From c9ba228bd227ce5be9b4e5feca6d26cf3d74b14f Mon Sep 17 00:00:00 2001
From: FreneticScribbler <aj@aronajones.com>
Date: Wed, 28 Jun 2023 12:55:42 +0100
Subject: [PATCH] Filter inactive/unapproved users out of SecureAPI requests.
 Fixes #552

---
 PyRIGS/views.py          | 3 +++
 versioning/versioning.py | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/PyRIGS/views.py b/PyRIGS/views.py
index c34f014e..537e01b9 100644
--- a/PyRIGS/views.py
+++ b/PyRIGS/views.py
@@ -134,6 +134,9 @@ class SecureAPIRequest(generic.View):
             results = []
             query = reduce(operator.and_, queries)
             objects = self.models[model].objects.filter(query)
+            # Returning unactivated or unapproved users when they are elsewhere filtered out of the default queryset leads to some *very* unexpected results
+            if model == "profile":
+                objects = objects.filter(is_active=True, is_approved=True)
             for o in objects:
                 name = o.display_name if hasattr(o, 'display_name') else o.name
                 data = {
diff --git a/versioning/versioning.py b/versioning/versioning.py
index 070a8cfc..af2391e3 100644
--- a/versioning/versioning.py
+++ b/versioning/versioning.py
@@ -160,7 +160,7 @@ class ModelComparison:
 
             # Build some dicts of what we have
             item_dict = {}  # build a list of items, key is the item_pk
-            if len(new_item_versions) is 0:
+            if len(new_item_versions) == 0:
                 return None
             for version in old_item_versions:  # put all the old versions in a list
                 if version is None or version.object is None: