From 6d30e2d34e74893262d45322c09d4b49afc2f619 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Wed, 8 Oct 2025 15:37:33 +0200 Subject: [PATCH] Don't display public activity by default when requiring consent Just as we mentioned in the previous commit, there are places where we aren't sure whether explicit consent is strictly required. So, when the "require consent" setting is enabled, we're taking the safe approach. This means that, in this case, we're only displaying a user's activity if they've given explicit consent. --- app/models/user.rb | 2 +- ...remove_default_value_in_user_public_activity.rb | 7 +++++++ db/schema.rb | 4 ++-- spec/factories/users.rb | 1 - spec/models/user_spec.rb | 14 ++++++++++++++ 5 files changed, 24 insertions(+), 4 deletions(-) create mode 100644 db/migrate/20251009085528_remove_default_value_in_user_public_activity.rb diff --git a/app/models/user.rb b/app/models/user.rb index 6e5db433f..7af90cdbe 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,7 +1,7 @@ class User < ApplicationRecord include Verification attribute :registering_from_web, default: false - %i[newsletter email_digest email_on_direct_message recommended_debates + %i[newsletter email_digest email_on_direct_message public_activity recommended_debates recommended_proposals].each do |field| attribute field, :boolean, default: -> { !Setting["feature.gdpr.require_consent_for_notifications"] } end diff --git a/db/migrate/20251009085528_remove_default_value_in_user_public_activity.rb b/db/migrate/20251009085528_remove_default_value_in_user_public_activity.rb new file mode 100644 index 000000000..315be7a56 --- /dev/null +++ b/db/migrate/20251009085528_remove_default_value_in_user_public_activity.rb @@ -0,0 +1,7 @@ +class RemoveDefaultValueInUserPublicActivity < ActiveRecord::Migration[7.1] + def change + change_table :users do |t| + t.change_default :public_activity, from: true, to: nil + end + end +end diff --git a/db/schema.rb b/db/schema.rb index d74ea7a2e..f003810bc 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.1].define(version: 2025_10_09_085327) do +ActiveRecord::Schema[7.1].define(version: 2025_10_09_085528) do # These are extensions that must be enabled in order to support this database enable_extension "pg_trgm" enable_extension "plpgsql" @@ -1608,7 +1608,7 @@ ActiveRecord::Schema[7.1].define(version: 2025_10_09_085327) do t.datetime "level_two_verified_at", precision: nil t.string "erase_reason" t.datetime "erased_at", precision: nil - t.boolean "public_activity", default: true + t.boolean "public_activity" t.boolean "newsletter" t.integer "notifications_count", default: 0 t.boolean "registering_with_oauth", default: false diff --git a/spec/factories/users.rb b/spec/factories/users.rb index d9b8789c5..cad4c8880 100644 --- a/spec/factories/users.rb +++ b/spec/factories/users.rb @@ -7,7 +7,6 @@ FactoryBot.define do terms_of_service { "1" } confirmed_at { Time.current } date_of_birth { 20.years.ago } - public_activity { true } trait :incomplete_verification do after :create do |user| diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 843f475d1..a986f556e 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -146,6 +146,20 @@ describe User do end end + describe "#public_activity" do + it "is true by default when the consent for notifications setting is disabled" do + Setting["feature.gdpr.require_consent_for_notifications"] = false + + expect(build(:user).public_activity).to be true + end + + it "is false by default when the consent for notifications setting is enabled" do + Setting["feature.gdpr.require_consent_for_notifications"] = true + + expect(build(:user).public_activity).to be false + end + end + describe "#recommended_debates" do it "is true by default when the consent for notifications setting is disabled" do Setting["feature.gdpr.require_consent_for_notifications"] = false