Add an option to have a private profile on GitLab

5 files changed, 172 insertions, 20 deletions

diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index b0acf4a49ac..071f96a729e 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -2,6 +2,8 @@ require 'spec_helper'
 
 describe UsersController do
   let(:user) { create(:user) }
+  let(:private_user) { create(:user, private_profile: true) }
+  let(:public_user) { create(:user) }
 
   describe 'GET #show' do
     context 'with rendered views' do
@@ -98,16 +100,47 @@ describe UsersController do
 
         expect(assigns(:events)).to be_empty
       end
+
+      it 'hides events if the user has a private profile' do
+        Gitlab::DataBuilder::Push.build_sample(project, private_user)
+
+        get :show, username: private_user.username, format: :json
+
+        expect(assigns(:events)).to be_empty
+      end
     end
   end
 
   describe 'GET #calendar' do
-    it 'renders calendar' do
-      sign_in(user)
+    context 'for user' do
+      let(:project) { create(:project) }
+
+      before do
+        sign_in(user)
+        project.add_developer(user)
+      end
+
+      context 'with public profile' do
+        it 'renders calendar' do
+          push_data = Gitlab::DataBuilder::Push.build_sample(project, public_user)
+          EventCreateService.new.push(project, public_user, push_data)
+
+          get :calendar, username: public_user.username, format: :json
 
-      get :calendar, username: user.username, format: :json
+          expect(response).to have_gitlab_http_status(200)
+        end
+      end
+
+      context 'with private profile' do
+        it 'does not render calendar' do
+          push_data = Gitlab::DataBuilder::Push.build_sample(project, private_user)
+          EventCreateService.new.push(project, private_user, push_data)
 
-      expect(response).to have_gitlab_http_status(200)
+          get :calendar, username: private_user.username, format: :json
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
     end
 
     context 'forked project' do
@@ -150,9 +183,26 @@ describe UsersController do
       expect(assigns(:calendar_date)).to eq(Date.parse('2014-07-31'))
     end
 
-    it 'renders calendar_activities' do
-      get :calendar_activities, username: user.username
-      expect(response).to render_template('calendar_activities')
+    context 'for user' do
+      context 'with public profile' do
+        it 'renders calendar_activities' do
+          push_data = Gitlab::DataBuilder::Push.build_sample(project, public_user)
+          EventCreateService.new.push(project, public_user, push_data)
+
+          get :calendar_activities, username: public_user.username
+          expect(assigns[:events]).not_to be_empty
+        end
+      end
+
+      context 'with private profile' do
+        it 'does not render calendar_activities' do
+          push_data = Gitlab::DataBuilder::Push.build_sample(project, private_user)
+          EventCreateService.new.push(project, private_user, push_data)
+
+          get :calendar_activities, username: private_user.username
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
     end
   end
 
diff --git a/spec/features/users/show_spec.rb b/spec/features/users/show_spec.rb
index 3e2fb704bc6..207c333c636 100644
--- a/spec/features/users/show_spec.rb
+++ b/spec/features/users/show_spec.rb
@@ -3,15 +3,53 @@ require 'spec_helper'
 describe 'User page' do
   let(:user) { create(:user) }
 
-  it 'shows all the tabs' do
-    visit(user_path(user))
-
-    page.within '.nav-links' do
-      expect(page).to have_link('Activity')
-      expect(page).to have_link('Groups')
-      expect(page).to have_link('Contributed projects')
-      expect(page).to have_link('Personal projects')
-      expect(page).to have_link('Snippets')
+  context 'with public profile' do
+    it 'shows all the tabs' do
+      visit(user_path(user))
+
+      page.within '.nav-links' do
+        expect(page).to have_link('Activity')
+        expect(page).to have_link('Groups')
+        expect(page).to have_link('Contributed projects')
+        expect(page).to have_link('Personal projects')
+        expect(page).to have_link('Snippets')
+      end
+    end
+
+    it 'does not show private profile message' do
+      visit(user_path(user))
+
+      expect(page).not_to have_content("This user has a private profile")
+    end
+  end
+
+  context 'with private profile' do
+    let(:user) { create(:user, private_profile: true) }
+
+    it 'shows no tab' do
+      visit(user_path(user))
+
+      expect(page).to have_css("div.profile-header")
+      expect(page).not_to have_css("ul.nav-links")
+    end
+
+    it 'shows private profile message' do
+      visit(user_path(user))
+
+      expect(page).to have_content("This user has a private profile")
+    end
+
+    it 'shows own tabs' do
+      sign_in(user)
+      visit(user_path(user))
+
+      page.within '.nav-links' do
+        expect(page).to have_link('Activity')
+        expect(page).to have_link('Groups')
+        expect(page).to have_link('Contributed projects')
+        expect(page).to have_link('Personal projects')
+        expect(page).to have_link('Snippets')
+      end
     end
   end
 
diff --git a/spec/finders/user_recent_events_finder_spec.rb b/spec/finders/user_recent_events_finder_spec.rb
index da043f94021..58470f4c84d 100644
--- a/spec/finders/user_recent_events_finder_spec.rb
+++ b/spec/finders/user_recent_events_finder_spec.rb
@@ -29,11 +29,22 @@ describe UserRecentEventsFinder do
         public_project.add_developer(current_user)
       end
 
