From cdc7e2b9cc7d0560f08b6b1cc6b81af9b6aaf2a7 Mon Sep 17 00:00:00 2001 From: Andreas Nedbal Date: Sun, 13 Nov 2022 14:25:03 +0100 Subject: [PATCH 01/10] Add user requirement setting to user --- .../20221113110942_add_privacy_require_user_to_users.rb | 9 +++++++++ db/schema.rb | 1 + 2 files changed, 10 insertions(+) create mode 100644 db/migrate/20221113110942_add_privacy_require_user_to_users.rb diff --git a/db/migrate/20221113110942_add_privacy_require_user_to_users.rb b/db/migrate/20221113110942_add_privacy_require_user_to_users.rb new file mode 100644 index 00000000..3ccb7b74 --- /dev/null +++ b/db/migrate/20221113110942_add_privacy_require_user_to_users.rb @@ -0,0 +1,9 @@ +class AddPrivacyRequireUserToUsers < ActiveRecord::Migration[6.1] + def up + add_column :users, :privacy_require_user, :boolean, default: false + end + + def down + remove_column :users, :privacy_require_user + end +end diff --git a/db/schema.rb b/db/schema.rb index 3f035379..79ded6fa 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -301,6 +301,7 @@ ActiveRecord::Schema.define(version: 2022_08_20_163035) do t.string "otp_secret_key" t.integer "otp_module", default: 0, null: false t.datetime "deleted_at" + t.boolean "privacy_require_user", default: false t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true t.index ["deleted_at"], name: "index_users_on_deleted_at" t.index ["email"], name: "index_users_on_email", unique: true From 18b3ac641b78717560a670417b97645563ff44f7 Mon Sep 17 00:00:00 2001 From: Andreas Nedbal Date: Sun, 13 Nov 2022 14:26:03 +0100 Subject: [PATCH 02/10] Add user requirement setting to privacy settings --- app/controllers/settings/privacy_controller.rb | 3 ++- app/views/settings/privacy/edit.html.haml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/app/controllers/settings/privacy_controller.rb b/app/controllers/settings/privacy_controller.rb index f85201f1..038cba98 100644 --- a/app/controllers/settings/privacy_controller.rb +++ b/app/controllers/settings/privacy_controller.rb @@ -9,7 +9,8 @@ class Settings::PrivacyController < ApplicationController user_attributes = params.require(:user).permit(:privacy_allow_anonymous_questions, :privacy_allow_public_timeline, :privacy_allow_stranger_answers, - :privacy_show_in_search) + :privacy_show_in_search, + :privacy_require_user) if current_user.update(user_attributes) flash[:success] = t(".success") else diff --git a/app/views/settings/privacy/edit.html.haml b/app/views/settings/privacy/edit.html.haml index e2287aad..3a3f6168 100644 --- a/app/views/settings/privacy/edit.html.haml +++ b/app/views/settings/privacy/edit.html.haml @@ -2,6 +2,7 @@ .card-body = bootstrap_form_for(current_user, url: settings_privacy_path, method: :patch, data: { turbo: false }) do |f| = f.check_box :privacy_allow_anonymous_questions + = f.check_box :privacy_require_user = f.check_box :privacy_allow_public_timeline = f.check_box :privacy_allow_stranger_answers From 32d270113da7ef1b39e517367c697a769b66aae7 Mon Sep 17 00:00:00 2001 From: Andreas Nedbal Date: Sun, 13 Nov 2022 14:26:49 +0100 Subject: [PATCH 03/10] Check for users being logged in if a user requires it in questions --- lib/use_case/question/create.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/use_case/question/create.rb b/lib/use_case/question/create.rb index 7ec5b7fc..00545a98 100644 --- a/lib/use_case/question/create.rb +++ b/lib/use_case/question/create.rb @@ -14,6 +14,7 @@ module UseCase option :direct, type: Types::Params::Bool, default: proc { true } def call + check_user check_anonymous_rules check_blocks @@ -59,6 +60,10 @@ module UseCase raise Errors::AskingSelfBlockedOther if source_user.blocking?