Determine the profile visiblity more conservatively

This will ensure that the user is not incorrectly shown a lower visibility level than parts of their profile have.
2021-01-20 16:10:42 +01:00
parent 17efe53106
commit 065c065b3b
2 changed files with 37 additions and 7 deletions
--- a/snikket_web/prosodyclient.py
+++ b/snikket_web/prosodyclient.py
@@ -687,6 +687,42 @@ class ProsodyClient:
        )
        xmpputil.extract_iq_reply(metadata_resp)

+    @autosession
+    async def guess_profile_access_model(
+            self,
+            *,
+            session: aiohttp.ClientSession,
+            ) -> str:
+        access_models = filter(
+            lambda x: not isinstance(x, quart.exceptions.NotFound),
+            await asyncio.gather(
+                self.get_avatar_access_model(session=session),
+                self.get_nickname_access_model(session=session),
+                self.get_vcard_access_model(session=session),
+                return_exceptions=True,
+            )
+        )
+
+        order = [
+            "open",
+            "presence",
+            "whitelist",
+        ]
+
+        worst_index: typing.Optional[int] = None
+        for model in access_models:
+            if isinstance(model, BaseException):
+                raise model
+            try:
+                index = order.index(model)
+            except ValueError:
+                index = 0
+
+            if worst_index is None or index < worst_index:
+                worst_index = index
+
+        return order[worst_index or 0]
+
    async def change_password(
            self,
            current_password: str,
--- a/snikket_web/user.py
+++ b/snikket_web/user.py
@@ -111,13 +111,7 @@ async def profile() -> typing.Union[str, quart.Response]:
        # TODO: find a better way to determine the access model, e.g. by
        # taking the first access model which is defined in [nickname, avatar,
        # vcard] or by taking the most open one.-
-        try:
-            profile_access_model = await client.get_nickname_access_model()
-        except quart.exceptions.NotFound:
-            # avatar node does not exist yet, default the access model to
-            # presence
-            # that is what will be set if the user now adds a new avatar.
-            profile_access_model = "presence"
+        profile_access_model = await client.guess_profile_access_model()
        form.nickname.data = user_info.get("nickname", "")
        form.profile_access_model.data = profile_access_model