github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-05 14:07:30 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Hide user profiles from public

Browse Source 
User profiles, including the summary, should be private to anonymous
users if hide_user_profiles_from_public is enabled.
This commit is contained in:
Bianca Nenciu
2023-09-27 20:10:26 +03:00
committed by Penar Musaraj
parent 6350ba2cb3
commit 76bdea5ce2
3 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
spec/requests/users_controller_spec.rb
View File

@ -4151,6 +4151,24 @@ RSpec.describe UsersController do
expect(json["user_summary"]["post_count"]).to eq(0)
end
context "when `hide_user_profiles_from_public` site setting is enabled" do
before { SiteSetting.hide_user_profiles_from_public = true }
it "returns 200 for logged in users" do
sign_in(Fabricate(:user))
get "/u/#{user.username_lower}/summary.json"
expect(response.status).to eq(200)
end
it "returns 403 for anonymous users" do
get "/u/#{user.username_lower}/summary.json"
expect(response.status).to eq(403)
end
end
context "when `hide_profile_and_presence` user option is checked" do
before_all { user1.user_option.update_columns(hide_profile_and_presence: true) }