makes public activity toggleable

app/controllers/account_controller.rb

@@ -25,7 +25,7 @@ class AccountController < ApplicationController
       if @account.organization?
         params.require(:account).permit(:phone_number, :email_on_comment, :email_on_comment_reply, organization_attributes: [:name, :responsible_name])
       else
-        params.require(:account).permit(:username, :email_on_comment, :email_on_comment_reply)
+        params.require(:account).permit(:username, :public_activity, :email_on_comment, :email_on_comment_reply)
       end
     end
 

app/controllers/users_controller.rb

@@ -3,10 +3,8 @@ class UsersController < ApplicationController
 
   load_and_authorize_resource
 
-  before_action :set_activity_counts, only: :show
-
   def show
-    load_filtered_activity
+    load_filtered_activity if valid_access?
   end
 
   private
@@ -18,6 +16,7 @@ class UsersController < ApplicationController
     end
 
     def load_filtered_activity
+      set_activity_counts
       case params[:filter]
       when "proposals" then load_proposals
       when "debates"   then load_debates
@@ -51,4 +50,11 @@ class UsersController < ApplicationController
       @comments = Comment.where(user_id: @user.id).includes(:commentable).order(created_at: :desc).page(params[:page])
     end
 
+    def valid_access?
+      @user.public_activity || authorized_current_user?
+    end
+
+    def authorized_current_user?
+      @authorized_current_user ||= current_user && (current_user == @user || current_user.moderator? || current_user.administrator?)
+    end
 end

app/views/devise/menu/_login_items.html.erb

@@ -1,5 +1,8 @@
 <ul class="right">
   <% if user_signed_in? %>
+    <li>
+      <%= link_to(t("layouts.header.my_activity_link"), user_path(current_user)) %>
+    </li>
     <li>
       <%= link_to(t("layouts.header.my_account_link"), account_path) %>
     </li>

app/views/users/show.html.erb

@@ -4,6 +4,7 @@
 
       <h2><%= avatar_image(@user, seed: @user.id, size: 60) %> <%= @user.name %></h2>
 
+      <% if @user.public_activity || @authorized_current_user %>
         <dl class="sub-nav">
           <% @valid_filters.each do |filter| %>
             <% if @activity_counts[filter] > 0 %>
@@ -19,6 +20,9 @@
         </dl>
 
         <%= render "activity_page" %>
+      <% else %>
+        <p><%= t('users.show.private_activity') %></p>
+      <% end %>
 
     </div>
   </div>

config/locales/en.yml

@@ -283,6 +283,7 @@ en:
       title: "My account"
       save_changes_submit: "Save changes"
       change_credentials_link: "Change my credentials"
+      public_activity_label: "Keep my list of activities public"
       email_on_comment_label: "Notify me by email when someone comments on my proposals or debates"
       email_on_comment_reply_label: "Notify me by email when someone replies to my comments"
       erase_account_link: "Erase my account"
@@ -337,6 +338,7 @@ en:
           one: "1 Comment"
           other: "%{count} Comments"
       no_activity: "User has no public activity"
+      private_activity: "This user decided to keep the activity list private"
       comment_to: "Comment in: "
   unauthorized:
     default: "You do not have permission to access this page."

config/locales/es.yml

@@ -283,6 +283,7 @@ es:
       title: "Mi cuenta"
       save_changes_submit: "Guardar cambios"
       change_credentials_link: "Cambiar mis datos de acceso"
+      public_activity_label: "Mostrar públicamente mi lista de actividades"
       email_on_comment_label: "Recibir un email cuando alguien comenta en mis propuestas o debates"
       email_on_comment_reply_label: "Recibir un email cuando alguien contesta a mis comentarios"
       erase_account_link: "Darme de baja"
@@ -337,6 +338,7 @@ es:
           one: "1 Comentario"
           other: "%{count} Comentarios"
       no_activity: "Usuario sin actividad pública"
+      private_activity: "Este usuario ha decidido mantener en privado su lista de actividades"
       comment_to: "Comentario en: "
   unauthorized:
     default: "No tienes permiso para acceder a esta página."

db/migrate/20151103194329_add_public_activity_to_users.rb

@@ -0,0 +1,5 @@
+class AddPublicActivityToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :public_activity, :boolean, default: true
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20151103175139) do
+ActiveRecord::Schema.define(version: 20151103194329) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -306,6 +306,7 @@ ActiveRecord::Schema.define(version: 20151103175139) do
     t.datetime "level_two_verified_at"
     t.string   "erase_reason"
     t.datetime "erased_at"
+    t.boolean  "public_activity",                      default: true
   end
 
   add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree

spec/features/users_spec.rb

@@ -65,4 +65,69 @@ feature 'Users' do
 
   end
 
+  feature 'Public activity' do
+    background do
+      @user = create(:user)
+    end
+
+    scenario 'visible by default' do
+      visit user_path(@user)
+
+      expect(page).to have_content(@user.username)
+      expect(page).to_not have_content('activity list private')
+    end
+
+    scenario 'user can hide public page' do
+      login_as(@user)
+      visit account_path
+
+      uncheck 'account_public_activity'
+      click_button 'Save changes'
+
+      logout
+
+      visit user_path(@user)
+      expect(page).to have_content('activity list private')
+    end
+
+    scenario 'is always visible for the owner' do
+      login_as(@user)
+      visit account_path
+
+      uncheck 'account_public_activity'
+      click_button 'Save changes'
+
+      visit user_path(@user)
+      expect(page).to_not have_content('activity list private')
+    end
+
+    scenario 'is always visible for admins' do
+      login_as(@user)
+      visit account_path
+
+      uncheck 'account_public_activity'
+      click_button 'Save changes'
+
+      logout
+
+      login_as(create(:administrator).user)
+      visit user_path(@user)
+      expect(page).to_not have_content('activity list private')
+    end
+
+    scenario 'is always visible for moderators' do
+      login_as(@user)
+      visit account_path
+
+      uncheck 'account_public_activity'
+      click_button 'Save changes'
+
+      logout
+
+      login_as(create(:moderator).user)
+      visit user_path(@user)
+      expect(page).to_not have_content('activity list private')
+    end
+  end
+
 end