FIX: Don't show profile pages for inactive users and don't show them in
search results.
This commit is contained in:
parent
106aed9dd3
commit
9a1580244a
|
@ -216,7 +216,7 @@ class ApplicationController < ActionController::Base
|
||||||
user = if params[:username]
|
user = if params[:username]
|
||||||
username_lower = params[:username].downcase
|
username_lower = params[:username].downcase
|
||||||
username_lower.gsub!(/\.json$/, '')
|
username_lower.gsub!(/\.json$/, '')
|
||||||
User.find_by(username_lower: username_lower)
|
User.find_by(username_lower: username_lower, active: true)
|
||||||
elsif params[:external_id]
|
elsif params[:external_id]
|
||||||
SingleSignOnRecord.find_by(external_id: params[:external_id]).try(:user)
|
SingleSignOnRecord.find_by(external_id: params[:external_id]).try(:user)
|
||||||
end
|
end
|
||||||
|
|
|
@ -12,6 +12,8 @@ class UserSearch
|
||||||
def search
|
def search
|
||||||
users = User.order(User.sql_fragment("CASE WHEN username_lower = ? THEN 0 ELSE 1 END ASC", @term.downcase))
|
users = User.order(User.sql_fragment("CASE WHEN username_lower = ? THEN 0 ELSE 1 END ASC", @term.downcase))
|
||||||
|
|
||||||
|
users = users.where(active: true)
|
||||||
|
|
||||||
if @term.present?
|
if @term.present?
|
||||||
if SiteSetting.enable_names?
|
if SiteSetting.enable_names?
|
||||||
query = Search.ts_query(@term, "simple")
|
query = Search.ts_query(@term, "simple")
|
||||||
|
|
|
@ -19,6 +19,12 @@ describe UsersController do
|
||||||
response.should_not be_success
|
response.should_not be_success
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'returns not found when the user is inactive' do
|
||||||
|
inactive = Fabricate(:user, active: false)
|
||||||
|
xhr :get, :show, username: inactive.username
|
||||||
|
response.should_not be_success
|
||||||
|
end
|
||||||
|
|
||||||
it "raises an error on invalid access" do
|
it "raises an error on invalid access" do
|
||||||
Guardian.any_instance.expects(:can_see?).with(user).returns(false)
|
Guardian.any_instance.expects(:can_see?).with(user).returns(false)
|
||||||
xhr :get, :show, username: user.username
|
xhr :get, :show, username: user.username
|
||||||
|
|
|
@ -8,6 +8,7 @@ Fabricator(:user) do
|
||||||
password 'myawesomepassword'
|
password 'myawesomepassword'
|
||||||
trust_level TrustLevel.levels[:basic]
|
trust_level TrustLevel.levels[:basic]
|
||||||
ip_address { sequence(:ip_address) { |i| "99.232.23.#{i%254}"} }
|
ip_address { sequence(:ip_address) { |i| "99.232.23.#{i%254}"} }
|
||||||
|
active true
|
||||||
end
|
end
|
||||||
|
|
||||||
Fabricator(:coding_horror, from: :user) do
|
Fabricator(:coding_horror, from: :user) do
|
||||||
|
@ -58,7 +59,6 @@ Fabricator(:active_user, from: :user) do
|
||||||
email { sequence(:email) { |i| "luke#{i}@skywalker.com" } }
|
email { sequence(:email) { |i| "luke#{i}@skywalker.com" } }
|
||||||
password 'myawesomepassword'
|
password 'myawesomepassword'
|
||||||
trust_level TrustLevel.levels[:basic]
|
trust_level TrustLevel.levels[:basic]
|
||||||
active true
|
|
||||||
|
|
||||||
after_create do |user|
|
after_create do |user|
|
||||||
user.user_profile.bio_raw = "Don't ask me about my dad!"
|
user.user_profile.bio_raw = "Don't ask me about my dad!"
|
||||||
|
|
|
@ -42,7 +42,7 @@ describe Jobs::EnqueueDigestEmails do
|
||||||
end
|
end
|
||||||
|
|
||||||
context "inactive user" do
|
context "inactive user" do
|
||||||
let!(:inactive_user) { Fabricate(:user) }
|
let!(:inactive_user) { Fabricate(:user, active: false) }
|
||||||
|
|
||||||
it "doesn't return users who have been emailed recently" do
|
it "doesn't return users who have been emailed recently" do
|
||||||
Jobs::EnqueueDigestEmails.new.target_user_ids.include?(inactive_user.id).should be_false
|
Jobs::EnqueueDigestEmails.new.target_user_ids.include?(inactive_user.id).should be_false
|
||||||
|
|
|
@ -11,6 +11,7 @@ describe UserSearch do
|
||||||
let(:user4) { Fabricate :user, username: "mrpink", name: "Steve Buscemi", last_seen_at: 7.days.ago }
|
let(:user4) { Fabricate :user, username: "mrpink", name: "Steve Buscemi", last_seen_at: 7.days.ago }
|
||||||
let(:user5) { Fabricate :user, username: "mrbrown", name: "Quentin Tarantino", last_seen_at: 6.days.ago }
|
let(:user5) { Fabricate :user, username: "mrbrown", name: "Quentin Tarantino", last_seen_at: 6.days.ago }
|
||||||
let(:user6) { Fabricate :user, username: "mrwhite", name: "Harvey Keitel", last_seen_at: 5.days.ago }
|
let(:user6) { Fabricate :user, username: "mrwhite", name: "Harvey Keitel", last_seen_at: 5.days.ago }
|
||||||
|
let!(:inactive) { Fabricate :user, username: "Ghost", active: false }
|
||||||
let(:admin) { Fabricate :admin, username: "theadmin" }
|
let(:admin) { Fabricate :admin, username: "theadmin" }
|
||||||
let(:moderator) { Fabricate :moderator, username: "themod" }
|
let(:moderator) { Fabricate :moderator, username: "themod" }
|
||||||
|
|
||||||
|
@ -103,12 +104,13 @@ describe UserSearch do
|
||||||
results = search_for("Tarantino")
|
results = search_for("Tarantino")
|
||||||
results.size.should == 0
|
results.size.should == 0
|
||||||
|
|
||||||
|
|
||||||
# find an exact match first
|
# find an exact match first
|
||||||
results = search_for("mrB")
|
results = search_for("mrB")
|
||||||
results.first.should == user1
|
results.first.should == user1
|
||||||
|
|
||||||
|
# don't return inactive users
|
||||||
|
results = search_for("Ghost")
|
||||||
|
results.should be_blank
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -205,7 +205,6 @@ describe User do
|
||||||
|
|
||||||
it { should be_valid }
|
it { should be_valid }
|
||||||
it { should_not be_admin }
|
it { should_not be_admin }
|
||||||
it { should_not be_active }
|
|
||||||
it { should_not be_approved }
|
it { should_not be_approved }
|
||||||
its(:approved_at) { should be_blank }
|
its(:approved_at) { should be_blank }
|
||||||
its(:approved_by_id) { should be_blank }
|
its(:approved_by_id) { should be_blank }
|
||||||
|
|
Loading…
Reference in New Issue