@method_decorator(login_required, name='dispatch')
+class Block(View):
+    ''' blocking users '''
+    def get(self, request):
+        ''' list of blocked users? '''
+        return TemplateResponse(
+            request, 'blocks.html', {'title': 'Blocked Users'})
+
+    def post(self, request, user_id):
+        ''' block a user '''
+        to_block = get_object_or_404(models.User, id=user_id)
+        block = models.UserBlocks.objects.create(
+            user_subject=request.user, user_object=to_block)
+        if not to_block.local:
+            broadcast(
+                request.user,
+                block.to_activity(),
+                privacy='direct',
+                direct_recipients=[to_block]
+            )
+        return redirect('/block')
+
+
+@require_POST
+@login_required
+def unblock(request, user_id):
+    ''' undo a block '''
+    to_unblock = get_object_or_404(models.User, id=user_id)
+    try:
+        block = models.UserBlocks.objects.get(
+            user_subject=request.user,
+            user_object=to_unblock,
+        )
+    except models.UserBlocks.DoesNotExist:
+        return HttpResponseNotFound()
+
+    if not to_unblock.local:
+        broadcast(
+            request.user,
+            block.to_undo_activity(request.user),
+            privacy='direct',
+            direct_recipients=[to_unblock]
+        )
+    block.delete()
+    return redirect('/block')

bookwyrm/views/helpers.py

@@ -38,11 +38,21 @@ def object_visible_to_user(viewer, obj):
     ''' is a user authorized to view an object? '''
     if not obj:
         return False
+
+    # viewer can't see it if the object's owner blocked them
+    if viewer in obj.user.blocks.all():
+        return False
+
+    # you can see your own posts and any public or unlisted posts
     if viewer == obj.user or obj.privacy in ['public', 'unlisted']:
         return True
+
+    # you can see the followers only posts of people you follow
     if obj.privacy == 'followers' and \
             obj.user.followers.filter(id=viewer.id).first():
         return True
+
+    # you can see dms you are tagged in
     if isinstance(obj, models.Status):
         if obj.privacy == 'direct' and \
                 obj.mention_users.filter(id=viewer.id).first():
@@ -61,6 +71,12 @@ def get_activity_feed(
     # exclude deleted
     queryset = queryset.exclude(deleted=True).order_by('-published_date')
 
+    # exclude blocks from both directions
+    if not user.is_anonymous:
+        blocked = models.User.objects.filter(id__in=user.blocks.all()).all()
+        queryset = queryset.exclude(
+            Q(user__in=blocked) | Q(user__blocks=user))
+
     # you can't see followers only or direct messages if you're not logged in
     if user.is_anonymous:
         privacy = [p for p in privacy if not p in ['followers', 'direct']]
@@ -174,3 +190,9 @@ def handle_reading_status(user, shelf, book, privacy):
     status.save()
 
     broadcast(user, status.to_create_activity(user))
+
+def is_blocked(viewer, user):
+    ''' is this viewer blocked by the user? '''
+    if viewer.is_authenticated and viewer in user.blocks.all():
+        return True
+    return False

bookwyrm/views/password.py

@@ -88,6 +88,14 @@ class PasswordReset(View):
 @method_decorator(login_required, name='dispatch')
 class ChangePassword(View):
     ''' change password as logged in user '''
+    def get(self, request):
+        ''' change password page '''
+        data = {
+            'title': 'Change Password',
+            'user': request.user,
+        }
+        return TemplateResponse(request, 'change_password.html', data)
+
     def post(self, request):
         ''' allow a user to change their password '''
         new_password = request.POST.get('password')

bookwyrm/views/user.py

@@ -18,7 +18,7 @@ from bookwyrm.activitypub import ActivitypubResponse
 from bookwyrm.broadcast import broadcast
 from bookwyrm.settings import PAGE_LENGTH
 from .helpers import get_activity_feed, get_user_from_username, is_api_request
-from .helpers import object_visible_to_user
+from .helpers import is_blocked, object_visible_to_user
 
 
 # pylint: disable= no-self-use
@@ -31,6 +31,10 @@ class User(View):
         except models.User.DoesNotExist:
             return HttpResponseNotFound()
 
+        # make sure we're not blocked
+        if is_blocked(request.user, user):
+            return HttpResponseNotFound()
+
         if is_api_request(request):
             # we have a json request
             return ActivitypubResponse(user.to_activity())
@@ -97,6 +101,10 @@ class Followers(View):
         except models.User.DoesNotExist:
             return HttpResponseNotFound()
 
+        # make sure we're not blocked
+        if is_blocked(request.user, user):
+            return HttpResponseNotFound()
+
         if is_api_request(request):
             return ActivitypubResponse(
                 user.to_followers_activity(**request.GET))
@@ -118,6 +126,10 @@ class Following(View):
         except models.User.DoesNotExist:
             return HttpResponseNotFound()
 
+        # make sure we're not blocked
+        if is_blocked(request.user, user):
+            return HttpResponseNotFound()
+
         if is_api_request(request):
             return ActivitypubResponse(
                 user.to_following_activity(**request.GET))
@@ -135,14 +147,11 @@ class Following(View):
 class EditUser(View):
     ''' edit user view '''
     def get(self, request):
-        ''' profile page for a user '''
-        user = request.user
-
-        form = forms.EditUserForm(instance=request.user)
+        ''' edit profile page for a user '''
         data = {
             'title': 'Edit profile',
-            'form': form,
-            'user': user,
+            'form': forms.EditUserForm(instance=request.user),
+            'user': request.user,
         }
         return TemplateResponse(request, 'edit_user.html', data)