feat(privacy): enforce avatar/presence visibility and invite restrictions

app/users/repository.py

@@ -140,6 +140,16 @@ async def get_contact_relation(db: AsyncSession, *, user_id: int, contact_user_i
     return result.scalar_one_or_none()
 
 
+async def is_user_in_contacts(db: AsyncSession, *, owner_user_id: int, candidate_user_id: int) -> bool:
+    result = await db.execute(
+        select(UserContact.id).where(
+            UserContact.user_id == owner_user_id,
+            UserContact.contact_user_id == candidate_user_id,
+        ).limit(1)
+    )
+    return result.scalar_one_or_none() is not None
+
+
 async def list_contacts(db: AsyncSession, *, user_id: int) -> list[User]:
     stmt = (
         select(User)

app/users/router.py

@@ -16,6 +16,8 @@ from app.users.service import (
     has_block_relation_between_users,
     remove_contact,
     search_users_by_username,
+    serialize_user_for_viewer,
+    serialize_user_search_for_viewer,
     unblock_user,
     update_user_profile,
 )
@@ -43,7 +45,7 @@ async def search_users(
         limit=limit,
         exclude_user_id=current_user.id,
     )
-    return users
+    return [await serialize_user_search_for_viewer(db, target_user=user, viewer_user_id=current_user.id) for user in users]
 
 
 @router.put("/profile", response_model=UserRead)
@@ -69,7 +71,7 @@ async def update_profile(
         privacy_avatar=payload.privacy_avatar,
         privacy_group_invites=payload.privacy_group_invites,
     )
-    return updated
+    return await serialize_user_for_viewer(db, target_user=updated, viewer_user_id=current_user.id)
 
 
 @router.get("/blocked", response_model=list[UserSearchRead])
@@ -77,7 +79,8 @@ async def read_blocked_users(
     db: AsyncSession = Depends(get_db),
     current_user: User = Depends(get_current_user),
 ) -> list[UserSearchRead]:
-    return await list_blocked_users(db, user_id=current_user.id)
+    users = await list_blocked_users(db, user_id=current_user.id)
+    return [await serialize_user_search_for_viewer(db, target_user=user, viewer_user_id=current_user.id) for user in users]
 
 
 @router.get("/contacts", response_model=list[UserSearchRead])
@@ -85,7 +88,8 @@ async def read_contacts(
     db: AsyncSession = Depends(get_db),
     current_user: User = Depends(get_current_user),
 ) -> list[UserSearchRead]:
-    return await list_contacts(db, user_id=current_user.id)
+    users = await list_contacts(db, user_id=current_user.id)
+    return [await serialize_user_search_for_viewer(db, target_user=user, viewer_user_id=current_user.id) for user in users]
 
 
 @router.post("/{user_id}/contacts", status_code=status.HTTP_204_NO_CONTENT)
@@ -163,4 +167,4 @@ async def read_user(user_id: int, db: AsyncSession = Depends(get_db), _current_u
     user = await get_user_by_id(db, user_id)
     if not user:
         raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
-    return user
+    return await serialize_user_for_viewer(db, target_user=user, viewer_user_id=_current_user.id)

app/users/service.py

@@ -2,6 +2,7 @@ from sqlalchemy.ext.asyncio import AsyncSession
 
 from app.users import repository
 from app.users.models import User
+from app.users.schemas import UserRead, UserSearchRead
 
 
 async def get_user_by_id(db: AsyncSession, user_id: int) -> User | None:
@@ -96,3 +97,51 @@ async def remove_contact(db: AsyncSession, *, user_id: int, contact_user_id: int
 
 async def list_contacts(db: AsyncSession, *, user_id: int) -> list[User]:
     return await repository.list_contacts(db, user_id=user_id)
+
+
+async def can_view_user_avatar(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> bool:
+    if target_user.id == viewer_user_id:
+        return True
+    if target_user.privacy_avatar == "everyone":
+        return True
+    if target_user.privacy_avatar == "nobody":
+        return False
+    return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=viewer_user_id)
+
+
+async def can_view_user_last_seen(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> bool:
+    if target_user.id == viewer_user_id:
+        return True
+    if target_user.privacy_last_seen == "everyone":
+        return True
+    if target_user.privacy_last_seen == "nobody":
+        return False
+    return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=viewer_user_id)
+
+
+async def can_invite_user_to_groups(db: AsyncSession, *, target_user: User, actor_user_id: int) -> bool:
+    if target_user.id == actor_user_id:
+        return False
+    if target_user.privacy_group_invites == "everyone":
+        return True
+    return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=actor_user_id)
+
+
+async def serialize_user_for_viewer(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> UserRead:
+    payload = UserRead.model_validate(target_user).model_dump()
+    if not await can_view_user_avatar(db, target_user=target_user, viewer_user_id=viewer_user_id):
+        payload["avatar_url"] = None
+    if target_user.id != viewer_user_id:
+        payload["allow_private_messages"] = True
+        payload["privacy_last_seen"] = "everyone"
+        payload["privacy_avatar"] = "everyone"
+        payload["privacy_group_invites"] = "everyone"
+        payload["twofa_enabled"] = False
+    return UserRead.model_validate(payload)
+
+
+async def serialize_user_search_for_viewer(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> UserSearchRead:
+    payload = UserSearchRead.model_validate(target_user).model_dump()
+    if not await can_view_user_avatar(db, target_user=target_user, viewer_user_id=viewer_user_id):
+        payload["avatar_url"] = None
+    return UserSearchRead.model_validate(payload)