Don't display public activity by default when requiring consent

Just as we mentioned in the previous commit, there are places where we aren't sure whether explicit consent is strictly required. So, when the "require consent" setting is enabled, we're taking the safe approach. This means that, in this case, we're only displaying a user's activity if they've given explicit consent.
2025-10-08 15:37:33 +02:00
parent 92a76dd46e
commit 6d30e2d34e
5 changed files with 24 additions and 4 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,7 +1,7 @@
 class User < ApplicationRecord
  include Verification
  attribute :registering_from_web, default: false
-  %i[newsletter email_digest email_on_direct_message recommended_debates
+  %i[newsletter email_digest email_on_direct_message public_activity recommended_debates
     recommended_proposals].each do |field|
    attribute field, :boolean, default: -> { !Setting["feature.gdpr.require_consent_for_notifications"] }
  end
--- a/db/migrate/20251009085528_remove_default_value_in_user_public_activity.rb
+++ b/db/migrate/20251009085528_remove_default_value_in_user_public_activity.rb
@@ -0,0 +1,7 @@
+class RemoveDefaultValueInUserPublicActivity < ActiveRecord::Migration[7.1]
+  def change
+    change_table :users do |t|
+      t.change_default :public_activity, from: true, to: nil
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema[7.1].define(version: 2025_10_09_085327) do
+ActiveRecord::Schema[7.1].define(version: 2025_10_09_085528) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "pg_trgm"
  enable_extension "plpgsql"
@@ -1608,7 +1608,7 @@ ActiveRecord::Schema[7.1].define(version: 2025_10_09_085327) do
    t.datetime "level_two_verified_at", precision: nil
    t.string "erase_reason"
    t.datetime "erased_at", precision: nil
-    t.boolean "public_activity", default: true
+    t.boolean "public_activity"
    t.boolean "newsletter"
    t.integer "notifications_count", default: 0
    t.boolean "registering_with_oauth", default: false
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@@ -7,7 +7,6 @@ FactoryBot.define do
    terms_of_service    { "1" }
    confirmed_at        { Time.current }
    date_of_birth       { 20.years.ago }
-    public_activity     { true }

    trait :incomplete_verification do
      after :create do |user|
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -146,6 +146,20 @@ describe User do
      end
    end

+    describe "#public_activity" do
+      it "is true by default when the consent for notifications setting is disabled" do
+        Setting["feature.gdpr.require_consent_for_notifications"] = false
+
+        expect(build(:user).public_activity).to be true
+      end
+
+      it "is false by default when the consent for notifications setting is enabled" do
+        Setting["feature.gdpr.require_consent_for_notifications"] = true
+
+        expect(build(:user).public_activity).to be false
+      end
+    end
+
    describe "#recommended_debates" do
      it "is true by default when the consent for notifications setting is disabled" do
        Setting["feature.gdpr.require_consent_for_notifications"] = false