benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

privacy/security: add PM privacy levels and improve session visibility
All checks were successful
CI / test (push) Successful in 24s
Details

Browse Source
This commit is contained in:
Alex
2026-03-08 14:26:19 +03:00
parent 528778238b
commit 76cc5e0f12
17 changed files with 229 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/users/service.py
View File

@@ -42,6 +42,7 @@ async def update_user_profile(
bio: str | None = None,
avatar_url: str | None = None,
allow_private_messages: bool | None = None,
privacy_private_messages: str | None = None,
privacy_last_seen: str | None = None,
privacy_avatar: str | None = None,
privacy_group_invites: str | None = None,
@@ -56,6 +57,11 @@ async def update_user_profile(
user.avatar_url = avatar_url
if allow_private_messages is not None:
user.allow_private_messages = allow_private_messages
if privacy_private_messages is None:
user.privacy_private_messages = "everyone" if allow_private_messages else "nobody"
if privacy_private_messages is not None:
user.privacy_private_messages = privacy_private_messages
user.allow_private_messages = privacy_private_messages != "nobody"
if privacy_last_seen is not None:
user.privacy_last_seen = privacy_last_seen
if privacy_avatar is not None:
@@ -127,12 +133,25 @@ async def can_invite_user_to_groups(db: AsyncSession, *, target_user: User, acto
return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=actor_user_id)
async def can_user_receive_private_messages(db: AsyncSession, *, target_user: User, actor_user_id: int) -> bool:
if target_user.id == actor_user_id:
return True
policy = target_user.privacy_private_messages or ("everyone" if target_user.allow_private_messages else "nobody")
if policy == "everyone":
return True
if policy == "nobody":
return False
return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=actor_user_id)
async def serialize_user_for_viewer(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> UserRead:
payload = UserRead.model_validate(target_user).model_dump()
payload["allow_private_messages"] = bool(target_user.privacy_private_messages != "nobody")
if not await can_view_user_avatar(db, target_user=target_user, viewer_user_id=viewer_user_id):
payload["avatar_url"] = None
if target_user.id != viewer_user_id:
payload["allow_private_messages"] = True
payload["privacy_private_messages"] = "everyone"
payload["privacy_last_seen"] = "everyone"
payload["privacy_avatar"] = "everyone"
payload["privacy_group_invites"] = "everyone"