FIX: Don't show profile pages for inactive users and don't show them in

search results.
2024-11-23 07:38:01 +08:00 · 2014-08-13 13:30:25 -04:00 · 2014-08-13 13:30:25 -04:00 · 9a1580244a
commit 9a1580244a
parent 106aed9dd3
7 changed files with 15 additions and 6 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -216,7 +216,7 @@ class ApplicationController < ActionController::Base
    user = if params[:username]
      username_lower = params[:username].downcase
      username_lower.gsub!(/\.json$/, '')
-      User.find_by(username_lower: username_lower)
+      User.find_by(username_lower: username_lower, active: true)
    elsif params[:external_id]
      SingleSignOnRecord.find_by(external_id: params[:external_id]).try(:user)
    end
--- a/app/models/user_search.rb
+++ b/app/models/user_search.rb
@ -12,6 +12,8 @@ class UserSearch
  def search
    users = User.order(User.sql_fragment("CASE WHEN username_lower = ? THEN 0 ELSE 1 END ASC", @term.downcase))

+    users = users.where(active: true)
+
    if @term.present?
      if SiteSetting.enable_names?
        query = Search.ts_query(@term, "simple")
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -19,6 +19,12 @@ describe UsersController do
      response.should_not be_success
    end

+    it 'returns not found when the user is inactive' do
+      inactive = Fabricate(:user, active: false)
+      xhr :get, :show, username: inactive.username
+      response.should_not be_success
+    end
+
    it "raises an error on invalid access" do
      Guardian.any_instance.expects(:can_see?).with(user).returns(false)
      xhr :get, :show, username: user.username
--- a/spec/fabricators/user_fabricator.rb
+++ b/spec/fabricators/user_fabricator.rb
@ -8,6 +8,7 @@ Fabricator(:user) do
  password 'myawesomepassword'
  trust_level TrustLevel.levels[:basic]
  ip_address { sequence(:ip_address) { |i| "99.232.23.#{i%254}"} }
+  active true
 end

 Fabricator(:coding_horror, from: :user) do
@ -58,7 +59,6 @@ Fabricator(:active_user, from: :user) do
  email { sequence(:email) { |i| "luke#{i}@skywalker.com" } }
  password 'myawesomepassword'
  trust_level TrustLevel.levels[:basic]
-  active true

  after_create do |user|
    user.user_profile.bio_raw = "Don't ask me about my dad!"
--- a/spec/jobs/enqueue_digest_emails_spec.rb
+++ b/spec/jobs/enqueue_digest_emails_spec.rb
@ -42,7 +42,7 @@ describe Jobs::EnqueueDigestEmails do
    end

    context "inactive user" do
-      let!(:inactive_user) { Fabricate(:user) }
+      let!(:inactive_user) { Fabricate(:user, active: false) }

      it "doesn't return users who have been emailed recently" do
        Jobs::EnqueueDigestEmails.new.target_user_ids.include?(inactive_user.id).should be_false
--- a/spec/models/user_search_spec.rb
+++ b/spec/models/user_search_spec.rb
@ -11,6 +11,7 @@ describe UserSearch do
  let(:user4)     { Fabricate :user, username: "mrpink",   name: "Steve Buscemi",  last_seen_at: 7.days.ago }
  let(:user5)     { Fabricate :user, username: "mrbrown",  name: "Quentin Tarantino", last_seen_at: 6.days.ago }
  let(:user6)     { Fabricate :user, username: "mrwhite",  name: "Harvey Keitel",  last_seen_at: 5.days.ago }
+  let!(:inactive)  { Fabricate :user, username: "Ghost", active: false }
  let(:admin)     { Fabricate :admin, username: "theadmin" }
  let(:moderator) { Fabricate :moderator, username: "themod" }

@ -103,12 +104,13 @@ describe UserSearch do
    results = search_for("Tarantino")
    results.size.should == 0

-
    # find an exact match first
    results = search_for("mrB")
    results.first.should == user1

-
+    # don't return inactive users
+    results = search_for("Ghost")
+    results.should be_blank
  end

 end
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -205,7 +205,6 @@ describe User do

    it { should be_valid }
    it { should_not be_admin }
-    it { should_not be_active }
    it { should_not be_approved }
    its(:approved_at) { should be_blank }
    its(:approved_by_id) { should be_blank }