Download as
Browse Code »

Commit 27eb1487df3f8f1eb7928bb692cfa4c84f35b53e

Authored by Caio Almeida
Committed by Daniela Feitosa
1 parent cd4a0e06
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Done

Showing 14 changed files with 211 additions and 14 deletions   Show diff stats
app/controllers/my_profile/profile_editor_controller.rb
  Diff comments   View file @27eb148
@@ -14,6 +14,7 @@ class ProfileEditorController < MyProfileController @@ -14,6 +14,7 @@ class ProfileEditorController < MyProfileController
14 @profile_data = profile 14 @profile_data = profile
15 @possible_domains = profile.possible_domains 15 @possible_domains = profile.possible_domains
16 if request.post? 16 if request.post?
  17 + params[:profile_data][:fields_privacy] ||= {} if profile.person? && params[:profile_data].is_a?(Hash)
17 begin 18 begin
18 Profile.transaction do 19 Profile.transaction do
19 Image.transaction do 20 Image.transaction do
app/helpers/application_helper.rb
  Diff comments   View file @27eb148
@@ -866,7 +866,7 @@ module ApplicationHelper @@ -866,7 +866,7 @@ module ApplicationHelper
866 end 866 end
867 else 867 else
868 if profile.active_fields.include?(name) 868 if profile.active_fields.include?(name)
869 - result = field_html 869 + result = content_tag('div', field_html + profile_field_privacy_selector(profile, name), :class => 'field-with-privacy-selector')
870 end 870 end
871 end 871 end
872 872
@@ -881,6 +881,10 @@ module ApplicationHelper @@ -881,6 +881,10 @@ module ApplicationHelper
881 result 881 result
882 end 882 end
883 883
  884 + def profile_field_privacy_selector(profile, name)
  885 + profile.public? ? content_tag('div', check_box_tag('profile_data[fields_privacy][' + name + ']', 'public', profile.public_fields.include?(name)) + label_tag('profile_data_fields_privacy_' + name, _('Public')), :class => 'field-privacy-selector') : ''
  886 + end
  887 +
884 def template_stylesheet_path 888 def template_stylesheet_path
885 if profile.nil? 889 if profile.nil?
886 "/designs/templates/#{environment.layout_template}/stylesheets/style.css" 890 "/designs/templates/#{environment.layout_template}/stylesheets/style.css"
app/helpers/profile_editor_helper.rb
  Diff comments   View file @27eb148
@@ -145,4 +145,12 @@ module ProfileEditorHelper @@ -145,4 +145,12 @@ module ProfileEditorHelper
145 link_to title, url, :class => 'control-panel-%s' % icon 145 link_to title, url, :class => 'control-panel-%s' % icon
146 end 146 end
147 147
  148 + def unchangeable_privacy_field(profile)
  149 + if profile.public?
  150 + check_box_tag('', '', true, :disabled => true) + ' ' + _('Public')
  151 + else
  152 + ''
  153 + end
  154 + end
  155 +
148 end 156 end
app/helpers/profile_helper.rb
  Diff comments   View file @27eb148
1 module ProfileHelper 1 module ProfileHelper
2 2
3 def display_field(title, profile, field, force = false) 3 def display_field(title, profile, field, force = false)
4 - if !force && !profile.active_fields.include?(field.to_s) 4 + if (!force && field.to_s != 'email' && !profile.active_fields.include?(field.to_s)) ||
  5 + ((profile.active_fields.include?(field.to_s) || field.to_s == 'email') && !profile.public_fields.include?(field.to_s) && (!user || (user != profile && !user.is_a_friend?(profile))))
5 return '' 6 return ''
6 end 7 end
7 value = profile.send(field) 8 value = profile.send(field)
app/models/person.rb
  Diff comments   View file @27eb148
@@ -456,6 +456,10 @@ class Person < Profile @@ -456,6 +456,10 @@ class Person < Profile
456 Scrap.find_by_sql("SELECT id, updated_at, '#{Scrap.to_s}' AS klass FROM #{Scrap.table_name} WHERE scraps.receiver_id = #{self.id} AND scraps.scrap_id IS NULL UNION SELECT id, updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} WHERE action_tracker.user_id = #{self.id} and action_tracker.verb != 'leave_scrap_to_self' and action_tracker.verb != 'add_member_in_community' ORDER BY updated_at DESC") 456 Scrap.find_by_sql("SELECT id, updated_at, '#{Scrap.to_s}' AS klass FROM #{Scrap.table_name} WHERE scraps.receiver_id = #{self.id} AND scraps.scrap_id IS NULL UNION SELECT id, updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} WHERE action_tracker.user_id = #{self.id} and action_tracker.verb != 'leave_scrap_to_self' and action_tracker.verb != 'add_member_in_community' ORDER BY updated_at DESC")
