Skip to content
Permalink
Browse files Browse the repository at this point in the history
FIX: Hide user's bio if profile is restricted
The bio was sometimes visible in the meta tags even though it it should
not have been.
  • Loading branch information
nbianca authored and tgxworld committed Jan 5, 2022
1 parent 8d61b2c commit 5e2e178
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/guardian/user_guardian.rb
Expand Up @@ -101,7 +101,7 @@ def can_check_sso_details?(user)
end

def restrict_user_fields?(user)
user.trust_level == TrustLevel[0] && anonymous?
(user.trust_level == TrustLevel[0] && anonymous?) || !can_see_profile?(user)
end

def can_see_staff_info?(user)
Expand Down
10 changes: 10 additions & 0 deletions spec/requests/users_controller_spec.rb
Expand Up @@ -3674,6 +3674,16 @@ def create_and_like_post(likee, liker)
expect(response.body).to include(user1.username)
end

it "should not be able to view a private user profile" do
user1.user_profile.update!(bio_raw: "Hello world!")
user1.user_option.update!(hide_profile_and_presence: true)

get "/u/#{user1.username}"

expect(response.status).to eq(200)
expect(response.body).not_to include("Hello world!")
end

describe 'when username contains a period' do
before_all do
user1.update!(username: 'test.test')
Expand Down

0 comments on commit 5e2e178

Please sign in to comment.