Show email if the authenticated user owns the profile page being requested for (#4981)

* Show email if the authenticated user owns the profile page being requested for. Also removed `setting.UI.ShowUserEmail` as it's documentation says it only controls the email setting on the explore page * fix current user check... This prevents a panic as a user must be signed in before ctx.User is called * fix panic in tests * try to fix tests * Update year * Test CI fail * Revert change * User 3 is not allowed to authorize * Set user2 email to be private * Change to user4 in explore page as user2 now has private email option set
2025-10-31 20:21:47 +01:00 · 2019-02-19 15:11:50 +01:00 · 2019-02-19 15:11:50 +01:00 · 094263db4d
commit 094263db4d
parent ff2be17e3f
4 changed files with 17 additions and 5 deletions
--- a/integrations/setting_test.go
+++ b/integrations/setting_test.go
@ -25,7 +25,7 @@ func TestSettingShowUserEmailExplore(t *testing.T) {
 	htmlDoc := NewHTMLParser(t, resp.Body)
 	assert.Contains(t,
 		htmlDoc.doc.Find(".ui.user.list").Text(),
-		"user2@example.com",
+		"user4@example.com",
 	)

 	setting.UI.ShowUserEmail = false
@ -35,7 +35,7 @@ func TestSettingShowUserEmailExplore(t *testing.T) {
 	htmlDoc = NewHTMLParser(t, resp.Body)
 	assert.NotContains(t,
 		htmlDoc.doc.Find(".ui.user.list").Text(),
-		"user2@example.com",
+		"user4@example.com",
 	)

 	setting.UI.ShowUserEmail = showUserEmail
@ -61,12 +61,23 @@ func TestSettingShowUserEmailProfile(t *testing.T) {
 	req = NewRequest(t, "GET", "/user2")
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc = NewHTMLParser(t, resp.Body)
-	assert.NotContains(t,
+	// Should contain since this user owns the profile page
+	assert.Contains(t,
 		htmlDoc.doc.Find(".user.profile").Text(),
 		"user2@example.com",
 	)

 	setting.UI.ShowUserEmail = showUserEmail
+
+	session = loginUser(t, "user4")
+	req = NewRequest(t, "GET", "/user2")
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc = NewHTMLParser(t, resp.Body)
+	assert.NotContains(t,
+		htmlDoc.doc.Find(".user.profile").Text(),
+		"user2@example.com",
+	)
+
 }

 func TestSettingLandingPage(t *testing.T) {
--- a/models/fixtures/user.yml
+++ b/models/fixtures/user.yml
@ -21,6 +21,7 @@
  name: user2
  full_name: "   < U<se>r Tw<o > ><  "
  email: user2@example.com
+  keep_email_private: true
  passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
  type: 0 # individual
  salt: ZogKvWdyEx
--- a/routers/user/profile.go
+++ b/routers/user/profile.go
@ -237,7 +237,7 @@ func Profile(ctx *context.Context) {
 		}
 	}

-	ctx.Data["ShowUserEmail"] = setting.UI.ShowUserEmail
+	ctx.Data["ShowUserEmail"] = len(ctxUser.Email) > 0 && ctx.IsSigned && (!ctxUser.KeepEmailPrivate || ctxUser.ID == ctx.User.ID)

 	ctx.HTML(200, tplProfile)
 }
--- a/templates/user/profile.tmpl
+++ b/templates/user/profile.tmpl
@ -22,7 +22,7 @@
 							{{if .Owner.Location}}
 								<li><i class="octicon octicon-location"></i> {{.Owner.Location}}</li>
 							{{end}}
-							{{if and $.ShowUserEmail .Owner.Email .IsSigned (not .Owner.KeepEmailPrivate)}}
+							{{if .ShowUserEmail }}
 								<li>
 									<i class="octicon octicon-mail"></i>
 									<a href="mailto:{{.Owner.Email}}" rel="nofollow">{{.Owner.Email}}</a>