457 end 457 end
458 458
  459 + def public_fields
  460 + self.fields_privacy.nil? ? self.active_fields : self.fields_privacy.reject{ |k, v| v != 'public' }.keys.map(&:to_s)
  461 + end
  462 +
459 protected 463 protected
460 464
461 def followed_by?(profile) 465 def followed_by?(profile)
app/models/profile.rb
  Diff comments   View file @27eb148
@@ -144,6 +144,7 @@ class Profile < ActiveRecord::Base @@ -144,6 +144,7 @@ class Profile < ActiveRecord::Base
144 settings_items :redirect_l10n, :type => :boolean, :default => false 144 settings_items :redirect_l10n, :type => :boolean, :default => false
145 settings_items :public_content, :type => :boolean, :default => true 145 settings_items :public_content, :type => :boolean, :default => true
146 settings_items :description 146 settings_items :description
  147 + settings_items :fields_privacy, :type => :hash, :default => {}
147 148
148 validates_length_of :description, :maximum => 550, :allow_nil => true 149 validates_length_of :description, :maximum => 550, :allow_nil => true
149 150
@@ -876,6 +877,15 @@ private :generate_url, :url_options @@ -876,6 +877,15 @@ private :generate_url, :url_options
876 [] 877 []
877 end 878 end
878 879
  880 + # field => privacy (e.g.: "address" => "public")
  881 + def fields_privacy
  882 + self.data[:fields_privacy]
  883 + end
  884 +
  885 + def public_fields
  886 + self.active_fields
  887 + end
  888 +
879 private 889 private
880 def self.f_categories_label_proc(environment) 890 def self.f_categories_label_proc(environment)
881 ids = environment.top_level_category_as_facet_ids 891 ids = environment.top_level_category_as_facet_ids
app/views/profile/_person_profile.rhtml
  Diff comments   View file @27eb148
@@ -13,15 +13,13 @@ @@ -13,15 +13,13 @@
13 <td><%= show_date(profile.created_at) %></td> 13 <td><%= show_date(profile.created_at) %></td>
14 </tr> 14 </tr>
15 15
16 - <% if profile == user || profile.friends.include?(user) %>  
17 - <tr>  
18 - <th colspan='2'><%= _('Contact')%></th>  
19 - </tr>  
20 - <%= display_field(_('Address:'), profile, :address) %>  
21 - <%= display_field(_('ZIP code:'), profile, :zip_code) %>  
22 - <%= display_field(_('Contact phone:'), profile, :contact_phone) %>  
23 - <%= display_field(_('e-Mail:'), profile, :email, true) { |email| link_to_email(email) } %>  
24 - <% end %> 16 + <tr>
  17 + <th colspan='2'><%= _('Contact')%></th>
  18 + </tr>
  19 + <%= display_field(_('Address:'), profile, :address) %>
  20 + <%= display_field(_('ZIP code:'), profile, :zip_code) %>
  21 + <%= display_field(_('Contact phone:'), profile, :contact_phone) %>
  22 + <%= display_field(_('e-Mail:'), profile, :email) { |email| link_to_email(email) } %>
25 23
26 <% cache_timeout(profile.relationships_cache_key, 4.hours) do %> 24 <% cache_timeout(profile.relationships_cache_key, 4.hours) do %>
27 <% if !(profile.organization.blank? && profile.organization_website.blank?) && (profile.active_fields.include?('organization') || profile.active_fields.include?('organization_website')) %> 25 <% if !(profile.organization.blank? && profile.organization_website.blank?) && (profile.active_fields.include?('organization') || profile.active_fields.include?('organization_website')) %>
app/views/profile_editor/_person.rhtml
  Diff comments   View file @27eb148
@@ -2,9 +2,19 @@ @@ -2,9 +2,19 @@
2 2
3 <%= required_fields_message %> 3 <%= required_fields_message %>
4 4
5 - <%= required f.text_field(:name) %> 5 + <div class="field-with-privacy-selector">
  6 + <%= required f.text_field(:name) %>
  7 + <div class="field-privacy-selector">
  8 + <%= unchangeable_privacy_field @profile %>
