FIX: Don't show profile pages for inactive users and don't show them in

search results.
This commit is contained in:
Robin Ward 2014-08-13 13:30:25 -04:00
parent 106aed9dd3
commit 9a1580244a
7 changed files with 15 additions and 6 deletions

View File

@ -216,7 +216,7 @@ class ApplicationController < ActionController::Base
user = if params[:username] user = if params[:username]
username_lower = params[:username].downcase username_lower = params[:username].downcase
username_lower.gsub!(/\.json$/, '') username_lower.gsub!(/\.json$/, '')
User.find_by(username_lower: username_lower) User.find_by(username_lower: username_lower, active: true)
elsif params[:external_id] elsif params[:external_id]
SingleSignOnRecord.find_by(external_id: params[:external_id]).try(:user) SingleSignOnRecord.find_by(external_id: params[:external_id]).try(:user)
end end

View File

@ -12,6 +12,8 @@ class UserSearch
def search def search
users = User.order(User.sql_fragment("CASE WHEN username_lower = ? THEN 0 ELSE 1 END ASC", @term.downcase)) users = User.order(User.sql_fragment("CASE WHEN username_lower = ? THEN 0 ELSE 1 END ASC", @term.downcase))
users = users.where(active: true)
if @term.present? if @term.present?
if SiteSetting.enable_names? if SiteSetting.enable_names?
query = Search.ts_query(@term, "simple") query = Search.ts_query(@term, "simple")

View File

@ -19,6 +19,12 @@ describe UsersController do
response.should_not be_success response.should_not be_success
end end
it 'returns not found when the user is inactive' do
inactive = Fabricate(:user, active: false)
xhr :get, :show, username: inactive.username
response.should_not be_success
end
it "raises an error on invalid access" do it "raises an error on invalid access" do
Guardian.any_instance.expects(:can_see?).with(user).returns(false) Guardian.any_instance.expects(:can_see?).with(user).returns(false)
xhr :get, :show, username: user.username xhr :get, :show, username: user.username

View File

@ -8,6 +8,7 @@ Fabricator(:user) do
password 'myawesomepassword' password 'myawesomepassword'
trust_level TrustLevel.levels[:basic] trust_level TrustLevel.levels[:basic]
ip_address { sequence(:ip_address) { |i| "99.232.23.#{i%254}"} } ip_address { sequence(:ip_address) { |i| "99.232.23.#{i%254}"} }
active true
end end
Fabricator(:coding_horror, from: :user) do Fabricator(:coding_horror, from: :user) do
@ -58,7 +59,6 @@ Fabricator(:active_user, from: :user) do
email { sequence(:email) { |i| "luke#{i}@skywalker.com" } } email { sequence(:email) { |i| "luke#{i}@skywalker.com" } }
password 'myawesomepassword' password 'myawesomepassword'
trust_level TrustLevel.levels[:basic] trust_level TrustLevel.levels[:basic]
active true
after_create do |user| after_create do |user|
user.user_profile.bio_raw = "Don't ask me about my dad!" user.user_profile.bio_raw = "Don't ask me about my dad!"

View File

@ -42,7 +42,7 @@ describe Jobs::EnqueueDigestEmails do
end end
context "inactive user" do context "inactive user" do
let!(:inactive_user) { Fabricate(:user) } let!(:inactive_user) { Fabricate(:user, active: false) }
it "doesn't return users who have been emailed recently" do it "doesn't return users who have been emailed recently" do
Jobs::EnqueueDigestEmails.new.target_user_ids.include?(inactive_user.id).should be_false Jobs::EnqueueDigestEmails.new.target_user_ids.include?(inactive_user.id).should be_false

View File

@ -11,6 +11,7 @@ describe UserSearch do
let(:user4) { Fabricate :user, username: "mrpink", name: "Steve Buscemi", last_seen_at: 7.days.ago } let(:user4) { Fabricate :user, username: "mrpink", name: "Steve Buscemi", last_seen_at: 7.days.ago }
let(:user5) { Fabricate :user, username: "mrbrown", name: "Quentin Tarantino", last_seen_at: 6.days.ago } let(:user5) { Fabricate :user, username: "mrbrown", name: "Quentin Tarantino", last_seen_at: 6.days.ago }
let(:user6) { Fabricate :user, username: "mrwhite", name: "Harvey Keitel", last_seen_at: 5.days.ago } let(:user6) { Fabricate :user, username: "mrwhite", name: "Harvey Keitel", last_seen_at: 5.days.ago }
let!(:inactive) { Fabricate :user, username: "Ghost", active: false }
let(:admin) { Fabricate :admin, username: "theadmin" } let(:admin) { Fabricate :admin, username: "theadmin" }
let(:moderator) { Fabricate :moderator, username: "themod" } let(:moderator) { Fabricate :moderator, username: "themod" }
@ -103,12 +104,13 @@ describe UserSearch do
results = search_for("Tarantino") results = search_for("Tarantino")
results.size.should == 0 results.size.should == 0
# find an exact match first # find an exact match first
results = search_for("mrB") results = search_for("mrB")
results.first.should == user1 results.first.should == user1
# don't return inactive users
results = search_for("Ghost")
results.should be_blank
end end
end end

View File

@ -205,7 +205,6 @@ describe User do
it { should be_valid } it { should be_valid }
it { should_not be_admin } it { should_not be_admin }
it { should_not be_active }
it { should_not be_approved } it { should_not be_approved }
its(:approved_at) { should be_blank } its(:approved_at) { should be_blank }
its(:approved_by_id) { should be_blank } its(:approved_by_id) { should be_blank }