Merge pull request #113 from grant-project/remove-profile
Keep user email addresses private
This commit is contained in:
commit
eecb6cdabc
|
@ -50,7 +50,7 @@ class CommentSchema(ma.Schema):
|
|||
)
|
||||
|
||||
date_created = ma.Method("get_date_created")
|
||||
author = ma.Nested("UserSchema", exclude=["email_address"])
|
||||
author = ma.Nested("UserSchema")
|
||||
replies = ma.Nested("CommentSchema", many=True)
|
||||
|
||||
def get_date_created(self, obj):
|
||||
|
|
|
@ -479,7 +479,7 @@ class ProposalContributionSchema(ma.Schema):
|
|||
)
|
||||
|
||||
proposal = ma.Nested("ProposalSchema")
|
||||
user = ma.Nested("UserSchema", exclude=["email_address"])
|
||||
user = ma.Nested("UserSchema")
|
||||
date_created = ma.Method("get_date_created")
|
||||
addresses = ma.Method("get_addresses")
|
||||
|
||||
|
|
|
@ -143,10 +143,6 @@ def get_proposals(stage):
|
|||
)
|
||||
dumped_proposals = proposals_schema.dump(proposals)
|
||||
return dumped_proposals
|
||||
# except Exception as e:
|
||||
# print(e)
|
||||
# print(traceback.format_exc())
|
||||
# return {"message": "Oops! Something went wrong."}, 500
|
||||
|
||||
|
||||
@blueprint.route("/drafts", methods=["POST"])
|
||||
|
|
|
@ -224,7 +224,7 @@ class User(db.Model, UserMixin):
|
|||
})
|
||||
|
||||
|
||||
class UserSchema(ma.Schema):
|
||||
class SelfUserSchema(ma.Schema):
|
||||
class Meta:
|
||||
model = User
|
||||
# Fields to expose
|
||||
|
@ -245,6 +245,30 @@ class UserSchema(ma.Schema):
|
|||
return obj.id
|
||||
|
||||
|
||||
self_user_schema = SelfUserSchema()
|
||||
self_users_schema = SelfUserSchema(many=True)
|
||||
|
||||
|
||||
class UserSchema(ma.Schema):
|
||||
class Meta:
|
||||
model = User
|
||||
# Fields to expose
|
||||
fields = (
|
||||
"title",
|
||||
"social_medias",
|
||||
"avatar",
|
||||
"display_name",
|
||||
"userid"
|
||||
)
|
||||
|
||||
social_medias = ma.Nested("SocialMediaSchema", many=True)
|
||||
avatar = ma.Nested("AvatarSchema")
|
||||
userid = ma.Method("get_userid")
|
||||
|
||||
def get_userid(self, obj):
|
||||
return obj.id
|
||||
|
||||
|
||||
user_schema = UserSchema()
|
||||
users_schema = UserSchema(many=True)
|
||||
|
||||
|
|
|
@ -25,8 +25,9 @@ from .models import (
|
|||
User,
|
||||
SocialMedia,
|
||||
Avatar,
|
||||
users_schema,
|
||||
self_user_schema,
|
||||
user_schema,
|
||||
users_schema,
|
||||
user_settings_schema,
|
||||
db
|
||||
)
|
||||
|
@ -58,7 +59,7 @@ def get_users(proposal_id):
|
|||
@requires_auth
|
||||
@endpoint.api()
|
||||
def get_me():
|
||||
dumped_user = user_schema.dump(g.current_user)
|
||||
dumped_user = self_user_schema.dump(g.current_user)
|
||||
return dumped_user
|
||||
|
||||
|
||||
|
@ -122,7 +123,7 @@ def create_user(
|
|||
title=title
|
||||
)
|
||||
user.login()
|
||||
result = user_schema.dump(user)
|
||||
result = self_user_schema.dump(user)
|
||||
return result, 201
|
||||
|
||||
|
||||
|
@ -138,7 +139,7 @@ def auth_user(email, password):
|
|||
if not existing_user.check_password(password):
|
||||
return {"message": "Invalid password"}, 403
|
||||
existing_user.login()
|
||||
return user_schema.dump(existing_user)
|
||||
return self_user_schema.dump(existing_user)