  9 + </div>
  10 + </div>
6 11
7 - <%= required f.text_field(:email) %> 12 + <div class="field-with-privacy-selector">
  13 + <%= required f.text_field(:email) %>
  14 + <div class="field-privacy-selector">
  15 + <%= profile_field_privacy_selector @profile, 'email' %>
  16 + </div>
  17 + </div>
8 18
9 <%= @plugins.dispatch(:profile_info_extra_contents).collect { |content| instance_eval(&content) }.join("") %> 19 <%= @plugins.dispatch(:profile_info_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
10 20
app/views/profile_editor/edit.rhtml
  Diff comments   View file @27eb148
@@ -13,8 +13,11 @@ @@ -13,8 +13,11 @@
13 <%= render :partial => partial_for_class(@profile.class), :locals => { :f => f } %> 13 <%= render :partial => partial_for_class(@profile.class), :locals => { :f => f } %>
14 14
15 <% unless @profile.person? && @environment.active_person_fields.include?('image') %> 15 <% unless @profile.person? && @environment.active_person_fields.include?('image') %>
16 - <div id="profile_change_picture"> 16 + <div id="profile_change_picture_title">
17 <h2><%= _('Change picture') %></h2> 17 <h2><%= _('Change picture') %></h2>
  18 + <span><%= unchangeable_privacy_field @profile %></span>
  19 + </div>
  20 + <div id="profile_change_picture">
18 <% f.fields_for :image_builder, @profile.image do |i| %> 21 <% f.fields_for :image_builder, @profile.image do |i| %>
19 <%= file_field_or_thumbnail(_('Image:'), @profile.image, i) %><%= _("Max size: %s (.jpg, .gif, .png)")% Image.max_size.to_humanreadable %> 22 <%= file_field_or_thumbnail(_('Image:'), @profile.image, i) %><%= _("Max size: %s (.jpg, .gif, .png)")% Image.max_size.to_humanreadable %>
20 <% end %> 23 <% end %>
public/stylesheets/application.css
  Diff comments   View file @27eb148
@@ -6097,3 +6097,49 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img { @@ -6097,3 +6097,49 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img {
6097 margin: .8em 0 .2em; 6097 margin: .8em 0 .2em;
6098 line-height: 1.5; 6098 line-height: 1.5;
6099 } 6099 }
  6100 +
  6101 +.controller-profile_editor #profile-data {
  6102 + display: table;
  6103 + width: auto;
  6104 +}
  6105 +
  6106 +.field-with-privacy-selector {
  6107 + display: table-row;
  6108 +}
  6109 +
  6110 +.controller-profile_editor #profile-data .field-with-privacy-selector .formfieldline {
  6111 + display: table-cell;
  6112 + width: auto;
  6113 +}
  6114 +
  6115 +.field-privacy-selector {
  6116 + display: table-cell;
  6117 + vertical-align: bottom;
  6118 + text-align: center;
  6119 + width: 100px;
  6120 +}
  6121 +
  6122 +#profile_change_picture {
  6123 + clear: both;
  6124 + margin-top: 20px;
  6125 +}
  6126 +
  6127 +#profile_change_picture_title {
  6128 + display: table-row;
  6129 + width: 100%;
  6130 +}
  6131 +
  6132 +#profile_change_picture_title h2,
  6133 +#profile_change_picture_title span {
  6134 + display: table-cell;
  6135 +}
  6136 +
  6137 +#profile_change_picture_title h2 {
  6138 + padding-top: 20px;
  6139 + width: auto;
  6140 +}
  6141 +
  6142 +#profile_change_picture_title span {
  6143 + width: 100px;
  6144 + text-align: center;
  6145 +}
test/functional/profile_controller_test.rb
  Diff comments   View file @27eb148
@@ -1371,4 +1371,80 @@ class ProfileControllerTest &lt; ActionController::TestCase @@ -1371,4 +1371,80 @@ class ProfileControllerTest &lt; ActionController::TestCase
1371 assert_redirected_to :action => 'members' 1371 assert_redirected_to :action => 'members'
1372 end 1372 end
1373 1373
  1374 + should 'show all fields to anonymous user' do
  1375 + viewed = create_user('person_1').person
  1376 + Environment.any_instance.stubs(:active_person_fields).returns(['sex', 'birth_date'])
  1377 + Environment.any_instance.stubs(:required_person_fields).returns([])
  1378 + viewed.birth_date = Time.now.ago(22.years)
  1379 + viewed.data = { :sex => 'male', :fields_privacy => { 'sex' => 'public', 'birth_date' => 'public' } }
  1380 + viewed.save!
