Skip to content
This repository was archived by the owner on Dec 14, 2023. It is now read-only.

Commit 389f676

Browse files
WardormeurDanielBrierton
Wardormeur
authored and
DanielBrierton
committed
Fix profile visibility for shared children (#243)
* Fix profile visibility for shared children * ensure relationship is bidirectional * Add acts making use of proxy for user-profile-data
1 parent 272e5e3 commit 389f676

File tree

3 files changed

+63
-58
lines changed

3 files changed

+63
-58
lines changed

lib/profiles/load-children-for-user.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ function cmd_load_children_for_user (args, done) {
1010
if (!parentProfile) return done(null, {error: 'User profile not found for userId ' + userId, http$: {status: 404}});
1111
if (!parentProfile.children) return done(null, []);
1212
async.map(parentProfile.children, function (childUserId, cb) {
13-
seneca.act({role: 'cd-profiles', cmd: 'user_profile_data', query: {userId: childUserId}, user: args.user}, cb);
13+
seneca.act({role: 'cd-profiles', cmd: 'user_profile_data', query: {userId: childUserId}, user: args.user, proxyProfile: parentProfile}, cb);
1414
}, function (err, children) {
1515
if (err) return done(err);
1616
return done(null, children);

lib/profiles/load-parents-for-user.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ function cmd_load_parents_for_user (args, done) {
1010
var childProfile = response[0];
1111
if (!childProfile || !childProfile.parents) return done();
1212
async.map(childProfile.parents, function (parentUserId, cb) {
13-
seneca.act({role: 'cd-profiles', cmd: 'user_profile_data', query: {userId: parentUserId}, user: args.user}, cb);
13+
seneca.act({role: 'cd-profiles', cmd: 'user_profile_data', query: {userId: parentUserId}, user: args.user, proxyProfile: childProfile}, cb);
1414
}, function (err, parents) {
1515
if (err) return done(err);
1616
return done(null, parents);

lib/profiles/user-profile-data.js

Lines changed: 61 additions & 56 deletions
Original file line numberDiff line numberDiff line change
@@ -69,58 +69,57 @@ var fieldWhiteList = {
6969
'parent-guardian': parentGuardianPublicFields
7070
};
7171

72-
73-
var youthBlackList = ['name'];
74-
75-
// var allowedOptionalFieldsYouth = ['dojos', 'linkedin', 'twitter', 'badges'];
76-
var allowedOptionalFieldsYouth = _.filter(hiddenFields, function (field) {
77-
if (_.contains(field.allowedUserTypes, 'attendee-o13')) return field.modelName;
78-
});
79-
80-
// var allowedOptionalFieldsChampion = ['notes', 'projects'];
81-
var allowedOptionalFieldsChampion = _.map(hiddenFields, function (field) {
82-
if (_.contains(field.allowedUserTypes, 'champion')) return field.modelName;
83-
});
84-
85-
var allowedOptionalFieldsMentor = _.map(hiddenFields, function (field) {
86-
if (_.contains(field.allowedUserTypes, 'mentor')) return field.modelName;
87-
});
88-
89-
var allowedOptionalFields = {
90-
'champion': allowedOptionalFieldsChampion,
91-
'attendee-o13': allowedOptionalFieldsYouth,
92-
'mentor': allowedOptionalFieldsMentor
93-
};
94-
72+
var youthBlackList = ['name'];
73+
74+
// var allowedOptionalFieldsYouth = ['dojos', 'linkedin', 'twitter', 'badges'];
75+
var allowedOptionalFieldsYouth = _.filter(hiddenFields, function (field) {
76+
if (_.contains(field.allowedUserTypes, 'attendee-o13')) return field.modelName;
77+
});
78+
79+
// var allowedOptionalFieldsChampion = ['notes', 'projects'];
80+
var allowedOptionalFieldsChampion = _.map(hiddenFields, function (field) {
81+
if (_.contains(field.allowedUserTypes, 'champion')) return field.modelName;
82+
});
83+
84+
var allowedOptionalFieldsMentor = _.map(hiddenFields, function (field) {
85+
if (_.contains(field.allowedUserTypes, 'mentor')) return field.modelName;
86+
});
87+
88+
var allowedOptionalFields = {
89+
'champion': allowedOptionalFieldsChampion,
90+
'attendee-o13': allowedOptionalFieldsYouth,
91+
'mentor': allowedOptionalFieldsMentor
92+
};
9593

