stoa_plugin: remove sensitive fields from person api

(ActionItem2832)

stoa_plugin: remove sensitive fields from person api
(ActionItem2832)
Rodrigo Souto
1 parent 7664b827
Showing 3 changed files with 2 additions and 6 deletions Show diff stats
plugins/stoa/controllers/stoa_plugin_controller.rb
plugins/stoa/lib/stoa_plugin/person_fields.rb
plugins/stoa/test/functional/stoa_plugin_controller_test.rb
@@ -49,7 +49,6 @@ class StoaPluginController &lt; PublicController
     return fields.reject { |field| !FIELDS['essential'].include?(field) } unless user.person.public_profile
     fields.reject do |field|
       !user.person.public_fields.include?(field) &&
-      SENSITIVE.include?(field) &&
       !FIELDS['essential'].include?(field)
     end
   end
 module StoaPlugin::PersonFields
   HEAVY = %w[image_base64]
-  SENSITIVE = %w[]
   FILTER = %w[image]
  
   ESSENTIAL = %w[username email nusp]
@@ -102,13 +102,12 @@ class StoaPluginControllerTest &lt; ActionController::TestCase
     assert response.blank?
   end
  
-  should 'not return sensitive fields that are private' do
+  should 'not return private fields' do
     @request.stubs(:ssl?).returns(true)
     Person.any_instance.stubs(:f1).returns('field1')
     Person.any_instance.stubs(:f2).returns('field2')
     Person.any_instance.stubs(:f3).returns('field3')
     StoaPluginController::FIELDS['special'] = %w[f1 f2 f3]
-    StoaPluginController::SENSITIVE = %w[f1 f2]
     person = user.person
     person.fields_privacy = {:f1 => 'private', :f2 => 'public', :f3 => 'public'}
     person.save!
@@ -120,9 +119,8 @@ class StoaPluginControllerTest &lt; ActionController::TestCase
     assert json_response.keys.include?('f3')
   end
  
-  should 'return essential fields even if they are sensitive and private' do
+  should 'return essential fields even if they are private' do
     @request.stubs(:ssl?).returns(true)
-    StoaPluginController::SENSITIVE = %w[email]
     person = user.person
     person.fields_privacy = {:email => 'private'}
     person.save!
...	...	@@ -49,7 +49,6 @@ class StoaPluginController < PublicController
49	49	return fields.reject { \|field\| !FIELDS['essential'].include?(field) } unless user.person.public_profile
50	50	fields.reject do \|field\|
51	51	!user.person.public_fields.include?(field) &&
52		- SENSITIVE.include?(field) &&
53	52	!FIELDS['essential'].include?(field)
54	53	end
55	54	end
...	...
1	1	module StoaPlugin::PersonFields
2	2	HEAVY = %w[image_base64]
3		- SENSITIVE = %w[]
4	3	FILTER = %w[image]
5	4
6	5	ESSENTIAL = %w[username email nusp]
...	...
...	...	@@ -102,13 +102,12 @@ class StoaPluginControllerTest < ActionController::TestCase
102	102	assert response.blank?
103	103	end
104	104
105		- should 'not return sensitive fields that are private' do
	105	+ should 'not return private fields' do
106	106	@request.stubs(:ssl?).returns(true)
107	107	Person.any_instance.stubs(:f1).returns('field1')
108	108	Person.any_instance.stubs(:f2).returns('field2')
109	109	Person.any_instance.stubs(:f3).returns('field3')
110	110	StoaPluginController::FIELDS['special'] = %w[f1 f2 f3]
111		- StoaPluginController::SENSITIVE = %w[f1 f2]
112	111	person = user.person
113	112	person.fields_privacy = {:f1 => 'private', :f2 => 'public', :f3 => 'public'}
114	113	person.save!
...	...	@@ -120,9 +119,8 @@ class StoaPluginControllerTest < ActionController::TestCase
120	119	assert json_response.keys.include?('f3')
121	120	end
122	121
123		- should 'return essential fields even if they are sensitive and private' do
	122	+ should 'return essential fields even if they are private' do
124	123	@request.stubs(:ssl?).returns(true)
125		- StoaPluginController::SENSITIVE = %w[email]
126	124	person = user.person
127	125	person.fields_privacy = {:email => 'private'}
128	126	person.save!
...	...