  1381 + get :index, :profile => viewed.identifier
  1382 + assert_tag :tag => 'td', :content => 'Sex:'
  1383 + assert_tag :tag => 'td', :content => 'Male'
  1384 + assert_tag :tag => 'td', :content => 'Date of birth:'
  1385 + assert_tag :tag => 'td', :content => 'August 26, 1990'
  1386 + end
  1387 +
  1388 + should 'show some fields to anonymous user' do
  1389 + viewed = create_user('person_1').person
  1390 + Environment.any_instance.stubs(:active_person_fields).returns(['sex', 'birth_date'])
  1391 + Environment.any_instance.stubs(:required_person_fields).returns([])
  1392 + viewed.birth_date = Time.now.ago(22.years)
  1393 + viewed.data = { :sex => 'male', :fields_privacy => { 'sex' => 'public' } }
  1394 + viewed.save!
  1395 + get :index, :profile => viewed.identifier
  1396 + assert_tag :tag => 'td', :content => 'Sex:'
  1397 + assert_tag :tag => 'td', :content => 'Male'
  1398 + assert_no_tag :tag => 'td', :content => 'Date of birth:'
  1399 + assert_no_tag :tag => 'td', :content => 'August 26, 1990'
  1400 + end
  1401 +
  1402 + should 'show some fields to non friend' do
  1403 + viewed = create_user('person_1').person
  1404 + Environment.any_instance.stubs(:active_person_fields).returns(['sex', 'birth_date'])
  1405 + Environment.any_instance.stubs(:required_person_fields).returns([])
  1406 + viewed.birth_date = Time.now.ago(22.years)
  1407 + viewed.data = { :sex => 'male', :fields_privacy => { 'sex' => 'public' } }
  1408 + viewed.save!
  1409 + strange = create_user('person_2').person
  1410 + login_as(strange.identifier)
  1411 + get :index, :profile => viewed.identifier
  1412 + assert_tag :tag => 'td', :content => 'Sex:'
  1413 + assert_tag :tag => 'td', :content => 'Male'
  1414 + assert_no_tag :tag => 'td', :content => 'Date of birth:'
  1415 + assert_no_tag :tag => 'td', :content => 'August 26, 1990'
  1416 + end
  1417 +
  1418 + should 'show all fields to friend' do
  1419 + viewed = create_user('person_1').person
  1420 + friend = create_user('person_2').person
  1421 + Environment.any_instance.stubs(:active_person_fields).returns(['sex', 'birth_date'])
  1422 + Environment.any_instance.stubs(:required_person_fields).returns([])
  1423 + viewed.birth_date = Time.now.ago(22.years)
  1424 + viewed.data = { :sex => 'male', :fields_privacy => { 'sex' => 'public' } }
  1425 + viewed.save!
