Filter inactive/unapproved users out of SecureAPI requests. Fixes #552

PyRIGS/views.py

@@ -134,6 +134,9 @@ class SecureAPIRequest(generic.View):
             results = []
             query = reduce(operator.and_, queries)
             objects = self.models[model].objects.filter(query)
+            # Returning unactivated or unapproved users when they are elsewhere filtered out of the default queryset leads to some *very* unexpected results
+            if model == "profile":
+                objects = objects.filter(is_active=True, is_approved=True)
             for o in objects:
                 name = o.display_name if hasattr(o, 'display_name') else o.name
                 data = {

versioning/versioning.py

@@ -160,7 +160,7 @@ class ModelComparison:
 
             # Build some dicts of what we have
             item_dict = {}  # build a list of items, key is the item_pk
-            if len(new_item_versions) is 0:
+            if len(new_item_versions) == 0:
                 return None
             for version in old_item_versions:  # put all the old versions in a list
                 if version is None or version.object is None: