Merge pull request #27239 from edx/hammad/ENT-4361

ENT-4361 | Added user's "id" and "email" as public fields in ACCOUNT_VISIBILITY_CONFIGURATION.
2021-04-13 17:21:43 +05:00
parent 783959572b 3aa9248dcf
commit d904534fc8
5 changed files with 29 additions and 22 deletions
--- a/lms/djangoapps/teams/tests/test_serializers.py
+++ b/lms/djangoapps/teams/tests/test_serializers.py
@@ -56,6 +56,8 @@ class MembershipSerializerTestCase(SerializerTestCase):
        username = self.user.username
        assert data['user'] == {'url': ('http://testserver/api/user/v1/accounts/' + username),
                                'username': username,
+                                'id': self.user.id,
+                                'email': self.user.email,
                                'profile_image': {'image_url_full': 'http://testserver/static/default_500.png',
                                                  'image_url_large': 'http://testserver/static/default_120.png',
                                                  'image_url_medium': 'http://testserver/static/default_50.png',
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -3858,6 +3858,8 @@ ACCOUNT_VISIBILITY_CONFIGURATION = {
        'account_privacy',
        'profile_image',
        'username',
+        "email",
+        "id",
    ],
 }

@@ -3888,8 +3890,6 @@ ACCOUNT_VISIBILITY_CONFIGURATION["custom_shareable_fields"] = (
 # The list of account fields that are visible only to staff and users viewing their own profiles
 ACCOUNT_VISIBILITY_CONFIGURATION["admin_fields"] = (
    ACCOUNT_VISIBILITY_CONFIGURATION["custom_shareable_fields"] + [
-        "email",
-        "id",
        "extended_profile",
        "gender",
        "state",
--- a/openedx/core/djangoapps/user_api/accounts/tests/test_api.py
+++ b/openedx/core/djangoapps/user_api/accounts/tests/test_api.py
@@ -119,20 +119,20 @@ class TestAccountApi(UserSettingsEventTestMixin, EmailTemplateTagMixin, CreateAc
        config = {
            "default_visibility": "private",
            "public_fields": [
-                'email', 'name',
+                'gender', 'name',
            ],
        }

-        # With default configuration settings, email is not shared with other (non-staff) users.
+        # With default configuration settings, gender is not shared with other (non-staff) users.
        account_settings = get_account_settings(self.default_request, [self.different_user.username])[0]
-        assert 'email' not in account_settings
+        assert 'gender' not in account_settings

        account_settings = get_account_settings(
            self.default_request,
            [self.different_user.username],
            configuration=config,
        )[0]
-        assert self.different_user.email == account_settings['email']
+        assert self.different_user.profile.gender == account_settings['gender']

    def test_get_user_not_found(self):
        """Test that UserNotFound is thrown if there is no user with username."""
--- a/openedx/core/djangoapps/user_api/accounts/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/accounts/tests/test_views.py
@@ -227,14 +227,16 @@ class TestAccountsAPI(CacheIsolationTestCase, UserAPITestCase):
        Verify that the shareable fields from the account are returned
        """
        data = response.data
-        assert 12 == len(data)
+        assert 14 == len(data)

-        # public fields (3)
+        # public fields (5)
        assert account_privacy == data['account_privacy']
        self._verify_profile_image_data(data, True)
        assert self.user.username == data['username']
+        assert self.user.id == data['id']
+        assert self.user.email == data['email']

-        # additional shareable fields (8)
+        # additional shareable fields (9)
        assert TEST_BIO_VALUE == data['bio']
        assert 'US' == data['country']
        assert data['date_joined'] is not None
@@ -243,16 +245,19 @@ class TestAccountsAPI(CacheIsolationTestCase, UserAPITestCase):
        assert data['social_links'] is not None
        assert data['time_zone'] is None
        assert badges_enabled == data['accomplishments_shared']
+        assert 'course_certificates' in data

    def _verify_private_account_response(self, response, requires_parental_consent=False):
        """
        Verify that only the public fields are returned if a user does not want to share account fields
        """
        data = response.data
-        assert 3 == len(data)
+        assert 5 == len(data)
        assert PRIVATE_VISIBILITY == data['account_privacy']
        self._verify_profile_image_data(data, not requires_parental_consent)
        assert self.user.username == data['username']
+        assert self.user.id == data['id']
+        assert self.user.email == data['email']

    def _verify_full_account_response(self, response, requires_parental_consent=False, year_of_birth=2000):
        """
@@ -434,10 +439,12 @@ class TestAccountsAPI(CacheIsolationTestCase, UserAPITestCase):
        # verify response
        if requesting_username == "different_user":
            data = response.data
-            assert 6 == len(data)
+            assert 8 == len(data)

            # public fields
            assert self.user.username == data['username']
+            assert self.user.id == data['id']
+            assert self.user.email == data['email']
            assert UserPreference.get_value(self.user, 'account_privacy') == data['account_privacy']
            self._verify_profile_image_data(data, has_profile_image=True)

--- a/openedx/core/djangoapps/user_api/accounts/views.py
+++ b/openedx/core/djangoapps/user_api/accounts/views.py
@@ -128,8 +128,8 @@ class AccountViewSet(ViewSet):
        **Example Requests**

            GET /api/user/v1/me[?view=shared]
-            GET /api/user/v1/accounts?usernames={username1,username2}[?view=shared]
-            GET /api/user/v1/accounts?email={user_email}
+            GET /api/user/v1/accounts?usernames={username1},{username2}[?view=shared]
+            GET /api/user/v1/accounts?email={user_email1},{user_email2}
            GET /api/user/v1/accounts/{username}/[?view=shared]

            PATCH /api/user/v1/accounts/{username}/{"key":"value"} "application/merge-patch+json"
@@ -290,22 +290,20 @@ class AccountViewSet(ViewSet):

    def list(self, request):
        """
-        GET /api/user/v1/accounts?username={username1,username2}
-        GET /api/user/v1/accounts?email={user_email}
+        GET /api/user/v1/accounts?username={username1},{username2}
+        GET /api/user/v1/accounts?email={user_email1},{user_email2}
        """
        usernames = request.GET.get('username')
-        user_email = request.GET.get('email')
+        user_emails = request.GET.get('email')
        search_usernames = []

        if usernames:
            search_usernames = usernames.strip(',').split(',')
-        elif user_email:
-            user_email = user_email.strip('')
-            try:
-                user = User.objects.get(email=user_email)
-            except (UserNotFound, User.DoesNotExist):
+        elif user_emails:
+            user_emails = user_emails.strip(',').split(',')
+            search_usernames = User.objects.filter(email__in=user_emails).values_list('username')
+            if not search_usernames:
                return Response(status=status.HTTP_404_NOT_FOUND)
-            search_usernames = [user.username]
        try:
            account_settings = get_account_settings(
                request, search_usernames, view=request.query_params.get('view'))