(target_user) end + def check_user + raise Errors::LoginRequired if target_user.privacy_require_user && !source_user_id + end + def increment_asked_count unless source_user_id && !anonymous && !direct # Only increment the asked count of the source user if the question From 16c6e7c0961dd6170aa091c902e619e034156e85 Mon Sep 17 00:00:00 2001 From: Andreas Nedbal Date: Sun, 13 Nov 2022 14:27:33 +0100 Subject: [PATCH 04/10] Show message in questionbox that users need to log in --- app/views/application/_questionbox.html.haml | 6 +++++- lib/errors.rb | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/app/views/application/_questionbox.html.haml b/app/views/application/_questionbox.html.haml index fd9ceb36..09183122 100644 --- a/app/views/application/_questionbox.html.haml +++ b/app/views/application/_questionbox.html.haml @@ -14,6 +14,9 @@ - elsif user_signed_in? && user.blocking?(current_user) .text-center %strong= t(".status.blocked") + - elsif !user_signed_in? && user.privacy_require_user? + .text-center + %strong= t(".status.require_user_html", sign_in: link_to(t("voc.login"), new_user_session_path), sign_up: link_to(t("voc.register"), new_user_registration_path)) - else - if user_signed_in? || user.privacy_allow_anonymous_questions? #question-box{ data: { controller: "character-count", "character-count-max-value": 512 }} @@ -51,4 +54,5 @@ .col-xs-12.col-sm-10.offset-sm-1.text-center %small= t(".promote.join", app_title: APP_CONFIG["site_name"]) - else - %p= raw t(".required", signup: link_to(t("voc.register"), new_user_registration_path)) + .text-center + %strong= t(".status.non_anonymous_html", sign_in: link_to(t("voc.login"), new_user_session_path), sign_up: link_to(t("voc.register"), new_user_registration_path)) diff --git a/lib/errors.rb b/lib/errors.rb index 5414f7f8..1a887285 100644 --- a/lib/errors.rb +++ b/lib/errors.rb @@ -51,6 +51,9 @@ module Errors class Blocked < Forbidden end + class LoginRequired < Forbidden + end + class OtherBlockedSelf < Blocked end From a705543d89df19d768b4dadcb9d22e1dd712dcb0 Mon Sep 17 00:00:00 2001 From: Andreas Nedbal Date: Sun, 13 Nov 2022 14:28:03 +0100 Subject: [PATCH 05/10] Add locales for user requirement setting and views --- config/locales/activerecord.en.yml | 1 + config/locales/errors.en.yml | 2 ++ config/locales/views.en.yml | 7 ++++++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/config/locales/activerecord.en.yml b/config/locales/activerecord.en.yml index cb5881a7..8be68c2c 100644 --- a/config/locales/activerecord.en.yml +++ b/config/locales/activerecord.en.yml @@ -68,6 +68,7 @@ en: password: "Password" password_confirmation: "Confirm your password" privacy_allow_anonymous_questions: "Allow anonymous questions" + privacy_require_user: "Require users to be logged in to ask you questions" privacy_allow_public_timeline: "Show your answers in the public timeline" privacy_allow_stranger_answers: "Allow other people to answer your questions" profile_picture: "Profile picture" diff --git a/config/locales/errors.en.yml b/config/locales/errors.en.yml index c00de3cd..339bcec5 100644 --- a/config/locales/errors.en.yml +++ b/config/locales/errors.en.yml @@ -33,3 +33,5 @@ en: invalid_parameter: "Invalid parameter" record_not_found: "Record not found" + + login_required: "You need to be logged in to perform this action" diff --git a/config/locales/views.en.yml b/config/locales/views.en.yml index 732e4891..d5cfe7cd 100644 --- a/config/locales/views.en.yml +++ b/config/locales/views.en.yml @@ -110,7 +110,6 @@ en: hide: "Answered by" questionbox: title: "Ask something!" - required: "This user does not want to get asked by strangers. Why don't you %{signup}?" placeholder: "Type your question here…" anonymous: "Hide your name" load: "Asking…" @@ -123,6 +122,12 @@ en: banned: "This user got hit with ye olde banhammer." blocking: "You are blocking this user." blocked: "This user has blocked you." + require_user_html: | + This user requires others to be logged in to ask questions.
+ (%{sign_in} or %{sign_up}) + non_anonymous_html: | + This user does not want to receive anonymous questions.
