Don't display public activity by default when requiring consent

Just as we mentioned in the previous commit, there are places where we
aren't sure whether explicit consent is strictly required. So, when the
"require consent" setting is enabled, we're taking the safe approach.
This means that, in this case, we're only displaying a user's activity
if they've given explicit consent.

app/models/user.rb

@@ -1,7 +1,7 @@
 class User < ApplicationRecord
   include Verification
   attribute :registering_from_web, default: false
-  %i[newsletter email_digest email_on_direct_message recommended_debates
+  %i[newsletter email_digest email_on_direct_message public_activity recommended_debates
      recommended_proposals].each do |field|
     attribute field, :boolean, default: -> { !Setting["feature.gdpr.require_consent_for_notifications"] }
   end

db/migrate/20251009085528_remove_default_value_in_user_public_activity.rb

@@ -0,0 +1,7 @@
+class RemoveDefaultValueInUserPublicActivity < ActiveRecord::Migration[7.1]
+  def change
+    change_table :users do |t|
+      t.change_default :public_activity, from: true, to: nil
+    end
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2025_10_09_085327) do
+ActiveRecord::Schema[7.1].define(version: 2025_10_09_085528) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "pg_trgm"
   enable_extension "plpgsql"
@@ -1608,7 +1608,7 @@ ActiveRecord::Schema[7.1].define(version: 2025_10_09_085327) do
     t.datetime "level_two_verified_at", precision: nil
     t.string "erase_reason"
     t.datetime "erased_at", precision: nil
-    t.boolean "public_activity", default: true
+    t.boolean "public_activity"
     t.boolean "newsletter"
     t.integer "notifications_count", default: 0
     t.boolean "registering_with_oauth", default: false

spec/factories/users.rb

@@ -7,7 +7,6 @@ FactoryBot.define do
     terms_of_service    { "1" }
     confirmed_at        { Time.current }
     date_of_birth       { 20.years.ago }
-    public_activity     { true }
 
     trait :incomplete_verification do
       after :create do |user|

spec/models/user_spec.rb

@@ -146,6 +146,20 @@ describe User do
       end
     end
 
+    describe "#public_activity" do
+      it "is true by default when the consent for notifications setting is disabled" do
+        Setting["feature.gdpr.require_consent_for_notifications"] = false
+
+        expect(build(:user).public_activity).to be true
+      end
+
+      it "is false by default when the consent for notifications setting is enabled" do
+        Setting["feature.gdpr.require_consent_for_notifications"] = true
+
+        expect(build(:user).public_activity).to be false
+      end
+    end
+
     describe "#recommended_debates" do
       it "is true by default when the consent for notifications setting is disabled" do
         Setting["feature.gdpr.require_consent_for_notifications"] = false