Fix soft deleted and unapproved packages appearing where they shouldn't

app/models.py

@@ -336,7 +336,7 @@ class Package(db.Model):
 	forums       = db.Column(db.Integer,     nullable=True)
 
 	provides = db.relationship("MetaPackage", secondary=provides, lazy="subquery",
-			backref=db.backref("packages", lazy=True))
+			backref=db.backref("packages", lazy="dynamic"))
 
 	dependencies = db.relationship("Dependency", backref="depender", lazy="dynamic", foreign_keys=[Dependency.depender_id])
 

app/templates/meta/view.html

@@ -8,5 +8,5 @@ Packages providing '{{ mpackage.name }}''
 	<h1>Packages providing '{{ mpackage.name }}''</h1>
 
 	{% from "macros/packagegridtile.html" import render_pkggrid %}
-	{{ render_pkggrid(mpackage.packages) }}
+	{{ render_pkggrid(mpackage.packages.filter_by(approved=True, soft_deleted=False).all()) }}
 {% endblock %}

app/templates/users/user_profile_page.html

@@ -49,7 +49,7 @@
 	<h2>Packages</h2>
 	<div class="box-body">
 		<ul>
-			{% for p in user.packages %}
+			{% for p in packages %}
 				<li><a href="{{ p.getDetailsURL() }}">
 					{{ p.title }} by {{ p.author.display_name }}
 				</a></li>

app/views/users.py

@@ -49,6 +49,10 @@ def user_profile_page(username):
 	if not user:
 		abort(404)
 
+	packages = user.packages.filter_by(soft_deleted=False)
+	if not current_user.is_authenticated or (user != current_user and not current_user.canAccessTodoList()):
+		packages = packages.filter_by(approved=True)
+
 	form = None
 	if user.checkPerm(current_user, Permission.CHANGE_DNAME) or \
 			user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \
@@ -92,7 +96,7 @@ def user_profile_page(username):
 
 	# Process GET or invalid POST
 	return render_template("users/user_profile_page.html",
-			user=user, form=form)
+			user=user, form=form, packages=packages)
 
 
 @app.route("/users/claim/", methods=["GET", "POST"])