Merge 0f63f1c into 0f375d7

Scifabric · Jan 24, 2017 · 0e6552f · 0e6552f
2 parents 0f375d7 + 0f63f1c
commit 0e6552f
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 2 deletions.
diff --git a/doc/api.rst b/doc/api.rst
@@ -873,6 +873,28 @@ Example of logged in user:
         }
     }
 
+Account profile
+~~~~~~~~~~~~
+**Endpoint: /account/profile
+
+*Allowed methods*: **GET**
+
+**GET**
+
+If logged in you will get the same information as on /account/<name> (see above). If you are not logged in you will get the following example output
+
+**Example output**
+
+If you are not logged in you will get this output:
+
+**Example output**
+
+.. code-block:: python
+    {
+      "next": "/account/signin",
+      "status": "not_signed_in"
+    }
+
 Account update profile
 ~~~~~~~~~~~~~~~~~~~~~~
 **Endpoint: /account/<name>/update**

diff --git a/pybossa/view/account.py b/pybossa/view/account.py
@@ -295,8 +295,11 @@ def _update_user_with_valid_email(user, email_addr):
 def redirect_profile():
     """Redirect method for profile."""
     if current_user.is_anonymous():  # pragma: no cover
-        return redirect(url_for('.signin'))
-    return redirect(url_for('.profile', name=current_user.name), 302)
+        return redirect_content_type(url_for('.signin'), status='not_signed_in')
+    if (request.headers['Content-Type'] == 'application/json') and current_user.is_authenticated():
+        return _show_own_profile(current_user)
+    else:
+        return redirect_content_type(url_for('.profile', name=current_user.name))
 
 
 @blueprint.route('/<name>/', methods=['GET'])

diff --git a/test/test_privacy.py b/test/test_privacy.py
@@ -265,6 +265,19 @@ def test_07_user_public_profile_json(self):
         err_msg = 'tutorial should not be public'
         assert 'tutorial' not in project['info'], err_msg
 
+    @with_context
+    def test_08_user_public_profile_json(self):
+        '''Test PRIVACY user public profile privacy is respected for API access'''
+        # As Anonymous user
+        url = '/account/profile'
+        # Use a full url to avoid redirection on API access.
+        full_url = 'http://localhost%s/' % url
+        res = self.app.get(full_url, content_type='application/json')
+        data = json.loads(res.data)
+        err_msg = 'no information should be shown here'
+        assert 'user' not in data, err_msg
+        assert 'projects' not in data, err_msg
+
 
 class TestPrivacyWebPrivacy(web_helper.Helper):
 

diff --git a/test/test_web.py b/test/test_web.py
@@ -4192,6 +4192,16 @@ def test_71_public_user_profile_json(self):
         err_msg = 'there should not be a user id'
         assert 'id' not in data['user'], err_msg
 
+    @with_context
+    def test_72_profile_url_json(self):
+        """Test JSON WEB public user profile works"""
+
+        res = self.app.get('/account/profile',
+                           content_type='application/json')
+        assert res.status_code == 200, res.status_code
+        data = json.loads(res.data)
+        assert data['next'] == '/account/signin'
+        assert data['status'] == 'not_signed_in'
 
     @with_context
     @patch('pybossa.view.projects.uploader.upload_file', return_value=True)