-      it 'returns all the events' do
-        expect(finder.execute).to include(private_event, internal_event, public_event)
+      context 'when profile is public' do
+        it 'returns all the events' do
+          expect(finder.execute).to include(private_event, internal_event, public_event)
+        end
+      end
+
+      context 'when profile is private' do
+        it 'returns no event' do
+          allow(Ability).to receive(:allowed?).and_call_original
+          allow(Ability).to receive(:allowed?).with(current_user, :read_user_profile, project_owner).and_return(false)
+          expect(finder.execute).to be_empty
+        end
       end
 
       it 'does not include the events if the user cannot read cross project' do
+        expect(Ability).to receive(:allowed?).and_call_original
         expect(Ability).to receive(:allowed?).with(current_user, :read_cross_project) { false }
         expect(finder.execute).to be_empty
       end
diff --git a/spec/helpers/users_helper_spec.rb b/spec/helpers/users_helper_spec.rb
index b18c045848f..b079802cb81 100644
--- a/spec/helpers/users_helper_spec.rb
+++ b/spec/helpers/users_helper_spec.rb
@@ -25,8 +25,20 @@ describe UsersHelper do
       allow(helper).to receive(:can?).and_return(true)
     end
 
-    it 'includes all the expected tabs' do
-      expect(tabs).to include(:activity, :groups, :contributed, :projects, :snippets)
+    context 'with public profile' do
+      it 'includes all the expected tabs' do
+        expect(tabs).to include(:activity, :groups, :contributed, :projects, :snippets)
+      end
+    end
+
+    context 'with private profile' do
+      before do
+        allow(helper).to receive(:can?).with(user, :read_user_profile, nil).and_return(false)
+      end
+
+      it 'is empty' do
+        expect(tabs).to be_empty
+      end
     end
   end
 
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index b3079c0a77b..6a051f865aa 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -11,6 +11,7 @@ describe API::Users do
   let(:ldap_blocked_user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') }
   let(:not_existing_user_id) { (User.maximum('id') || 0 ) + 10 }
   let(:not_existing_pat_id) { (PersonalAccessToken.maximum('id') || 0 ) + 10 }
+  let(:private_user) { create(:user, private_profile: true) }
 
   describe 'GET /users' do
     context "when unauthenticated" do
@@ -254,6 +255,13 @@ describe API::Users do
         expect(response).to match_response_schema('public_api/v4/user/admin')
         expect(json_response['is_admin']).to be(false)
       end
+
+      it "includes the `created_at` field for private users" do
+        get api("/users/#{private_user.id}", admin)
+
+        expect(response).to match_response_schema('public_api/v4/user/admin')
+        expect(json_response.keys).to include 'created_at'
+      end
     end
 
     context 'for an anonymous user' do
@@ -272,6 +280,20 @@ describe API::Users do
 
         expect(response).to have_gitlab_http_status(404)
       end
+
+      it "returns the `created_at` field for public users" do
+        get api("/users/#{user.id}")
+
+        expect(response).to match_response_schema('public_api/v4/user/basic')
+        expect(json_response.keys).to include 'created_at'
+      end
+
+      it "does not return the `created_at` field for private users" do
+        get api("/users/#{private_user.id}")
+
+        expect(response).to match_response_schema('public_api/v4/user/basic')
+        expect(json_response.keys).not_to include 'created_at'
+      end
     end
 
     it "returns a 404 error if user id not found" do
@@ -374,6 +396,18 @@ describe API::Users do
       expect(new_user.recently_sent_password_reset?).to eq(true)
     end
 
+    it "creates user with private profile" do
+      post api('/users', admin), attributes_for(:user, private_profile: true)
+
+      expect(response).to have_gitlab_http_status(201)
+
+      user_id = json_response['id']
+      new_user = User.find(user_id)
+
+      expect(new_user).not_to eq(nil)
+      expect(new_user.private_profile?).to eq(true)
+    end
+
     it "does not create user with invalid email" do
       post api('/users', admin),
            email: 'invalid email',
@@ -583,6 +617,13 @@ describe API::Users do
       expect(user.reload.external?).to be_truthy
     end
 
+    it "updates private profile" do
+      put api("/users/#{user.id}", admin), { private_profile: true }
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(user.reload.private_profile).to eq(true)
+    end
+
     it "does not update admin status" do
       put api("/users/#{admin_user.id}", admin), { can_create_group: false }