Hide profile information from anonymous users

Review Request #9887 — Created April 23, 2018 and submitted

Information

Review Board
release-3.0.x
41582d3...

Reviewers

Previously, public profile information was available to anonymous users.
Now we limit public profile information to authenticated users only. If
a user marks their profile as private nothing has changed and it will
still not be visible to authenticated users (except for themselves and
staff). User infoboxes now use the updated logic so the same information
is visible.

While I was here I cleaned up the other profile test docstrings.

To make things consistent for LocalSites, LocalSite admins can now view
private profiles of their LocalSite members.

Ran unit tests.

Viewed a public profile while logged out and saw no profile information
aside from username.

Viewed a userbox for a user with a public profile and only saw their
username.

Description From Last Updated

Also needs the following tests: None user Local Site team member with public profile Local Site team member with private …

chipx86chipx86

"Otherwise" doesn't sound right here. I'd say "For authenticated users, ..."

chipx86chipx86

If we can check not_private first, that'll save us a possible query.

chipx86chipx86

"Testing" and "LocalSite"

chipx86chipx86

"Testing" and "LocalSite"

chipx86chipx86

"LocalSite"

chipx86chipx86

"LocalSite"

chipx86chipx86

Let's also assert the values from each of these.

chipx86chipx86
brennie
chipx86
  1. 
      
  2. Also needs the following tests:

    • None user
    • Local Site team member with public profile
    • Local Site team member with private profile
    • Local Site admin with public profile
    • Local Site admin with private profile
  3. reviewboard/accounts/models.py (Diff revision 2)
     
     
     

    "Otherwise" doesn't sound right here. I'd say "For authenticated users, ..."

  4. 
      
brennie
chipx86
  1. 
      
  2. reviewboard/accounts/models.py (Diff revision 3)
     
     
     
     
     
     

    If we can check not_private first, that'll save us a possible query.

  3. reviewboard/accounts/tests.py (Diff revision 3)
     
     
     

    "Testing" and "LocalSite"

  4. reviewboard/accounts/tests.py (Diff revision 3)
     
     
     

    "Testing" and "LocalSite"

  5. 
      
brennie
chipx86
  1. 
      
  2. reviewboard/accounts/tests.py (Diff revision 4)
     
     

    "LocalSite"

  3. reviewboard/accounts/tests.py (Diff revision 4)
     
     

    "LocalSite"

  4. 
      
brennie
chipx86
  1. Ship It!
  2. 
      
brennie
brennie
brennie
chipx86
  1. 
      
  2. reviewboard/webapi/tests/test_user.py (Diff revision 8)
     
     
     
     

    Let's also assert the values from each of these.

  3. 
      
brennie
chipx86
  1. Ship It!
  2. 
      
brennie
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to release-3.0.x (6e22ac3)
Loading...