Skip to content

Commit 5e2e178

Browse files
nbiancatgxworld
authored andcommitted
FIX: Hide user's bio if profile is restricted
The bio was sometimes visible in the meta tags even though it it should not have been.
1 parent 8d61b2c commit 5e2e178

File tree

2 files changed

+11
-1
lines changed

2 files changed

+11
-1
lines changed

Diff for: lib/guardian/user_guardian.rb

+1-1
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,7 @@ def can_check_sso_details?(user)
101101
end
102102

103103
def restrict_user_fields?(user)
104-
user.trust_level == TrustLevel[0] && anonymous?
104+
(user.trust_level == TrustLevel[0] && anonymous?) || !can_see_profile?(user)
105105
end
106106

107107
def can_see_staff_info?(user)

Diff for: spec/requests/users_controller_spec.rb

+10
Original file line numberDiff line numberDiff line change
@@ -3674,6 +3674,16 @@ def create_and_like_post(likee, liker)
36743674
expect(response.body).to include(user1.username)
36753675
end
36763676

3677+
it "should not be able to view a private user profile" do
3678+
user1.user_profile.update!(bio_raw: "Hello world!")
3679+
user1.user_option.update!(hide_profile_and_presence: true)
3680+
3681+
get "/u/#{user1.username}"
3682+
3683+
expect(response.status).to eq(200)
3684+
expect(response.body).not_to include("Hello world!")
3685+
end
3686+
36773687
describe 'when username contains a period' do
36783688
before_all do
36793689
user1.update!(username: 'test.test')

0 commit comments

Comments
 (0)