makes public activity toggleable

2015-11-04 13:47:55 +01:00
parent 6d26901f9f
commit f57eef4929
9 changed files with 105 additions and 17 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -25,7 +25,7 @@ class AccountController < ApplicationController
      if @account.organization?
        params.require(:account).permit(:phone_number, :email_on_comment, :email_on_comment_reply, organization_attributes: [:name, :responsible_name])
      else
-        params.require(:account).permit(:username, :email_on_comment, :email_on_comment_reply)
+        params.require(:account).permit(:username, :public_activity, :email_on_comment, :email_on_comment_reply)
      end
    end

--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -3,10 +3,8 @@ class UsersController < ApplicationController

  load_and_authorize_resource

-  before_action :set_activity_counts, only: :show
-
  def show
-    load_filtered_activity
+    load_filtered_activity if valid_access?
  end

  private
@@ -18,6 +16,7 @@ class UsersController < ApplicationController
    end

    def load_filtered_activity
+      set_activity_counts
      case params[:filter]
      when "proposals" then load_proposals
      when "debates"   then load_debates
@@ -51,4 +50,11 @@ class UsersController < ApplicationController
      @comments = Comment.where(user_id: @user.id).includes(:commentable).order(created_at: :desc).page(params[:page])
    end

+    def valid_access?
+      @user.public_activity || authorized_current_user?
+    end
+
+    def authorized_current_user?
+      @authorized_current_user ||= current_user && (current_user == @user || current_user.moderator? || current_user.administrator?)
+    end
 end
--- a/app/views/devise/menu/_login_items.html.erb
+++ b/app/views/devise/menu/_login_items.html.erb
@@ -1,5 +1,8 @@
 <ul class="right">
  <% if user_signed_in? %>
+    <li>
+      <%= link_to(t("layouts.header.my_activity_link"), user_path(current_user)) %>
+    </li>
    <li>
      <%= link_to(t("layouts.header.my_account_link"), account_path) %>
    </li>
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -4,6 +4,7 @@

      <h2><%= avatar_image(@user, seed: @user.id, size: 60) %> <%= @user.name %></h2>

+      <% if @user.public_activity || @authorized_current_user %>
        <dl class="sub-nav">
          <% @valid_filters.each do |filter| %>
            <% if @activity_counts[filter] > 0 %>
@@ -19,6 +20,9 @@
        </dl>

        <%= render "activity_page" %>
+      <% else %>
+        <p><%= t('users.show.private_activity') %></p>
+      <% end %>

    </div>
  </div>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -283,6 +283,7 @@ en:
      title: "My account"
      save_changes_submit: "Save changes"
      change_credentials_link: "Change my credentials"
+      public_activity_label: "Keep my list of activities public"
      email_on_comment_label: "Notify me by email when someone comments on my proposals or debates"
      email_on_comment_reply_label: "Notify me by email when someone replies to my comments"
      erase_account_link: "Erase my account"
@@ -337,6 +338,7 @@ en:
          one: "1 Comment"
          other: "%{count} Comments"
      no_activity: "User has no public activity"
+      private_activity: "This user decided to keep the activity list private"
      comment_to: "Comment in: "
  unauthorized:
    default: "You do not have permission to access this page."
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -283,6 +283,7 @@ es:
      title: "Mi cuenta"
      save_changes_submit: "Guardar cambios"
      change_credentials_link: "Cambiar mis datos de acceso"
+      public_activity_label: "Mostrar públicamente mi lista de actividades"
      email_on_comment_label: "Recibir un email cuando alguien comenta en mis propuestas o debates"
      email_on_comment_reply_label: "Recibir un email cuando alguien contesta a mis comentarios"
      erase_account_link: "Darme de baja"
@@ -337,6 +338,7 @@ es:
          one: "1 Comentario"
          other: "%{count} Comentarios"
      no_activity: "Usuario sin actividad pública"
+      private_activity: "Este usuario ha decidido mantener en privado su lista de actividades"
      comment_to: "Comentario en: "
  unauthorized:
    default: "No tienes permiso para acceder a esta página."
--- a/db/migrate/20151103194329_add_public_activity_to_users.rb
+++ b/db/migrate/20151103194329_add_public_activity_to_users.rb
@@ -0,0 +1,5 @@
+class AddPublicActivityToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :public_activity, :boolean, default: true
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20151103175139) do
+ActiveRecord::Schema.define(version: 20151103194329) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -306,6 +306,7 @@ ActiveRecord::Schema.define(version: 20151103175139) do
    t.datetime "level_two_verified_at"
    t.string   "erase_reason"
    t.datetime "erased_at"
+    t.boolean  "public_activity",                      default: true
  end

  add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree
--- a/spec/features/users_spec.rb
+++ b/spec/features/users_spec.rb
@@ -65,4 +65,69 @@ feature 'Users' do

  end

+  feature 'Public activity' do
+    background do
+      @user = create(:user)
+    end
+
+    scenario 'visible by default' do
+      visit user_path(@user)
+
+      expect(page).to have_content(@user.username)
+      expect(page).to_not have_content('activity list private')
+    end
+
+    scenario 'user can hide public page' do
+      login_as(@user)
+      visit account_path
+
+      uncheck 'account_public_activity'
+      click_button 'Save changes'
+
+      logout
+
+      visit user_path(@user)
+      expect(page).to have_content('activity list private')
+    end
+
+    scenario 'is always visible for the owner' do
+      login_as(@user)
+      visit account_path
+
+      uncheck 'account_public_activity'
+      click_button 'Save changes'
+
+      visit user_path(@user)
+      expect(page).to_not have_content('activity list private')
+    end
+
+    scenario 'is always visible for admins' do
+      login_as(@user)
+      visit account_path
+
+      uncheck 'account_public_activity'
+      click_button 'Save changes'
+
+      logout
+
+      login_as(create(:administrator).user)
+      visit user_path(@user)
+      expect(page).to_not have_content('activity list private')
+    end
+
+    scenario 'is always visible for moderators' do
+      login_as(@user)
+      visit account_path
+
+      uncheck 'account_public_activity'
+      click_button 'Save changes'
+
+      logout
+
+      login_as(create(:moderator).user)
+      visit user_path(@user)
+      expect(page).to_not have_content('activity list private')
+    end
+  end
+
 end