From c0bed879541b628f819d71412ea6d29da1fa9e46 Mon Sep 17 00:00:00 2001 From: Tim McCormack Date: Fri, 11 Jun 2021 22:53:41 +0000 Subject: [PATCH] Revert "ENT-4361 | Added user's "id" and "email" as public fields in ACCOUNT_VISIBILITY_CONFIGURATION." (#27942) --- .../teams/tests/test_serializers.py | 2 -- lms/envs/common.py | 4 ++-- .../user_api/accounts/tests/test_api.py | 8 ++++---- .../user_api/accounts/tests/test_views.py | 17 +++++----------- .../djangoapps/user_api/accounts/views.py | 20 ++++++++++--------- 5 files changed, 22 insertions(+), 29 deletions(-) diff --git a/lms/djangoapps/teams/tests/test_serializers.py b/lms/djangoapps/teams/tests/test_serializers.py index 4f01eb2372..e8e1fc2554 100644 --- a/lms/djangoapps/teams/tests/test_serializers.py +++ b/lms/djangoapps/teams/tests/test_serializers.py @@ -56,8 +56,6 @@ class MembershipSerializerTestCase(SerializerTestCase): username = self.user.username assert data['user'] == {'url': ('http://testserver/api/user/v1/accounts/' + username), 'username': username, - 'id': self.user.id, - 'email': self.user.email, 'profile_image': {'image_url_full': 'http://testserver/static/default_500.png', 'image_url_large': 'http://testserver/static/default_120.png', 'image_url_medium': 'http://testserver/static/default_50.png', diff --git a/lms/envs/common.py b/lms/envs/common.py index 16af0155dc..9205da22e1 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -3891,8 +3891,6 @@ ACCOUNT_VISIBILITY_CONFIGURATION = { 'account_privacy', 'profile_image', 'username', - "email", - "id", ], } @@ -3923,6 +3921,8 @@ ACCOUNT_VISIBILITY_CONFIGURATION["custom_shareable_fields"] = ( # The list of account fields that are visible only to staff and users viewing their own profiles ACCOUNT_VISIBILITY_CONFIGURATION["admin_fields"] = ( ACCOUNT_VISIBILITY_CONFIGURATION["custom_shareable_fields"] + [ + "email", + "id", "extended_profile", "gender", "state", diff --git a/openedx/core/djangoapps/user_api/accounts/tests/test_api.py b/openedx/core/djangoapps/user_api/accounts/tests/test_api.py index 79a52e409b..8fc00a19c8 100644 --- a/openedx/core/djangoapps/user_api/accounts/tests/test_api.py +++ b/openedx/core/djangoapps/user_api/accounts/tests/test_api.py @@ -119,20 +119,20 @@ class TestAccountApi(UserSettingsEventTestMixin, EmailTemplateTagMixin, CreateAc config = { "default_visibility": "private", "public_fields": [ - 'gender', 'name', + 'email', 'name', ], } - # With default configuration settings, gender is not shared with other (non-staff) users. + # With default configuration settings, email is not shared with other (non-staff) users. account_settings = get_account_settings(self.default_request, [self.different_user.username])[0] - assert 'gender' not in account_settings + assert 'email' not in account_settings account_settings = get_account_settings( self.default_request, [self.different_user.username], configuration=config, )[0] - assert self.different_user.profile.gender == account_settings['gender'] + assert self.different_user.email == account_settings['email'] def test_get_user_not_found(self): """Test that UserNotFound is thrown if there is no user with username.""" diff --git a/openedx/core/djangoapps/user_api/accounts/tests/test_views.py b/openedx/core/djangoapps/user_api/accounts/tests/test_views.py index c748cc7e07..6dd4235d25 100644 --- a/openedx/core/djangoapps/user_api/accounts/tests/test_views.py +++ b/openedx/core/djangoapps/user_api/accounts/tests/test_views.py @@ -244,16 +244,14 @@ class TestAccountsAPI(CacheIsolationTestCase, UserAPITestCase): Verify that the shareable fields from the account are returned """ data = response.data - assert 14 == len(data) + assert 12 == len(data) - # public fields (5) + # public fields (3) assert account_privacy == data['account_privacy'] self._verify_profile_image_data(data, True) assert self.user.username == data['username'] - assert self.user.id == data['id'] - assert self.user.email == data['email'] - # additional shareable fields (9) + # additional shareable fields (8) assert TEST_BIO_VALUE == data['bio'] assert 'US' == data['country'] assert data['date_joined'] is not None @@ -262,19 +260,16 @@ class TestAccountsAPI(CacheIsolationTestCase, UserAPITestCase): assert data['social_links'] is not None assert data['time_zone'] is None assert badges_enabled == data['accomplishments_shared'] - assert 'course_certificates' in data def _verify_private_account_response(self, response, requires_parental_consent=False): """ Verify that only the public fields are returned if a user does not want to share account fields """ data = response.data - assert 5 == len(data) + assert 3 == len(data) assert PRIVATE_VISIBILITY == data['account_privacy'] self._verify_profile_image_data(data, not requires_parental_consent) assert self.user.username == data['username'] - assert self.user.id == data['id'] - assert self.user.email == data['email'] def _verify_full_account_response(self, response, requires_parental_consent=False, year_of_birth=2000): """ @@ -495,12 +490,10 @@ class TestAccountsAPI(CacheIsolationTestCase, UserAPITestCase): # verify response if requesting_username == "different_user": data = response.data - assert 8 == len(data) + assert 6 == len(data) # public fields assert self.user.username == data['username'] - assert self.user.id == data['id'] - assert self.user.email == data['email'] assert UserPreference.get_value(self.user, 'account_privacy') == data['account_privacy'] self._verify_profile_image_data(data, has_profile_image=True) diff --git a/openedx/core/djangoapps/user_api/accounts/views.py b/openedx/core/djangoapps/user_api/accounts/views.py index 24bee3b55a..3384c2a0b3 100644 --- a/openedx/core/djangoapps/user_api/accounts/views.py +++ b/openedx/core/djangoapps/user_api/accounts/views.py @@ -134,8 +134,8 @@ class AccountViewSet(ViewSet): **Example Requests** GET /api/user/v1/me[?view=shared] - GET /api/user/v1/accounts?usernames={username1},{username2}[?view=shared] - GET /api/user/v1/accounts?email={user_email1},{user_email2} + GET /api/user/v1/accounts?usernames={username1,username2}[?view=shared] + GET /api/user/v1/accounts?email={user_email} GET /api/user/v1/accounts/{username}/[?view=shared] PATCH /api/user/v1/accounts/{username}/{"key":"value"} "application/merge-patch+json" @@ -299,20 +299,22 @@ class AccountViewSet(ViewSet): def list(self, request): """ - GET /api/user/v1/accounts?username={username1},{username2} - GET /api/user/v1/accounts?email={user_email1},{user_email2} + GET /api/user/v1/accounts?username={username1,username2} + GET /api/user/v1/accounts?email={user_email} """ usernames = request.GET.get('username') - user_emails = request.GET.get('email') + user_email = request.GET.get('email') search_usernames = [] if usernames: search_usernames = usernames.strip(',').split(',') - elif user_emails: - user_emails = user_emails.strip(',').split(',') - search_usernames = User.objects.filter(email__in=user_emails).values_list('username') - if not search_usernames: + elif user_email: + user_email = user_email.strip('') + try: + user = User.objects.get(email=user_email) + except (UserNotFound, User.DoesNotExist): return Response(status=status.HTTP_404_NOT_FOUND) + search_usernames = [user.username] try: account_settings = get_account_settings( request, search_usernames, view=request.query_params.get('view'))