9694
function cmd_user_profile_data (args, done) {
9795
var seneca = this;
9896
var plugin = args.role;
9997
var query = args.query;
98+
var proxyProfile = args.proxyProfile;
10099
var ENTITY_NS = 'cd/profiles';
101100
var flags = {
102101
user: {
103-
myChild : false,
104-
ownProfile : false,
105-
isChampion : false,
106-
isTicketingAdmin : false,
107-
isDojoAdmin : false
102+
myChild: false,
103+
ownProfile: false,
104+
isChampion: false,
105+
isTicketingAdmin: false,
106+
isDojoAdmin: false
108107
},
109108
// Is champion is a combination
110109
requestingUser: {
111110
isChampionOf: false,
112-
isMentorOf : false,
113-
isDojoAdminOf : false,
114-
isTicketingAdminOf : false,
111+
isMentorOf: false,
112+
isDojoAdminOf: false,
113+
isTicketingAdminOf: false,
115114
canBypassPrivate: false,
116-
isCDF : false
115+
isCDF: false
117116
},
118117
shared: {
119118
isChampion: false,
120-
isMentor : false,
121-
isDojoAdmin : false,
122-
isTicketingAdmin : false,
123-
isParentOf : false,
119+
isMentor: false,
120+
isDojoAdmin: false,
121+
isTicketingAdmin: false,
122+
isParentOf: false,
124123
isChildrenOf: false,
125124
isFamily: false
126125
}
@@ -145,7 +144,7 @@ function cmd_user_profile_data (args, done) {
145144
// Filter
146145
privateFilter,
147146
publicProfilesFilter,
148-
under13Filter,
147+
under13Filter
149148
],
150149
function (err, profile) {
151150
if (err) return done(null, {error: err});
@@ -236,7 +235,6 @@ function cmd_user_profile_data (args, done) {
236235
}
237236

238237
function optionalFieldsFilter (profile, done) {
239-
240238
function getProfileDojos (wfCb) {
241239
seneca.act({role: 'cd-dojos', cmd: 'load_usersdojos', query: {userId: profile.userId}}, function (err, profileDojos) {
242240
if (err) return done(err);
@@ -251,9 +249,9 @@ function cmd_user_profile_data (args, done) {
251249
function (err, requestingUserDojos) {
252250
if (err) return done(err);
253251
return wfCb(null, profileDojos, requestingUserDojos);
254-
});
252+
});
255253
} else {
256-
return wfCb(null, profileDojos, null);
254+
return wfCb(null, profileDojos, null);
257255
}
258256
}
259257

@@ -263,7 +261,7 @@ function cmd_user_profile_data (args, done) {
263261
function (err, requestingUserProfile) {
264262
if (err) return done(err);
265263
return wfCb(null, profileDojos, requestingUserDojos, requestingUserProfile);
266-
});
264+
});
267265
} else {
268266
return wfCb(null, profileDojos, requestingUserDojos, null);
269267
}
@@ -283,21 +281,21 @@ function cmd_user_profile_data (args, done) {
283281
_.each(requestingUserSharedDojos, function (requestingUserDojo) {
284282
if (_.contains(requestingUserDojo.userTypes, 'champion')) flags.requestingUser.isChampionOf = true;
285283
if (_.contains(requestingUserDojo.userTypes, 'mentor')) flags.requestingUser.isMentorOf = true;
286-
if (_.find(requestingUserDojo.userPermissions, {'title':'Dojo Admin','name':'dojo-admin'})) flags.requestingUser.isDojoAdminOf = true;
287-
if (_.find(requestingUserDojo.userPermissions, {'title':'Ticketing Admin','name':'ticketing-admin'})) flags.requestingUser.isTicketingAdminOf = true;
284+
if (_.find(requestingUserDojo.userPermissions, {'title': 'Dojo Admin', 'name': 'dojo-admin'})) flags.requestingUser.isDojoAdminOf = true;
285+
if (_.find(requestingUserDojo.userPermissions, {'title': 'Ticketing Admin', 'name': 'ticketing-admin'})) flags.requestingUser.isTicketingAdminOf = true;
288286
});
289287

