Skip to content

Commit

Permalink
userinfo: Prevent showing private project name and description
Browse files Browse the repository at this point in the history 
See: Yona Github issue #218
  • Loading branch information
@doortts
doortts committed May 3, 2017
1 parent f4a09da commit ee22119
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 5 deletions.
3 changes: 2 additions & 1 deletion app/controllers/UserApp.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -843,7 +843,8 @@ private static List<Project> collectProjects(String loginId, User user, String[]

private static void addProjectNotDupped(List<Project> target, List<Project> foundProjects) {
for (Project project : foundProjects) {
if( !target.contains(project) ) {
if( !target.contains(project) &&
AccessControl.isAllowed(UserApp.currentUser(), project.asResource(), Operation.READ)) {
target.add(project);
}
}
Expand Down
19 changes: 15 additions & 4 deletions app/views/user/view.scala.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,14 @@
}
}

@isCurrentUsersPage = @{
if(UserApp.currentUser.loginId.equals(user.loginId)){
true
} else {
false
}
}

@siteLayout(user.loginId, utils.MenuType.USER) {
<div class="site-breadcrumb-outer">
<div class="site-breadcrumb-inner">
Expand All @@ -49,12 +57,12 @@ <h3>@Messages("userinfo.profile")</h3>

<ul class="unstyled lst-stacked" style="margin-top:20px;">
<li @if(groupNames.contains("own")){class="active"}>
<a href="@routes.UserApp.userInfo(user.loginId, "own")">@Messages("project.createdByMe")<span class="num-badge pull-right">@Project.countProjectsCreatedByUser(user.loginId)</span></a>
<a href="@routes.UserApp.userInfo(user.loginId, "own")">@Messages("project.createdByMe")<span class="num-badge pull-right">@if(isCurrentUsersPage){@Project.countProjectsCreatedByUser(user.loginId)}</span></a>
</li>
<li @if(groupNames.contains("member")){class="active"}>
<a href="@routes.UserApp.userInfo(user.loginId, "member")">@Messages("project.default.group.member")<span class="num-badge pull-right">@Project.countProjectsJustMemberAndNotOwner(user.loginId)</span></a>
<a href="@routes.UserApp.userInfo(user.loginId, "member")">@Messages("project.default.group.member")<span class="num-badge pull-right">@if(isCurrentUsersPage){@Project.countProjectsJustMemberAndNotOwner(user.loginId)}</span></a>
</li>
@if(user.loginId == UserApp.currentUser.loginId){
@if(isCurrentUsersPage){
<li @if(groupNames.contains("watching")){class="active"}>
<a href="@routes.UserApp.userInfo(user.loginId, "watching")">@Messages("project.default.group.watching")<span class="num-badge pull-right">@user.getWatchingProjects.size</span></a>
</li>
Expand Down Expand Up @@ -124,7 +132,10 @@ <h3>@Messages("userinfo.profile")</h3>
}
<ul class="user-streams all-projects">
@for(project <- projects){
@partial_projectlist(project, user)
@if(groupNames.contains("watching") && !isCurrentUsersPage){
} else {
@partial_projectlist(project, user)
}
}
</ul>
</div>
Expand Down

0 comments on commit ee22119

Please sign in to comment.