  1426 + Person.any_instance.stubs(:is_a_friend?).returns(true)
  1427 + login_as(friend.identifier)
  1428 + get :index, :profile => viewed.identifier
  1429 + assert_tag :tag => 'td', :content => 'Sex:'
  1430 + assert_tag :tag => 'td', :content => 'Male'
  1431 + assert_tag :tag => 'td', :content => 'Date of birth:'
  1432 + assert_tag :tag => 'td', :content => 'August 26, 1990'
  1433 + end
  1434 +
  1435 + should 'show all fields to self' do
  1436 + viewed = create_user('person_1').person
  1437 + Environment.any_instance.stubs(:active_person_fields).returns(['sex', 'birth_date'])
  1438 + Environment.any_instance.stubs(:required_person_fields).returns([])
  1439 + viewed.birth_date = Time.now.ago(22.years)
  1440 + viewed.data = { :sex => 'male', :fields_privacy => { 'sex' => 'public' } }
  1441 + viewed.save!
  1442 + login_as(viewed.identifier)
  1443 + get :index, :profile => viewed.identifier
  1444 + assert_tag :tag => 'td', :content => 'Sex:'
  1445 + assert_tag :tag => 'td', :content => 'Male'
  1446 + assert_tag :tag => 'td', :content => 'Date of birth:'
  1447 + assert_tag :tag => 'td', :content => 'August 26, 1990'
  1448 + end
  1449 +
1374 end 1450 end
test/functional/profile_editor_controller_test.rb
  Diff comments   View file @27eb148
@@ -979,4 +979,12 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase @@ -979,4 +979,12 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
979 get :edit, :profile => profile.identifier 979 get :edit, :profile => profile.identifier
980 assert_no_tag :tag => 'select', :attributes => {:id => 'profile_data_redirection_after_login'} 980 assert_no_tag :tag => 'select', :attributes => {:id => 'profile_data_redirection_after_login'}
981 end 981 end
  982 +
  983 + should 'uncheck all field privacy fields' do
  984 + person = profile
  985 + assert_nil person.fields_privacy
  986 + post :edit, :profile => profile.identifier, :profile_data => {}
  987 + assert_equal({}, person.reload.fields_privacy)
  988 + end
  989 +
982 end 990 end
test/unit/person_test.rb
  Diff comments   View file @27eb148
@@ -1262,4 +1262,18 @@ class PersonTest &lt; ActiveSupport::TestCase @@ -1262,4 +1262,18 @@ class PersonTest &lt; ActiveSupport::TestCase
1262 1262
1263 assert person.has_permission?('bli', Profile.new) 1263 assert person.has_permission?('bli', Profile.new)
1264 end 1264 end
  1265 +
  1266 + should 'active fields are public if fields privacy is nil' do
  1267 + p = fast_create(Person)
  1268 + p.expects(:fields_privacy).returns(nil)
  1269 + f = %w(sex birth_date)
  1270 + p.expects(:active_fields).returns(f)
  1271 + assert_equal f, p.public_fields
  1272 + end
  1273 +
  1274 + should 'return public fields' do
  1275 + p = fast_create(Person)
  1276 + p.stubs(:fields_privacy).returns({ 'sex' => 'public', 'birth_date' => 'private' })
  1277 + assert_equal ['sex'], p.public_fields
  1278 + end
1265 end 1279 end
test/unit/profile_test.rb
  Diff comments   View file @27eb148
@@ -1945,4 +1945,18 @@ class ProfileTest &lt; ActiveSupport::TestCase @@ -1945,4 +1945,18 @@ class ProfileTest &lt; ActiveSupport::TestCase
1945 end 1945 end
1946 end 1946 end
1947 1947
  1948 + should 'public fields are active fields' do
  1949 + p = fast_create(Profile)
  1950 + f = %w(sex birth_date)
  1951 + p.expects(:active_fields).returns(f)
  1952 + assert_equal f, p.public_fields
  1953 + end
  1954 +
  1955 + should 'return fields privacy' do
  1956 + p = fast_create(Profile)
  1957 + f = { 'sex' => 'public' }
  1958 + p.data[:fields_privacy] = f
  1959 + assert_equal f, p.fields_privacy
  1960 + end
  1961 +
1948 end 1962 end