ui: don't display email in profile settings when hidden

2024-11-21 17:34:24 +01:00 · 2024-11-18 17:06:38 +05:00 · 2024-11-18 17:06:38 +05:00 · c3653e0eaa
parent 4a3f8f3004
commit c3653e0eaa
2 changed files with 27 additions and 4 deletions
--- a/templates/user/settings/profile.tmpl
+++ b/templates/user/settings/profile.tmpl
@ -51,10 +51,12 @@
 					</div>
 					<input id="pronouns-custom" name="pronouns" value="{{.SignedUser.Pronouns}}" maxlength="50">
 				</div>
-				<div class="field {{if .Err_Email}}error{{end}}">
-					<label>{{ctx.Locale.Tr "email"}}</label>
-					<p id="signed-user-email">{{.SignedUser.Email}}</p>
-				</div>
+				{{if not .SignedUser.KeepEmailPrivate}}
+					<div class="field">
+						<label>{{ctx.Locale.Tr "email"}}</label>
+						<p id="signed-user-email">{{.SignedUser.Email}}</p>
+					</div>
+				{{end}}
 				<div class="field {{if .Err_Biography}}error{{end}}">
 					<label for="biography">{{ctx.Locale.Tr "user.user_bio"}}</label>
 					<textarea id="biography" name="biography" rows="2" placeholder="{{ctx.Locale.Tr "settings.biography_placeholder"}}" maxlength="255">{{.SignedUser.Description}}</textarea>
--- a/tests/integration/setting_test.go
+++ b/tests/integration/setting_test.go
@ -1,4 +1,5 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

 package integration
@ -156,3 +157,23 @@ func TestSettingSecurityAuthSource(t *testing.T) {
 	assert.Contains(t, resp.Body.String(), `gitlab-active`)
 	assert.Contains(t, resp.Body.String(), `gitlab-inactive`)
 }
+
+func TestSettingShowUserEmailSettings(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	// user1: keep_email_private = false, user2: keep_email_private = true
+
+	// user1 can see own visible email
+	session := loginUser(t, "user1")
+	req := NewRequest(t, "GET", "/user/settings")
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+	assert.Contains(t, htmlDoc.doc.Find("#signed-user-email").Text(), "user1@example.com")
+
+	// user2 cannot see own hidden email
+	session = loginUser(t, "user2")
+	req = NewRequest(t, "GET", "/user/settings")
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc = NewHTMLParser(t, resp.Body)
+	assert.NotContains(t, htmlDoc.doc.Find("#signed-user-email").Text(), "user2@example.com")
+}