Fix profile page email display, respect settings (#23747) (#23756)

Backport #23747 by @wxiaoguang Always respect the `setting.UI.ShowUserEmail` and `KeepEmailPrivate` setting. * It doesn't make sense to show user's own E-mail to themself. * Always hide the E-mail if KeepEmailPrivate=true, then the user could know how their profile page looks like for others. * Revert the `setting.UI.ShowUserEmail` change from #4981 . This setting is used to control the E-mail display, not only for the user list page. ps: the incorrect `<div .../>` tag on the profile page has been fixed by #23748 together, so this PR becomes simpler. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-10-24 17:14:30 +02:00 · 2023-03-27 19:55:20 -04:00 · 2023-03-27 19:55:20 -04:00 · 1fed0e1adc
commit 1fed0e1adc
parent 88a652fa92
2 changed files with 33 additions and 22 deletions
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@ -292,7 +292,7 @@ func Profile(ctx *context.Context) {
 	ctx.Data["IsPackageEnabled"] = setting.Packages.Enabled
 	ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled

-	ctx.Data["ShowUserEmail"] = len(ctx.ContextUser.Email) > 0 && ctx.IsSigned && (!ctx.ContextUser.KeepEmailPrivate || ctx.ContextUser.ID == ctx.Doer.ID)
+	ctx.Data["ShowUserEmail"] = setting.UI.ShowUserEmail && ctx.ContextUser.Email != "" && ctx.IsSigned && !ctx.ContextUser.KeepEmailPrivate

 	ctx.HTML(http.StatusOK, tplProfile)
 }
--- a/tests/integration/setting_test.go
+++ b/tests/integration/setting_test.go
@ -45,38 +45,49 @@ func TestSettingShowUserEmailProfile(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()

 	showUserEmail := setting.UI.ShowUserEmail
+
+	// user1: keep_email_private = false, user2: keep_email_private = true
+
 	setting.UI.ShowUserEmail = true

-	session := loginUser(t, "user2")
-	req := NewRequest(t, "GET", "/user2")
+	// user1 can see self
+	session := loginUser(t, "user1")
+	req := NewRequest(t, "GET", "/user1")
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc := NewHTMLParser(t, resp.Body)
-	assert.Contains(t,
-		htmlDoc.doc.Find(".user.profile").Text(),
-		"user2@example.com",
-	)
+	assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
+
+	// user1 can not see user2
+	req = NewRequest(t, "GET", "/user2")
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc = NewHTMLParser(t, resp.Body)
+	// Should not contain even if the user visits their own profile page
+	assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com")
+
+	// user2 can see user1
+	session = loginUser(t, "user2")
+	req = NewRequest(t, "GET", "/user1")
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc = NewHTMLParser(t, resp.Body)
+	assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
+
+	// user2 can not see self
+	session = loginUser(t, "user2")
+	req = NewRequest(t, "GET", "/user2")
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc = NewHTMLParser(t, resp.Body)
+	assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com")

 	setting.UI.ShowUserEmail = false

-	req = NewRequest(t, "GET", "/user2")
+	// user1 can not see self
+	session = loginUser(t, "user1")
+	req = NewRequest(t, "GET", "/user1")
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc = NewHTMLParser(t, resp.Body)
-	// Should contain since this user owns the profile page
-	assert.Contains(t,
-		htmlDoc.doc.Find(".user.profile").Text(),
-		"user2@example.com",
-	)
+	assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")

 	setting.UI.ShowUserEmail = showUserEmail
-
-	session = loginUser(t, "user4")
-	req = NewRequest(t, "GET", "/user2")
-	resp = session.MakeRequest(t, req, http.StatusOK)
-	htmlDoc = NewHTMLParser(t, resp.Body)
-	assert.NotContains(t,
-		htmlDoc.doc.Find(".user.profile").Text(),
-		"user2@example.com",
-	)
 }

 func TestSettingLandingPage(t *testing.T) {