Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-13 14:30:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prevent users requesting or leaving non-joinable groups

Browse Source 
I have not prevented users joining hidden groups however, as
there may be some use cases where the direct link is provided
for users to request access to the group.

Also prevent users generating leave requests for groups they
are not a member of.
This commit is contained in:
Basraah 2016-12-04 13:02:25 +10:00
parent 42def30c91
commit 648753a68a
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
groupmanagement/views.py
View File

@ -246,6 +246,11 @@ def groups_view(request):
def group_request_add(request, group_id):
logger.debug("group_request_add called by user %s for group id %s" % (request.user, group_id))
group = Group.objects.get(id=group_id)
if not joinable_group(group):
logger.warning("User %s attempted to join group id %s but it is not a joinable group" %
(request.user, group_id))
messages.warning(request, "You cannot join that group")
return redirect('auth_groups')
if OpenGroup.objects.filter(group=group).exists():
logger.info("%s joining %s as is an open group" % (request.user, group))
request.user.groups.add(group)
@ -267,6 +272,16 @@ def group_request_add(request, group_id):
def group_request_leave(request, group_id):
logger.debug("group_request_leave called by user %s for group id %s" % (request.user, group_id))
group = Group.objects.get(id=group_id)
if not joinable_group(group):
logger.warning("User %s attempted to leave group id %s but it is not a joinable group" %
(request.user, group_id))
messages.warning(request, "You cannot leave that group")
return redirect('auth_groups')
if group not in request.user.groups.all():
logger.debug("User %s attempted to leave group id %s but they are not a member" %
(request.user, group_id))
messages.warning(request, "You are not a member of that group")
return redirect('auth_groups')
if OpenGroup.objects.filter(group=group).exists():
logger.info("%s leaving %s as is an open group" % (request.user, group))
request.user.groups.remove(group)