Download as
Browse Code »

Commit cb383dadbd564205d76a8f4d50dcf71ca7764cf9

Authored by Rodrigo Souto
1 parent 7664b827
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

stoa_plugin: remove sensitive fields from person api 

(ActionItem2832)
Showing 3 changed files with 2 additions and 6 deletions   Show diff stats
plugins/stoa/controllers/stoa_plugin_controller.rb
  Diff comments   View file @cb383da
@@ -49,7 +49,6 @@ class StoaPluginController < PublicController @@ -49,7 +49,6 @@ class StoaPluginController < PublicController
49 return fields.reject { |field| !FIELDS['essential'].include?(field) } unless user.person.public_profile 49 return fields.reject { |field| !FIELDS['essential'].include?(field) } unless user.person.public_profile
50 fields.reject do |field| 50 fields.reject do |field|
51 !user.person.public_fields.include?(field) && 51 !user.person.public_fields.include?(field) &&
52 - SENSITIVE.include?(field) &&  
53 !FIELDS['essential'].include?(field) 52 !FIELDS['essential'].include?(field)
54 end 53 end
55 end 54 end
plugins/stoa/lib/stoa_plugin/person_fields.rb
  Diff comments   View file @cb383da
1 module StoaPlugin::PersonFields 1 module StoaPlugin::PersonFields
2 HEAVY = %w[image_base64] 2 HEAVY = %w[image_base64]
3 - SENSITIVE = %w[]  
4 FILTER = %w[image] 3 FILTER = %w[image]
5 4
6 ESSENTIAL = %w[username email nusp] 5 ESSENTIAL = %w[username email nusp]
plugins/stoa/test/functional/stoa_plugin_controller_test.rb
  Diff comments   View file @cb383da
@@ -102,13 +102,12 @@ class StoaPluginControllerTest < ActionController::TestCase @@ -102,13 +102,12 @@ class StoaPluginControllerTest < ActionController::TestCase
102 assert response.blank? 102 assert response.blank?
103 end 103 end
104 104
105 - should 'not return sensitive fields that are private' do 105 + should 'not return private fields' do
106 @request.stubs(:ssl?).returns(true) 106 @request.stubs(:ssl?).returns(true)
107 Person.any_instance.stubs(:f1).returns('field1') 107 Person.any_instance.stubs(:f1).returns('field1')
108 Person.any_instance.stubs(:f2).returns('field2') 108 Person.any_instance.stubs(:f2).returns('field2')
109 Person.any_instance.stubs(:f3).returns('field3') 109 Person.any_instance.stubs(:f3).returns('field3')
110 StoaPluginController::FIELDS['special'] = %w[f1 f2 f3] 110 StoaPluginController::FIELDS['special'] = %w[f1 f2 f3]
111 - StoaPluginController::SENSITIVE = %w[f1 f2]  
112 person = user.person 111 person = user.person
113 person.fields_privacy = {:f1 => 'private', :f2 => 'public', :f3 => 'public'} 112 person.fields_privacy = {:f1 => 'private', :f2 => 'public', :f3 => 'public'}
114 person.save! 113 person.save!
@@ -120,9 +119,8 @@ class StoaPluginControllerTest < ActionController::TestCase @@ -120,9 +119,8 @@ class StoaPluginControllerTest < ActionController::TestCase
120 assert json_response.keys.include?('f3') 119 assert json_response.keys.include?('f3')
121 end 120 end
122 121
123 - should 'return essential fields even if they are sensitive and private' do 122 + should 'return essential fields even if they are private' do
124 @request.stubs(:ssl?).returns(true) 123 @request.stubs(:ssl?).returns(true)
125 - StoaPluginController::SENSITIVE = %w[email]  
126 person = user.person 124 person = user.person
127 person.fields_privacy = {:email => 'private'} 125 person.fields_privacy = {:email => 'private'}
128 person.save! 126 person.save!