|
||||
|
||||
|
||||
@blueprint.route("/me/password", methods=["PUT"])
|
||||
|
@ -304,7 +305,7 @@ def update_user(user_id, display_name, title, social_medias, avatar):
|
|||
remove_avatar(old_avatar_url, user.id)
|
||||
|
||||
db.session.commit()
|
||||
result = user_schema.dump(user)
|
||||
result = self_user_schema.dump(user)
|
||||
return result
|
||||
|
||||
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
pytest==3.7.1
|
||||
WebTest==2.0.30
|
||||
factory-boy==2.11.1
|
||||
eth-tester[py-evm]==0.1.0b33
|
||||
|
||||
# Lint and code style
|
||||
flake8==3.5.0
|
||||
|
|
|
@ -108,3 +108,17 @@ class TestProposalAPI(BaseProposalCreatorConfig):
|
|||
self.proposal.status = PENDING # should be APPROVED
|
||||
resp = self.app.put("/api/v1/proposals/{}/publish".format(self.proposal.id))
|
||||
self.assert400(resp)
|
||||
|
||||
# /
|
||||
def test_get_proposals(self):
|
||||
self.test_publish_proposal_approved()
|
||||
resp = self.app.get("/api/v1/proposals/")
|
||||
self.assert200(resp)
|
||||
|
||||
def test_get_proposals_does_not_include_team_member_email_addresses(self):
|
||||
self.test_publish_proposal_approved()
|
||||
resp = self.app.get("/api/v1/proposals/")
|
||||
self.assert200(resp)
|
||||
for each_proposal in resp.json:
|
||||
for team_member in each_proposal["team"]:
|
||||
self.assertIsNone(team_member.get('email_address'))
|
||||
|
|
|
@ -63,7 +63,6 @@ class TestUserAPI(BaseUserConfig):
|
|||
}),
|
||||
content_type="application/json"
|
||||
)
|
||||
print(user_auth_resp.headers)
|
||||
self.assertEqual(user_auth_resp.json['emailAddress'], self.user.email_address)
|
||||
self.assertEqual(user_auth_resp.json['displayName'], self.user.display_name)
|
||||
|
||||
|
@ -76,20 +75,24 @@ class TestUserAPI(BaseUserConfig):
|
|||
}),
|
||||
content_type="application/json"
|
||||
)
|
||||
print(login_resp.headers)
|
||||
# should have session cookie now
|
||||
me_resp = self.app.get(
|
||||
"/api/v1/users/me"
|
||||
)
|
||||
print(me_resp.headers)
|
||||
self.assert200(me_resp)
|
||||
|
||||
def test_me_get_includes_email_address(self):
|
||||
self.login_default_user()
|
||||
me_resp = self.app.get(
|
||||
"/api/v1/users/me"
|
||||
)
|
||||
self.assert200(me_resp)
|
||||
self.assertIsNotNone(me_resp.json['emailAddress'])
|
||||
|
||||
def test_user_auth_required_fail(self):
|
||||
me_resp = self.app.get(
|
||||
"/api/v1/users/me",
|
||||
)
|
||||
print(me_resp.json)
|
||||
print(me_resp.headers)
|
||||
self.assert401(me_resp)
|
||||
|
||||
def test_user_auth_bad_password(self):
|
||||
|
|
|
@ -37,14 +37,6 @@ class ProfileUser extends React.Component<Props> {
|
|||
<div className="ProfileUser-info">
|
||||
<div className="ProfileUser-info-name">{user.displayName}</div>
|
||||
<div className="ProfileUser-info-title">{user.title}</div>
|
||||
<div>
|
||||
{user.emailAddress && (
|
||||
<div className="ProfileUser-info-address">
|
||||
<span>email address</span>
|
||||
{user.emailAddress}
|
||||
</div>
|
||||
)}
|
||||
</div>
|
||||
{socialMedias.length > 0 && (
|
||||
<div className="ProfileUser-info-social">
|
||||
{socialMedias.map(sm => (
|
||||
|
|
Loading…
Reference in New Issue