hide instance actor from users

The Instance Actor is required for signing http GET requests but is not a "user" and should not be otherwise interacted with. - hides instance actor profile page, returning a 404 - excludes instance actor from search results and suggestions including in Getting Started - replaces link to user profile in user admin page with a brief message box - replaces panel in user admin page that allows for user to be suspended or removed with a message explaining why that is a very bad idea fixes #3119
2023-11-20 12:17:52 +11:00 · 2023-11-20 12:17:52 +11:00 · f011f2bce9
commit f011f2bce9
parent 06568aab88
8 changed files with 115 additions and 69 deletions
--- a/bookwyrm/views/get_started.py
+++ b/bookwyrm/views/get_started.py
@ -11,6 +11,7 @@ from django.utils.decorators import method_decorator
 from django.views import View

 from bookwyrm import book_search, forms, models
+from bookwyrm.settings import INSTANCE_ACTOR_USERNAME
 from bookwyrm.suggested_users import suggested_users
 from .preferences.edit_user import save_user_form

@ -108,6 +109,7 @@ class GetStartedUsers(View):
            .exclude(
                id=request.user.id,
            )
+            .exclude(localname=INSTANCE_ACTOR_USERNAME)
            .order_by("-similarity")[:5]
        )
        data = {"no_results": not user_results}
--- a/bookwyrm/views/search.py
+++ b/bookwyrm/views/search.py
@ -13,7 +13,7 @@ from csp.decorators import csp_update
 from bookwyrm import models
 from bookwyrm.connectors import connector_manager
 from bookwyrm.book_search import search, format_search_result
-from bookwyrm.settings import PAGE_LENGTH
+from bookwyrm.settings import PAGE_LENGTH, INSTANCE_ACTOR_USERNAME
 from bookwyrm.utils import regex
 from .helpers import is_api_request
 from .helpers import handle_remote_webfinger
@ -113,6 +113,7 @@ def user_search(request):
        .filter(
            similarity__gt=0.5,
        )
+        .exclude(localname=INSTANCE_ACTOR_USERNAME)
        .order_by("-similarity")
    )

--- a/bookwyrm/views/user.py
+++ b/bookwyrm/views/user.py
@ -11,7 +11,7 @@ from django.views.decorators.http import require_POST

 from bookwyrm import models
 from bookwyrm.activitypub import ActivitypubResponse
-from bookwyrm.settings import PAGE_LENGTH
+from bookwyrm.settings import PAGE_LENGTH, INSTANCE_ACTOR_USERNAME
 from .helpers import get_user_from_username, is_api_request


@ -31,6 +31,10 @@ class User(View):
            return ActivitypubResponse(user.to_activity())
        # otherwise we're at a UI view

+        # if it's not an API request, never show the instance actor profile page
+        if user.localname == INSTANCE_ACTOR_USERNAME:
+            raise Http404()
+
        shelf_preview = []

        # only show shelves that should be visible