diff --git a/feed/views.py b/feed/views.py index 0f2519c..4484d4f 100644 --- a/feed/views.py +++ b/feed/views.py @@ -8,12 +8,11 @@ from .models import Mumble, MumbleVote from .serializers import MumbleSerializer - # Create your views here. @api_view(['GET']) -@permission_classes((IsAuthenticated,)) +@permission_classes((IsAuthenticated, )) def mumbles(request): query = request.query_params.get('q') if query == None: @@ -21,8 +20,9 @@ def mumbles(request): user = request.user following = user.following.select_related('user') + blocked_users_by_request_user = user.userprofile.blocked_users.all() - following = user.following.all() + following = user.following.all().exclude() ids = [] ids = [i.user.id for i in following] @@ -43,15 +43,21 @@ def mumbles(request): #Add top ranked mumbles to feed after prioritizing follow list index = 0 for mumble in recentMumbles: - if mumble not in mumbles: - mumbles.insert(index, mumble) - index += 1 + # check if user is not blocked + if mumble.user not in blocked_users_by_request_user: + if user not in mumble.user.userprofile.blocked_users.all(): + if mumble not in mumbles: + mumbles.insert(index, mumble) + index += 1 #Add top ranked mumbles to feed after prioritizing follow list for mumble in topMumbles: - if mumble not in mumbles: - mumbles.append(mumble) + # check if user is not blocked + if mumble.user not in blocked_users_by_request_user: + if user not in mumble.user.userprofile.blocked_users.all(): + if mumble not in mumbles: + mumbles.append(mumble) paginator = PageNumberPagination() diff --git a/users/migrations/0005_userprofile_blocked_users.py b/users/migrations/0005_userprofile_blocked_users.py new file mode 100644 index 0000000..8d94757 --- /dev/null +++ b/users/migrations/0005_userprofile_blocked_users.py @@ -0,0 +1,20 @@ +# Generated by Django 3.2 on 2021-06-09 17:06 + +from django.conf import settings +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('users', '0004_auto_20210517_1436'), + ] + + operations = [ + migrations.AddField( + model_name='userprofile', + name='blocked_users', + field=models.ManyToManyField(blank=True, null=True, related_name='blocked', to=settings.AUTH_USER_MODEL), + ), + ] diff --git a/users/migrations/0006_alter_userprofile_blocked_users.py b/users/migrations/0006_alter_userprofile_blocked_users.py new file mode 100644 index 0000000..ef70ea3 --- /dev/null +++ b/users/migrations/0006_alter_userprofile_blocked_users.py @@ -0,0 +1,20 @@ +# Generated by Django 3.2 on 2021-06-10 09:29 + +from django.conf import settings +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('users', '0005_userprofile_blocked_users'), + ] + + operations = [ + migrations.AlterField( + model_name='userprofile', + name='blocked_users', + field=models.ManyToManyField(blank=True, related_name='blocked', to=settings.AUTH_USER_MODEL), + ), + ] diff --git a/users/models.py b/users/models.py index bf8a04f..79fe1ce 100644 --- a/users/models.py +++ b/users/models.py @@ -33,6 +33,7 @@ class UserProfile(models.Model): skills = models.ManyToManyField(SkillTag, related_name='personal_skills', blank=True) interests = models.ManyToManyField(TopicTag, related_name='topic_interests', blank=True) followers = models.ManyToManyField(User, related_name='following', blank=True) + blocked_users = models.ManyToManyField(User, related_name='blocked', blank=True) email_verified = models.BooleanField(default=False) id = models.UUIDField(default=uuid.uuid4, unique=True, primary_key=True, editable=False) """ diff --git a/users/serializers.py b/users/serializers.py index ff41794..8259907 100644 --- a/users/serializers.py +++ b/users/serializers.py @@ -47,7 +47,7 @@ class UserSerializer(serializers.ModelSerializer): profile = serializers.SerializerMethodField(read_only=True) class Meta: model = User - fields = ['id', 'profile', 'username', 'is_superuser', 'is_staff'] + fields = ['id', 'profile', 'username', 'is_superuser', 'is_staff',] def get_profile(self, obj): profile = obj.userprofile diff --git a/users/urls.py b/users/urls.py index 0a18fba..3724424 100644 --- a/users/urls.py +++ b/users/urls.py @@ -24,6 +24,7 @@ path('profile_update/interests/', views.update_interests, name='update_interests'), path('profile_update/photo/', views.ProfilePictureUpdate.as_view(), name="profile_update_photo"), path('/follow/', views.follow_user, name="follow-user"), + path('/block/', views.block_user, name="block-user"), path('delete-profile/', views.delete_user, name="delete-user"), path('profile_update/delete/', views.ProfilePictureDelete, name="profile_delete_photo"), path('/', views.user, name="user"), diff --git a/users/views.py b/users/views.py index 944d2a3..4e3a8d1 100644 --- a/users/views.py +++ b/users/views.py @@ -118,6 +118,11 @@ def users(request): Q(userprofile__name__icontains=query) | Q(userprofile__username__icontains=query) ).order_by('-userprofile__followers_count') + # check if user is not blocked + for user in list(users): + if user in request.user.userprofile.blocked_users.all(): + if request.user in user.userprofile.blocked_users.all(): + users.remove(user) paginator = PageNumberPagination() paginator.page_size = 10 result_page = paginator.paginate_queryset(users,request) @@ -137,6 +142,13 @@ def users_recommended(request): def user(request, username): user = User.objects.get(username=username) + # if request user is trying to search for a user who has blocked him/her. We won't let them find their profile. + if request.user in user.userprofile.blocked_users.all(): + return Response({'detail':'Account not Found'},status=status.HTTP_200_OK) + + if user in request.user.userprofile.blocked_users.all(): + return Response({'detail':'Unblock Account to view'},status=status.HTTP_200_OK) + if(request.user.username == username): serializer = CurrentUserSerializer(user, many=False) return Response(serializer.data) @@ -147,6 +159,10 @@ def user(request, username): @api_view(['GET']) def user_mumbles(request, username): user = User.objects.get(username=username) + if request.user in user.userprofile.blocked_users.all(): + return Response({'detail':'Account not Found'},status=status.HTTP_200_OK) + if user in request.user.userprofile.blocked_users.all(): + return Response({'detail':'Unblock Account to view its mumbles'},status=status.HTTP_200_OK) mumbles = user.mumble_set.filter(parent=None) serializer = MumbleSerializer(mumbles, many=True) return Response(serializer.data) @@ -154,6 +170,10 @@ def user_mumbles(request, username): @api_view(['GET']) def user_articles(request, username): user = User.objects.get(username=username) + if request.user in user.userprofile.blocked_users.all(): + return Response({'detail':'Account not Found'},status=status.HTTP_200_OK) + if user in request.user.userprofile.blocked_users.all(): + return Response({'detail':'Unblock Account to view its articles'},status=status.HTTP_200_OK) articles = user.article_set serializer = ArticleSerializer(articles, many=True) return Response(serializer.data) @@ -208,7 +228,8 @@ def follow_user(request, username): if user == user_to_follow: return Response('You can not follow yourself') - + if user in user_to_follow_profile.blocked_users.all(): + return Response('User Not Found') if user in user_to_follow_profile.followers.all(): user_to_follow_profile.followers.remove(user) user_to_follow_profile.followers_count = user_to_follow_profile.followers.count() @@ -289,7 +310,20 @@ def ProfilePictureDelete(request): user.profile_pic.url = 'default.png' return Response({'detail':'Profile picture deleted '}) - +@api_view(['POST']) +@permission_classes((IsAuthenticated,)) +def block_user(request, username): + user = request.user + toblock_user = User.objects.get(username=username) + # Block User + if toblock_user not in user.userprofile.blocked_users.all(): + user.userprofile.followers.remove(toblock_user) + user.userprofile.blocked_users.add(toblock_user) + return Response({'detail':'Account blocked successfully'},status=status.HTTP_200_OK) + # Unblock User + if toblock_user in user.userprofile.blocked_users.all(): + user.userprofile.blocked_users.remove(toblock_user) + return Response({'detail':'Account un-blocked successfully'},status=status.HTTP_200_OK) @api_view(['POST']) @permission_classes((IsAuthenticated,))