[#471] Factored out User.visible_for?/2.
This commit is contained in:
parent
e6aeb1d4a5
commit
0d1788ce44
3 changed files with 12 additions and 22 deletions
|
@ -49,6 +49,12 @@ def auth_active?(%User{} = user) do
|
||||||
|
|
||||||
def remote_or_auth_active?(%User{} = user), do: !user.local || auth_active?(user)
|
def remote_or_auth_active?(%User{} = user), do: !user.local || auth_active?(user)
|
||||||
|
|
||||||
|
def visible_for?(%User{} = user, for_user \\ nil) do
|
||||||
|
User.remote_or_auth_active?(user) || (for_user && for_user.id == user.id) ||
|
||||||
|
User.superuser?(for_user)
|
||||||
|
end
|
||||||
|
|
||||||
|
def superuser?(nil), do: false
|
||||||
def superuser?(%User{} = user), do: user.info && User.Info.superuser?(user.info)
|
def superuser?(%User{} = user), do: user.info && User.Info.superuser?(user.info)
|
||||||
|
|
||||||
def avatar_url(user) do
|
def avatar_url(user) do
|
||||||
|
|
|
@ -17,17 +17,9 @@ def render("accounts.json", %{users: users} = opts) do
|
||||||
end
|
end
|
||||||
|
|
||||||
def render("account.json", %{user: user} = opts) do
|
def render("account.json", %{user: user} = opts) do
|
||||||
for_user = opts[:for]
|
if User.visible_for?(user, opts[:for]),
|
||||||
|
do: render("valid_account.json", opts),
|
||||||
allow_render =
|
else: render("invalid_account.json", opts)
|
||||||
User.remote_or_auth_active?(user) ||
|
|
||||||
(for_user && (for_user.id == user.id || User.superuser?(for_user)))
|
|
||||||
|
|
||||||
if allow_render do
|
|
||||||
render("valid_account.json", opts)
|
|
||||||
else
|
|
||||||
render("invalid_account.json", opts)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def render("invalid_account.json", _opts) do
|
def render("invalid_account.json", _opts) do
|
||||||
|
|
|
@ -21,17 +21,9 @@ def render("index.json", %{users: users, for: user}) do
|
||||||
end
|
end
|
||||||
|
|
||||||
def render("user.json", %{user: user = %User{}} = assigns) do
|
def render("user.json", %{user: user = %User{}} = assigns) do
|
||||||
for_user = assigns[:for]
|
if User.visible_for?(user, assigns[:for]),
|
||||||
|
do: render("valid_user.json", assigns),
|
||||||
allow_render =
|
else: render("invalid_user.json", assigns)
|
||||||
User.remote_or_auth_active?(user) ||
|
|
||||||
(for_user && (for_user.id == user.id || User.superuser?(for_user)))
|
|
||||||
|
|
||||||
if allow_render do
|
|
||||||
render("valid_user.json", assigns)
|
|
||||||
else
|
|
||||||
render("invalid_user.json", assigns)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def render("invalid_user.json", _assigns) do
|
def render("invalid_user.json", _assigns) do
|
||||||
|
|
Loading…
Reference in a new issue