diff options
| author | Giteabot <teabot@gitea.io> | 2023-03-27 19:55:20 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-28 07:55:20 +0800 |
| commit | 1fed0e1adc8dd2d27d2d7e34dda29c8e79e5e6e8 (patch) | |
| tree | f1dcd4fd41d85cb074aca3cbb26d3e76961d0cc2 | |
| parent | 88a652fa92d0dea6d52767939fb958aaddb244c9 (diff) | |
| download | gitea-1fed0e1adc8dd2d27d2d7e34dda29c8e79e5e6e8.tar.gz gitea-1fed0e1adc8dd2d27d2d7e34dda29c8e79e5e6e8.zip | |
Fix profile page email display, respect settings (#23747) (#23756)
Backport #23747 by @wxiaoguang
Always respect the `setting.UI.ShowUserEmail` and `KeepEmailPrivate`
setting.
* It doesn't make sense to show user's own E-mail to themself.
* Always hide the E-mail if KeepEmailPrivate=true, then the user could
know how their profile page looks like for others.
* Revert the `setting.UI.ShowUserEmail` change from #4981 . This setting
is used to control the E-mail display, not only for the user list page.
ps: the incorrect `<div .../>` tag on the profile page has been fixed by
#23748 together, so this PR becomes simpler.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
| -rw-r--r-- | routers/web/user/profile.go | 2 | ||||
| -rw-r--r-- | tests/integration/setting_test.go | 49 |
2 files changed, 31 insertions, 20 deletions
diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go index 0a215e9203..b5eb2c0781 100644 --- a/routers/web/user/profile.go +++ b/routers/web/user/profile.go @@ -292,7 +292,7 @@ func Profile(ctx *context.Context) { ctx.Data["IsPackageEnabled"] = setting.Packages.Enabled ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled - ctx.Data["ShowUserEmail"] = len(ctx.ContextUser.Email) > 0 && ctx.IsSigned && (!ctx.ContextUser.KeepEmailPrivate || ctx.ContextUser.ID == ctx.Doer.ID) + ctx.Data["ShowUserEmail"] = setting.UI.ShowUserEmail && ctx.ContextUser.Email != "" && ctx.IsSigned && !ctx.ContextUser.KeepEmailPrivate ctx.HTML(http.StatusOK, tplProfile) } diff --git a/tests/integration/setting_test.go b/tests/integration/setting_test.go index 71b28a6258..54819c5b7d 100644 --- a/tests/integration/setting_test.go +++ b/tests/integration/setting_test.go @@ -45,38 +45,49 @@ func TestSettingShowUserEmailProfile(t *testing.T) { defer tests.PrepareTestEnv(t)() showUserEmail := setting.UI.ShowUserEmail + + // user1: keep_email_private = false, user2: keep_email_private = true + setting.UI.ShowUserEmail = true - session := loginUser(t, "user2") - req := NewRequest(t, "GET", "/user2") + // user1 can see self + session := loginUser(t, "user1") + req := NewRequest(t, "GET", "/user1") resp := session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) - assert.Contains(t, - htmlDoc.doc.Find(".user.profile").Text(), - "user2@example.com", - ) - - setting.UI.ShowUserEmail = false + assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com") + // user1 can not see user2 req = NewRequest(t, "GET", "/user2") resp = session.MakeRequest(t, req, http.StatusOK) htmlDoc = NewHTMLParser(t, resp.Body) - // Should contain since this user owns the profile page - assert.Contains(t, - htmlDoc.doc.Find(".user.profile").Text(), - "user2@example.com", - ) + // Should not contain even if the user visits their own profile page + assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com") - setting.UI.ShowUserEmail = showUserEmail + // user2 can see user1 + session = loginUser(t, "user2") + req = NewRequest(t, "GET", "/user1") + resp = session.MakeRequest(t, req, http.StatusOK) + htmlDoc = NewHTMLParser(t, resp.Body) + assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com") - session = loginUser(t, "user4") + // user2 can not see self + session = loginUser(t, "user2") req = NewRequest(t, "GET", "/user2") resp = session.MakeRequest(t, req, http.StatusOK) htmlDoc = NewHTMLParser(t, resp.Body) - assert.NotContains(t, - htmlDoc.doc.Find(".user.profile").Text(), - "user2@example.com", - ) + assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com") + + setting.UI.ShowUserEmail = false + + // user1 can not see self + session = loginUser(t, "user1") + req = NewRequest(t, "GET", "/user1") + resp = session.MakeRequest(t, req, http.StatusOK) + htmlDoc = NewHTMLParser(t, resp.Body) + assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com") + + setting.UI.ShowUserEmail = showUserEmail } func TestSettingLandingPage(t *testing.T) { |