Download as
Browse Code »

Commit cb383dadbd564205d76a8f4d50dcf71ca7764cf9

Authored by Rodrigo Souto
1 parent 7664b827
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

stoa_plugin: remove sensitive fields from person api 

(ActionItem2832)
Showing 3 changed files with 2 additions and 6 deletions   Show diff stats
plugins/stoa/controllers/stoa_plugin_controller.rb
  Diff comments   View file @cb383da
... ... @@ -49,7 +49,6 @@ class StoaPluginController < PublicController
49 49 return fields.reject { |field| !FIELDS['essential'].include?(field) } unless user.person.public_profile
50 50 fields.reject do |field|
51 51 !user.person.public_fields.include?(field) &&
52   - SENSITIVE.include?(field) &&
53 52 !FIELDS['essential'].include?(field)
54 53 end
55 54 end
... ...
plugins/stoa/lib/stoa_plugin/person_fields.rb
  Diff comments   View file @cb383da
1 1 module StoaPlugin::PersonFields
2 2 HEAVY = %w[image_base64]
3   - SENSITIVE = %w[]
4 3 FILTER = %w[image]
5 4  
6 5 ESSENTIAL = %w[username email nusp]
... ...
plugins/stoa/test/functional/stoa_plugin_controller_test.rb
  Diff comments   View file @cb383da
... ... @@ -102,13 +102,12 @@ class StoaPluginControllerTest < ActionController::TestCase
102 102 assert response.blank?
103 103 end
104 104  
105   - should 'not return sensitive fields that are private' do
  105 + should 'not return private fields' do
106 106 @request.stubs(:ssl?).returns(true)
107 107 Person.any_instance.stubs(:f1).returns('field1')
108 108 Person.any_instance.stubs(:f2).returns('field2')
109 109 Person.any_instance.stubs(:f3).returns('field3')
110 110 StoaPluginController::FIELDS['special'] = %w[f1 f2 f3]
111   - StoaPluginController::SENSITIVE = %w[f1 f2]
112 111 person = user.person
113 112 person.fields_privacy = {:f1 => 'private', :f2 => 'public', :f3 => 'public'}
114 113 person.save!
... ... @@ -120,9 +119,8 @@ class StoaPluginControllerTest < ActionController::TestCase
120 119 assert json_response.keys.include?('f3')
121 120 end
122 121  
123   - should 'return essential fields even if they are sensitive and private' do
  122 + should 'return essential fields even if they are private' do
124 123 @request.stubs(:ssl?).returns(true)
125   - StoaPluginController::SENSITIVE = %w[email]
126 124 person = user.person
127 125 person.fields_privacy = {:email => 'private'}
128 126 person.save!
... ...