Show email if the authenticated user owns the profile page being requested for (#4981)

* Show email if the authenticated user owns the profile page being
requested for.

Also removed `setting.UI.ShowUserEmail` as it's documentation says it
only controls the email setting on the explore page

* fix current user check... This prevents a panic as a user must be signed in before ctx.User is called

* fix panic in tests

* try to fix tests

* Update year

* Test CI fail

* Revert change

* User 3 is not allowed to authorize

* Set user2 email to be private

* Change to user4 in explore page as user2 now has private email option set
tokarchuk/v1.17
Lanre Adelowo 6 years ago committed by techknowlogick
parent ff2be17e3f
commit 094263db4d
  1. 17
      integrations/setting_test.go
  2. 1
      models/fixtures/user.yml
  3. 2
      routers/user/profile.go
  4. 2
      templates/user/profile.tmpl

@ -25,7 +25,7 @@ func TestSettingShowUserEmailExplore(t *testing.T) {
htmlDoc := NewHTMLParser(t, resp.Body) htmlDoc := NewHTMLParser(t, resp.Body)
assert.Contains(t, assert.Contains(t,
htmlDoc.doc.Find(".ui.user.list").Text(), htmlDoc.doc.Find(".ui.user.list").Text(),
"user2@example.com", "user4@example.com",
) )
setting.UI.ShowUserEmail = false setting.UI.ShowUserEmail = false
@ -35,7 +35,7 @@ func TestSettingShowUserEmailExplore(t *testing.T) {
htmlDoc = NewHTMLParser(t, resp.Body) htmlDoc = NewHTMLParser(t, resp.Body)
assert.NotContains(t, assert.NotContains(t,
htmlDoc.doc.Find(".ui.user.list").Text(), htmlDoc.doc.Find(".ui.user.list").Text(),
"user2@example.com", "user4@example.com",
) )
setting.UI.ShowUserEmail = showUserEmail setting.UI.ShowUserEmail = showUserEmail
@ -61,12 +61,23 @@ func TestSettingShowUserEmailProfile(t *testing.T) {
req = NewRequest(t, "GET", "/user2") req = NewRequest(t, "GET", "/user2")
resp = session.MakeRequest(t, req, http.StatusOK) resp = session.MakeRequest(t, req, http.StatusOK)
htmlDoc = NewHTMLParser(t, resp.Body) htmlDoc = NewHTMLParser(t, resp.Body)
assert.NotContains(t, // Should contain since this user owns the profile page
assert.Contains(t,
htmlDoc.doc.Find(".user.profile").Text(), htmlDoc.doc.Find(".user.profile").Text(),
"user2@example.com", "user2@example.com",
) )
setting.UI.ShowUserEmail = showUserEmail setting.UI.ShowUserEmail = showUserEmail
session = loginUser(t, "user4")
req = NewRequest(t, "GET", "/user2")
resp = session.MakeRequest(t, req, http.StatusOK)
htmlDoc = NewHTMLParser(t, resp.Body)
assert.NotContains(t,
htmlDoc.doc.Find(".user.profile").Text(),
"user2@example.com",
)
} }
func TestSettingLandingPage(t *testing.T) { func TestSettingLandingPage(t *testing.T) {

@ -21,6 +21,7 @@
name: user2 name: user2
full_name: " < U<se>r Tw<o > >< " full_name: " < U<se>r Tw<o > >< "
email: user2@example.com email: user2@example.com
keep_email_private: true
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
type: 0 # individual type: 0 # individual
salt: ZogKvWdyEx salt: ZogKvWdyEx

@ -237,7 +237,7 @@ func Profile(ctx *context.Context) {
} }
} }
ctx.Data["ShowUserEmail"] = setting.UI.ShowUserEmail ctx.Data["ShowUserEmail"] = len(ctxUser.Email) > 0 && ctx.IsSigned && (!ctxUser.KeepEmailPrivate || ctxUser.ID == ctx.User.ID)
ctx.HTML(200, tplProfile) ctx.HTML(200, tplProfile)
} }

@ -22,7 +22,7 @@
{{if .Owner.Location}} {{if .Owner.Location}}
<li><i class="octicon octicon-location"></i> {{.Owner.Location}}</li> <li><i class="octicon octicon-location"></i> {{.Owner.Location}}</li>
{{end}} {{end}}
{{if and $.ShowUserEmail .Owner.Email .IsSigned (not .Owner.KeepEmailPrivate)}} {{if .ShowUserEmail }}
<li> <li>
<i class="octicon octicon-mail"></i> <i class="octicon octicon-mail"></i>
<a href="mailto:{{.Owner.Email}}" rel="nofollow">{{.Owner.Email}}</a> <a href="mailto:{{.Owner.Email}}" rel="nofollow">{{.Owner.Email}}</a>

Loading…
Cancel
Save