From cb383dadbd564205d76a8f4d50dcf71ca7764cf9 Mon Sep 17 00:00:00 2001
From: Rodrigo Souto <rodrigo@colivre.coop.br>
Date: Mon, 21 Oct 2013 16:56:07 -0300
Subject: [PATCH] stoa_plugin: remove sensitive fields from person api

---
 plugins/stoa/controllers/stoa_plugin_controller.rb          | 1 -
 plugins/stoa/lib/stoa_plugin/person_fields.rb               | 1 -
 plugins/stoa/test/functional/stoa_plugin_controller_test.rb | 6 ++----
 3 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/plugins/stoa/controllers/stoa_plugin_controller.rb b/plugins/stoa/controllers/stoa_plugin_controller.rb
index 988e7bb..7eedbf3 100644
--- a/plugins/stoa/controllers/stoa_plugin_controller.rb
+++ b/plugins/stoa/controllers/stoa_plugin_controller.rb
@@ -49,7 +49,6 @@ class StoaPluginController < PublicController
     return fields.reject { |field| !FIELDS['essential'].include?(field) } unless user.person.public_profile
     fields.reject do |field|
       !user.person.public_fields.include?(field) &&
-      SENSITIVE.include?(field) &&
       !FIELDS['essential'].include?(field)
     end
   end
diff --git a/plugins/stoa/lib/stoa_plugin/person_fields.rb b/plugins/stoa/lib/stoa_plugin/person_fields.rb
index d848af5..7e19e8e 100644
--- a/plugins/stoa/lib/stoa_plugin/person_fields.rb
+++ b/plugins/stoa/lib/stoa_plugin/person_fields.rb
@@ -1,6 +1,5 @@
 module StoaPlugin::PersonFields
   HEAVY = %w[image_base64]
-  SENSITIVE = %w[]
   FILTER = %w[image]
 
   ESSENTIAL = %w[username email nusp]
diff --git a/plugins/stoa/test/functional/stoa_plugin_controller_test.rb b/plugins/stoa/test/functional/stoa_plugin_controller_test.rb
index 1c503ef..5c94e2c 100644
--- a/plugins/stoa/test/functional/stoa_plugin_controller_test.rb
+++ b/plugins/stoa/test/functional/stoa_plugin_controller_test.rb
@@ -102,13 +102,12 @@ class StoaPluginControllerTest < ActionController::TestCase
     assert response.blank?
   end
 
-  should 'not return sensitive fields that are private' do
+  should 'not return private fields' do
     @request.stubs(:ssl?).returns(true)
     Person.any_instance.stubs(:f1).returns('field1')
     Person.any_instance.stubs(:f2).returns('field2')
     Person.any_instance.stubs(:f3).returns('field3')
     StoaPluginController::FIELDS['special'] = %w[f1 f2 f3]
-    StoaPluginController::SENSITIVE = %w[f1 f2]
     person = user.person
     person.fields_privacy = {:f1 => 'private', :f2 => 'public', :f3 => 'public'}
     person.save!
@@ -120,9 +119,8 @@ class StoaPluginControllerTest < ActionController::TestCase
     assert json_response.keys.include?('f3')
   end
 
-  should 'return essential fields even if they are sensitive and private' do
+  should 'return essential fields even if they are private' do
     @request.stubs(:ssl?).returns(true)
-    StoaPluginController::SENSITIVE = %w[email]
     person = user.person
     person.fields_privacy = {:email => 'private'}
     person.save!
--
libgit2 0.21.2