From cb383dadbd564205d76a8f4d50dcf71ca7764cf9 Mon Sep 17 00:00:00 2001 From: Rodrigo Souto Date: Mon, 21 Oct 2013 16:56:07 -0300 Subject: [PATCH] stoa_plugin: remove sensitive fields from person api --- plugins/stoa/controllers/stoa_plugin_controller.rb | 1 - plugins/stoa/lib/stoa_plugin/person_fields.rb | 1 - plugins/stoa/test/functional/stoa_plugin_controller_test.rb | 6 ++---- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/plugins/stoa/controllers/stoa_plugin_controller.rb b/plugins/stoa/controllers/stoa_plugin_controller.rb index 988e7bb..7eedbf3 100644 --- a/plugins/stoa/controllers/stoa_plugin_controller.rb +++ b/plugins/stoa/controllers/stoa_plugin_controller.rb @@ -49,7 +49,6 @@ class StoaPluginController < PublicController return fields.reject { |field| !FIELDS['essential'].include?(field) } unless user.person.public_profile fields.reject do |field| !user.person.public_fields.include?(field) && - SENSITIVE.include?(field) && !FIELDS['essential'].include?(field) end end diff --git a/plugins/stoa/lib/stoa_plugin/person_fields.rb b/plugins/stoa/lib/stoa_plugin/person_fields.rb index d848af5..7e19e8e 100644 --- a/plugins/stoa/lib/stoa_plugin/person_fields.rb +++ b/plugins/stoa/lib/stoa_plugin/person_fields.rb @@ -1,6 +1,5 @@ module StoaPlugin::PersonFields HEAVY = %w[image_base64] - SENSITIVE = %w[] FILTER = %w[image] ESSENTIAL = %w[username email nusp] diff --git a/plugins/stoa/test/functional/stoa_plugin_controller_test.rb b/plugins/stoa/test/functional/stoa_plugin_controller_test.rb index 1c503ef..5c94e2c 100644 --- a/plugins/stoa/test/functional/stoa_plugin_controller_test.rb +++ b/plugins/stoa/test/functional/stoa_plugin_controller_test.rb @@ -102,13 +102,12 @@ class StoaPluginControllerTest < ActionController::TestCase assert response.blank? end - should 'not return sensitive fields that are private' do + should 'not return private fields' do @request.stubs(:ssl?).returns(true) Person.any_instance.stubs(:f1).returns('field1') Person.any_instance.stubs(:f2).returns('field2') Person.any_instance.stubs(:f3).returns('field3') StoaPluginController::FIELDS['special'] = %w[f1 f2 f3] - StoaPluginController::SENSITIVE = %w[f1 f2] person = user.person person.fields_privacy = {:f1 => 'private', :f2 => 'public', :f3 => 'public'} person.save! @@ -120,9 +119,8 @@ class StoaPluginControllerTest < ActionController::TestCase assert json_response.keys.include?('f3') end - should 'return essential fields even if they are sensitive and private' do + should 'return essential fields even if they are private' do @request.stubs(:ssl?).returns(true) - StoaPluginController::SENSITIVE = %w[email] person = user.person person.fields_privacy = {:email => 'private'} person.save! -- libgit2 0.21.2