Invert hide email logic to be possitive by default.

[simi]

This is motivated by #3287 and is initial pull request in serie. For now my intention is to revert the wording and logic in app. Email should be private by default and user should opt-in to make it public if welcomed.

This is currently true in app logic, but the wording around seems opposite. Also it is not known during registration if email is going to be publicly visible. With this change it should be clear.

In next step I would like to introduce additional checkbox to opt-in into using gravatar to handle #3278 and #3287.

And in the end I would like to inline profile edit form and sign-up form into one partial providing all options and columns in both. IMHO there is big chance to get even optional fields like Twitter handle filled during registration. It seems bad UX to register with just few fields and need to complete profile at profile edit page (since there is currently no way to let new user know profile could be completed later).

In the end I would like to revisit some users columns and add NOT NULL constraint (for example to public_email one), to prevent potential 3 states on boolean column.

---

• renames hide_email boolean into public_email
• makes email hidden by default
• add option to optionally show email in public profile during registration

new checkbox in sign up form

/cc @damien @jchestershopify

[codecov]

Codecov Report

Merging #3731 (3dd8311) into master (da7ac20) will decrease coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #3731      +/-   ##
==========================================
- Coverage   99.01%   99.01%   -0.01%     
==========================================
  Files         271      270       -1     
  Lines        6197     6189       -8     
==========================================
- Hits         6136     6128       -8     
  Misses         61       61              

Files Changed	Coverage Δ
app/avo/resources/user_resource.rb	100.00% <100.00%> (ø)
app/controllers/profiles_controller.rb	100.00% <100.00%> (ø)
app/models/user.rb	100.00% <100.00%> (ø)

[damien]

I'm not a core contributor and likewise cannot approve this myself, but I do think this is a great idea. Changes seem straightforward and this is mainly a semantic change that simplifies logic around public/private emails.

[indirect]

looks good to me 👍🏻

[segiddins]

I would prefer we do this in multiple steps:

1. add new public_email column
2. dual write both columns
3. backfill new column
4. read only from new column
5. delete old column

otherwise, there is the potential that any mistake will leave us with irrecoverable data changes

[simi]

If I understand it well, whole up/down blocks are wrapped in transaction and PostgreSQL schema is mostly transactional. That means whole block is executed (or nothing) leaving no space for unpredictable state. 🤔 But I can change to suggested format if needed.

[jenshenny]

I don't feel too strongly but I also prefer to split these kinds of data changes into multiple steps as @segiddins described.

[simi]

@segiddins I'm about to merge this. If I understand it well (by recent experience), we will need to do it exactly as you mentioned (using ignored_columns trick) to make smooth deployment. Can you confirm please? I'll update the PR.

[segiddins]

please rebase & see if strong_migrations errors

[simi]

It does not by default, since this migration has old timestamp. But setting StrongMigrations.start_after = 0 and trying to run this migration errors thanks to strong_migrations.

[jenshenny]

Thanks @simi! This and the future steps makes sense to me.

[simi]

ℹ️ this needs to be merged after #4035 (it is included in this PR as well to keep it together) is deployed and related task finishes.

EDIT: #4035 got merged and this PR got rebased

[martinemde]

I can't comment on the audits but the code looks more clear. If we need to keep a hide_email method around for audits, that's not a big deal.

[simi]

I can't comment on the audits but the code looks more clear. If we need to keep a hide_email method around for audits, that's not a big deal.

There will be additional PR to remove the column. We can check how that affects auditing feature and what we can do about that to not block unrelated changes (like this) by auditing feature.