diff --git a/reader/views.py b/reader/views.py index 98d2c92d52f2df73534d6d0f912e3ecde0f30d59..3287da7b5f1d8cbfb76bb4e4e59d6ee14379e3ef 100644 --- a/reader/views.py +++ b/reader/views.py @@ -49,7 +49,21 @@ def create_book(request): def browse_books(request): books = Book.objects.filter(public=True) - return render(request, "reader/browse.html", {"page": "browse", "books": books}) + books_private = [] + if request.user.is_authenticated: + books_private_q = Book.objects.filter(public=False) + for book in books_private_q: + # Filter books that the user has permission to view and hasn't read + if ((book.owner == request.user + or request.user.has_perm("reader.book_view_others", book) + or request.user.has_perm("reader.book_view_others")) + and (book.userbook_set.filter(user=request.user).count() == 0)): + books_private.append(book) + return render(request, "reader/browse.html", { + "page": "browse", + "books": books, + "books_private": books_private + }) def view_book(request, book_id): # Get book