290288
// Viewed user flags
291289
_.each(profileDojos, function (profileDojo) {
292290
if (_.contains(profileDojo.userTypes, 'champion')) flags.user.isChampion = true;
293-
if (_.find(profileDojo.userPermissions, {'title':'Dojo Admin','name':'dojo-admin'})) flags.user.isDojoAdmin = true;
294-
if (_.find(profileDojo.userPermissions, {'title':'Ticketing Admin','name':'ticketing-admin'})) flags.user.isTicketingAdmin = true;
291+
if (_.find(profileDojo.userPermissions, {'title': 'Dojo Admin', 'name': 'dojo-admin'})) flags.user.isDojoAdmin = true;
292+
if (_.find(profileDojo.userPermissions, {'title': 'Ticketing Admin', 'name': 'ticketing-admin'})) flags.user.isTicketingAdmin = true;
295293
});
296294

297295
// We look at relationship between user and viewer
298296
_.each(viewedUserSharedDojos, function (sharedProfileDojo) {
299-
if (_.find(sharedProfileDojo.userPermissions, {'title':'Dojo Admin','name':'dojo-admin'})) flags.shared.isDojoAdmin = true;
300-
if (_.find(sharedProfileDojo.userPermissions, {'title':'Ticketing Admin','name':'ticketing-admin'})) flags.shared.isTicketingAdmin = true;
297+
if (_.find(sharedProfileDojo.userPermissions, {'title': 'Dojo Admin', 'name': 'dojo-admin'})) flags.shared.isDojoAdmin = true;
298+
if (_.find(sharedProfileDojo.userPermissions, {'title': 'Ticketing Admin', 'name': 'ticketing-admin'})) flags.shared.isTicketingAdmin = true;
301299
});
302300

303301
flags.shared.isParentOf = _.includes(profile.parents, requestingUser.id);
@@ -343,16 +341,26 @@ function cmd_user_profile_data (args, done) {
343341
}
344342

345343
function aggregateFlags (profile, requestingUserProfile, done) {
346-
flags.shared.isFamily = _.some(profile.parents, function (parent) {
347-
return _.includes(requestingUserProfile.parents, parent);
348-
}) || flags.shared.isParentOf || flags.shared.isChildrenOf;
349-
344+
flags.shared.isFamily =
345+
// Kid -> parent
346+
_.some(profile.parents, function (parent) {
347+
return _.includes(requestingUserProfile.parents, parent) &&
348+
(proxyProfile ? _.includes(proxyProfile.children, requestingUserProfile.userId) : true);
349+
}) ||
350+
flags.shared.isParentOf || flags.shared.isChildrenOf ||
351+
// parent -> kid
352+
// This is to connect 2 parents so that they can see each other on their kid profile
353+
// This imply that if you share ANY kid, you'll see the other person profile
354+
_.some(profile.children, function (child) {
355+
return _.includes(requestingUserProfile.children, child) &&
356+
(proxyProfile ? _.includes(proxyProfile.parents, requestingUserProfile.userId) : true);
357+
});
350358
flags.requestingUser.canBypassFilter = flags.requestingUser.isDojoAdminOf || flags.requestingUser.isChampionOf ||
351-
flags.user.ownProfile || flags.user.myChild || flags.requestingUser.isTicketingAdminOf || flags.requestingUser.isCDF ||flags.shared.isFamily;
359+
flags.user.ownProfile || flags.user.myChild || flags.requestingUser.isTicketingAdminOf || flags.requestingUser.isCDF || flags.shared.isFamily;
352360

353361
flags.requestingUser.canBypassPrivate = flags.requestingUser.canBypassFilter ||
354362
// We exclude visibility of o13 champs
355-
((flags.shared.isChampion || flags.shared.isDojoAdmin || flags.shared.isTicketingAdmin ) && !_.includes(profile.userTypes, 'attendee-o13'));
363+
((flags.shared.isChampion || flags.shared.isDojoAdmin || flags.shared.isTicketingAdmin) && !_.includes(profile.userTypes, 'attendee-o13'));
356364

357365
return done(null, profile);
358366
}
@@ -372,7 +380,6 @@ function cmd_user_profile_data (args, done) {
372380
* @return {[type]} [description]
373381
*/
374382
function publicProfilesFilter (profile, done) {
375-
376383
if (!flags.requestingUser.canBypassFilter && !_.contains(profile.userTypes, 'attendee-u13')) {
377384
// Build the list of fields to pick
378385
_.each(profile.userTypes, function (userType) {
@@ -412,8 +419,6 @@ function cmd_user_profile_data (args, done) {
412419
}
413420
return done(null, profile);
414421
}
415-
416422
}
417423

418-
419424
module.exports = cmd_user_profile_data;

0 commit comments

Comments
 (0)