+ (%{sign_in} or %{sign_up}) devise: registrations: edit: From 93fcebe6c0202057b971fccbf0ddc51e4e2f73ec Mon Sep 17 00:00:00 2001 From: Andreas Nedbal Date: Sun, 13 Nov 2022 14:28:24 +0100 Subject: [PATCH 06/10] Add tests for user requirement in questions --- spec/lib/use_case/question/create_spec.rb | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/spec/lib/use_case/question/create_spec.rb b/spec/lib/use_case/question/create_spec.rb index 79ae1aca..f4205b95 100644 --- a/spec/lib/use_case/question/create_spec.rb +++ b/spec/lib/use_case/question/create_spec.rb @@ -175,6 +175,19 @@ describe UseCase::Question::Create do it_behaves_like "invalid params" end end + + context "target user does not allow non-logged in questions" do + let(:allow_anon) { true } + let(:anonymous) { true } + let(:content) { "Hello world" } + let(:author_identifier) { "qwerty" } + + before do + target_user.update!(privacy_require_user: true) + end + + it_behaves_like "forbidden" + end end end end From 9393374eab702765a8baba187c2b29e9bb8b12a6 Mon Sep 17 00:00:00 2001 From: Andreas Nedbal Date: Sun, 13 Nov 2022 14:38:11 +0100 Subject: [PATCH 07/10] `LoginRequired` -> `NotAuthorized` --- config/locales/errors.en.yml | 2 +- lib/errors.rb | 9 ++++++--- lib/use_case/question/create.rb | 2 +- spec/lib/use_case/question/create_spec.rb | 8 +++++++- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/config/locales/errors.en.yml b/config/locales/errors.en.yml index 339bcec5..6624e7e7 100644 --- a/config/locales/errors.en.yml +++ b/config/locales/errors.en.yml @@ -34,4 +34,4 @@ en: record_not_found: "Record not found" - login_required: "You need to be logged in to perform this action" + not_authorized: "You need to be logged in to perform this action" diff --git a/lib/errors.rb b/lib/errors.rb index 1a887285..a1b1cdba 100644 --- a/lib/errors.rb +++ b/lib/errors.rb @@ -44,6 +44,12 @@ module Errors end end + class NotAuthorized < Base + def status + 401 + end + end + class UserNotFound < NotFound end @@ -51,9 +57,6 @@ module Errors class Blocked < Forbidden end - class LoginRequired < Forbidden - end - class OtherBlockedSelf < Blocked end diff --git a/lib/use_case/question/create.rb b/lib/use_case/question/create.rb index 00545a98..4cf426ee 100644 --- a/lib/use_case/question/create.rb +++ b/lib/use_case/question/create.rb @@ -61,7 +61,7 @@ module UseCase end def check_user - raise Errors::LoginRequired if target_user.privacy_require_user && !source_user_id + raise Errors::NotAuthorized if target_user.privacy_require_user && !source_user_id end def increment_asked_count diff --git a/spec/lib/use_case/question/create_spec.rb b/spec/lib/use_case/question/create_spec.rb index f4205b95..23972032 100644 --- a/spec/lib/use_case/question/create_spec.rb +++ b/spec/lib/use_case/question/create_spec.rb @@ -44,6 +44,12 @@ describe UseCase::Question::Create do end end + shared_examples "not authorized" do + it "raises an error" do + expect { subject }.to raise_error(Errors::NotAuthorized) + end + end + shared_examples "validates content" do context "content is empty" do let(:content) { "" } @@ -186,7 +192,7 @@ describe UseCase::Question::Create do target_user.update!(privacy_require_user: true) end - it_behaves_like "forbidden" + it_behaves_like "not authorized" end end end From 1fd50daa2281918d96db765abe076b7203ddcdf4 Mon Sep 17 00:00:00 2001 From: Andreas Nedbal Date: Sun, 13 Nov 2022 14:39:32 +0100 Subject: [PATCH 08/10] Update schema version --- db/schema.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/db/schema.rb b/db/schema.rb index 79ded6fa..e9e00eba 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,6 +11,7 @@ # It's strongly recommended that you check this file into your version control system. ActiveRecord::Schema.define(version: 2022_08_20_163035) do +ActiveRecord::Schema.define(version: 2022_11_13_110942) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" From 3569cb335cb7a15fd85b3321878ff0f439fd0d60 Mon Sep 17 00:00:00 2001 From: Andreas Nedbal Date: Sun, 13 Nov 2022 14:40:34 +0100 Subject: [PATCH 09/10] Add frozen string literal comment --- db/migrate/20221113110942_add_privacy_require_user_to_users.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/db/migrate/20221113110942_add_privacy_require_user_to_users.rb b/db/migrate/20221113110942_add_privacy_require_user_to_users.rb index 3ccb7b74..74e2fed7 100644 --- a/db/migrate/20221113110942_add_privacy_require_user_to_users.rb +++ b/db/migrate/20221113110942_add_privacy_require_user_to_users.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class AddPrivacyRequireUserToUsers < ActiveRecord::Migration[6.1] def up add_column :users, :privacy_require_user, :boolean, default: false From 240092be6cdcfcf058d7efa701b64e6477cc64bd Mon Sep 17 00:00:00 2001 From: Andreas Nedbal Date: Sun, 13 Nov 2022 14:46:40 +0100 Subject: [PATCH 10/10] Fix schema --- db/schema.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/db/schema.rb b/db/schema.rb index e9e00eba..9363de00 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,6 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2022_08_20_163035) do ActiveRecord::Schema.define(version: 2022_11_13_110942) do # These are extensions that must be enabled in order to support this database