Add privacy to Activity and only show public activity to logged-in users by default

rsmithlal · rsmithlal · commit 33735898f284 · 2025-07-03T20:18:29.000-02:30
diff --git a/app/controllers/better_together/hub_controller.rb b/app/controllers/better_together/hub_controller.rb
@@ -4,7 +4,7 @@ module BetterTogether
   # Internal hub for logged-in users to see relevant platform & community information
   class HubController < ApplicationController
     def index
-      authorize :'better_together/hub', :index?
+      authorize PublicActivity::Activity
       @activities = helpers.activities
     end
   end
diff --git a/app/helpers/better_together/hub_helper.rb b/app/helpers/better_together/hub_helper.rb
@@ -40,8 +40,8 @@ def whose?(user, object) # rubocop:todo Metrics/MethodLength, Naming/PredicateMe
     def link_to_trackable(object, object_type)
       if object
         object_url = object.respond_to?(:url) ? object.url : object
-        trackable_name = "#{object.class.model_name.human}: #{object}"
-        link_to trackable_name, object_url
+        trackable_name = "#{object.class.model_name.human}: "
+        (trackable_name + link_to(object, object_url, class: 'text-decoration-none')).html_safe
       else
         "a #{object_type.downcase} which does not exist anymore"
       end
diff --git a/app/models/concerns/better_together/tracked_activity.rb b/app/models/concerns/better_together/tracked_activity.rb
@@ -9,7 +9,10 @@ module TrackedActivity
     included do
       include PublicActivity::Model
 
-      tracked owner: proc { |controller, _model| controller&.helpers&.current_person }
+      tracked owner: proc { |controller, _model| controller&.helpers&.current_person },
+              privacy: proc { |_controller, _model| _model.privacy if _model.respond_to?(:privacy) }
+
+      has_many :activities, as: :trackable, class_name: 'PublicActivity::Activity', dependent: :destroy
     end
 
     def self.included_in_models
diff --git a/app/policies/better_together/activity_policy.rb b/app/policies/better_together/activity_policy.rb
@@ -4,7 +4,7 @@ module BetterTogether
   # Access control fro PublicActivity::Activity records
   class ActivityPolicy < ApplicationPolicy
     def index?
-      permitted_to?('manage_platform')
+      user.present?
     end
 
     def show?
@@ -14,7 +14,15 @@ def show?
     # Filter and sort public activity results
     class Scope < ApplicationPolicy::Scope
       def resolve
-        scope.order(updated_at: :desc)
+        results = scope.order(updated_at: :desc)
+
+        query = table[:privacy].eq('public')
+
+        results.where(query)
+      end
+
+      def table
+        scope.arel_table
       end
     end
   end
diff --git a/app/views/better_together/hub/index.html.erb b/app/views/better_together/hub/index.html.erb
@@ -10,7 +10,7 @@
     <div class="col-md-6">
       <div class="card mb-4">
         <div class="card-header">
-          <h5><%= t('.your_activity', default: 'Your Activity') %></h5>
+          <h5><%= t('.activity', default: 'Activity') %></h5>
         </div>
         <div class="card-body">
           <%= render_activities(@activities, :layout => "layouts/better_together/activity_wrapper") %>
@@ -19,7 +19,7 @@
     </div>
 
     <!-- Platform-wide section -->
-    <div class="col-md-6">
+    <!-- <div class="col-md-6">
       <div class="card mb-4">
         <div class="card-header">
           <h5><%= t('.platform_updates', default: 'Platform Updates') %></h5>
@@ -32,11 +32,10 @@
           </ul>
         </div>
       </div>
-    </div>
+    </div> -->
   </div>
 
-  <div class="row">
-    <!-- Additional sections -->
+  <!-- <div class="row">
     <div class="col-md-6">
       <div class="card mb-4">
         <div class="card-header">
@@ -58,5 +57,5 @@
         </div>
       </div>
     </div>
-  </div>
+  </div> -->
 </div>
diff --git a/app/views/layouts/better_together/_activity_wrapper.html.erb b/app/views/layouts/better_together/_activity_wrapper.html.erb
@@ -10,9 +10,16 @@
       <% if a.owner %>
         <div class="me-3">
         </div>
-        <%= link_to(a.owner, class: "fw-bold text-decoration-none") do %>
-          <%= profile_image_tag(a.owner, class: 'rounded-circle border activity', style: "height: 30px; width: 30px;") %>
-          <%= a.owner %>
+        <% if policy(a.owner).show? %>
+          <%= link_to(a.owner, class: "fw-bold text-decoration-none") do %>
+        <%= profile_image_tag(a.owner, class: 'rounded-circle border activity', style: "height: 30px; width: 30px;") %>
+        <%= a.owner %>
+          <% end %>
+        <% else %>
+          <span class="fw-bold">
+        <%= profile_image_tag(a.owner, class: 'rounded-circle border activity', style: "height: 30px; width: 30px;") %>
+        <%= a.owner %>
+          </span>
         <% end %>
       <% else %>
         <span class="fw-bold">someone</span>
diff --git a/config/initializers/public_activity.rb b/config/initializers/public_activity.rb
@@ -2,4 +2,17 @@
 
 # config/initializers/public_activity.rb
 
-PublicActivity::Activity.table_name = :better_together_activities
+# require 'better_togehter/privacy'
+
+ActiveSupport::Reloader.to_prepare do
+  PublicActivity::Config.set do
+    table_name 'better_together_activities'
+  end
+
+  # PublicActivity::Activity.include BetterTogether::Privacy
+  PublicActivity::Activity.class_eval do
+    def self.policy_class
+      BetterTogether::ActivityPolicy
+    end
+  end
+end
diff --git a/db/migrate/20250703214031_add_default_activity_parameters.rb b/db/migrate/20250703214031_add_default_activity_parameters.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddDefaultActivityParameters < ActiveRecord::Migration[7.1]
+  def change
+    change_column_default :better_together_activities, :parameters, from: nil, to: '{}'
+  end
+end
diff --git a/db/migrate/20250703215419_add_privacy_to_activities.rb b/db/migrate/20250703215419_add_privacy_to_activities.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddPrivacyToActivities < ActiveRecord::Migration[7.1]
+  def change
+    change_table :better_together_activities, &:bt_privacy
+  end
+end
diff --git a/spec/dummy/db/schema.rb b/spec/dummy/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2025_06_07_130736) do
+ActiveRecord::Schema[7.1].define(version: 2025_07_03_215419) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "pgcrypto"
   enable_extension "plpgsql"
@@ -64,10 +64,12 @@
     t.string "owner_type"
     t.uuid "owner_id"
     t.string "key"
-    t.text "parameters"
+    t.jsonb "parameters", default: "{}"
     t.string "recipient_type"
     t.uuid "recipient_id"
+    t.string "privacy", limit: 50, default: "private", null: false
     t.index ["owner_type", "owner_id"], name: "bt_activities_by_owner"
+    t.index ["privacy"], name: "by_better_together_activities_privacy"
     t.index ["recipient_type", "recipient_id"], name: "bt_activities_by_recipient"
     t.index ["trackable_type", "trackable_id"], name: "bt_activities_by_trackable"
   end
