From 3a33309b066d919f8a6e2d312b538e556894b079 Mon Sep 17 00:00:00 2001
From: Byron Jones <bjones@mozilla.com>
Date: Thu, 14 Nov 2013 13:57:00 +0800
Subject: Bug 935871: Don't show email address without logged in

---
 .../default/hook/bug/comments-user-image.html.tmpl |  6 ++-
 extensions/UserProfile/Extension.pm                | 35 +++++++++------
 .../en/default/pages/user_profile.html.tmpl        | 52 ++++++++++++----------
 3 files changed, 55 insertions(+), 38 deletions(-)

(limited to 'extensions')
diff --git a/extensions/Gravatar/template/en/default/hook/bug/comments-user-image.html.tmpl b/extensions/Gravatar/template/en/default/hook/bug/comments-user-image.html.tmpl
index 6faed368d..66714748b 100644
--- a/extensions/Gravatar/template/en/default/hook/bug/comments-user-image.html.tmpl
+++ b/extensions/Gravatar/template/en/default/hook/bug/comments-user-image.html.tmpl
@@ -8,7 +8,11 @@
 
 [% IF user.settings.show_gravatars.value == 'On' %]
   [% IF who.last_activity_ts %]
-    <a href="user_profile?login=[% who.login FILTER uri %]">
+    [% IF user.id %]
+      <a href="user_profile?login=[% who.login FILTER uri %]">
+    [% ELSE %]
+      <a href="user_profile?user_id=[% who.id FILTER uri %]">
+    [% END %]
   [% END %]
   <img align="middle" src="[% who.gravatar FILTER none %]" width="32" height="32" border="0">
   [% "</a>" IF who.last_activity_ts %]
diff --git a/extensions/UserProfile/Extension.pm b/extensions/UserProfile/Extension.pm
index 9e8eadb97..673c0c2a1 100644
--- a/extensions/UserProfile/Extension.pm
+++ b/extensions/UserProfile/Extension.pm
@@ -277,24 +277,33 @@ sub page_before_template {
     return unless $page eq 'user_profile.html';
     my $user = Bugzilla->user;
 
-    # check login
-    my $target;
+    # determine user to display
+    my ($target, $login);
     my $input = Bugzilla->input_params;
-    my $limit = Bugzilla->params->{'maxusermatches'} + 1;
-    my $login = $input->{login};
-    if (!$login) {
-        $target = Bugzilla->login(LOGIN_REQUIRED);
-        $login = $target->login;
+    if (my $user_id = $input->{user_id}) {
+        # load from user_id
+        $user_id = 0 if $user_id =~ /\D/;
+        $target = Bugzilla::User->check({ id => $user_id });
     } else {
-        my $users = Bugzilla::User::match($login, $limit, 1);
-        if (scalar(@$users) == 1) {
-            # always allow singular matches without confirmation
-            $target = $users->[0];
+        # loading from login name requires authentication
+        Bugzilla->login(LOGIN_REQUIRED);
+        $login = $input->{login};
+        if (!$login) {
+            # show current user's profile by default
+            $target = $user;
         } else {
-            Bugzilla::User::match_field({ 'login' => {'type' => 'single'} });
-            $target = Bugzilla::User->check($login);
+            my $limit = Bugzilla->params->{'maxusermatches'} + 1;
+            my $users = Bugzilla::User::match($login, $limit, 1);
+            if (scalar(@$users) == 1) {
+                # always allow singular matches without confirmation
+                $target = $users->[0];
+            } else {
+                Bugzilla::User::match_field({ 'login' => {'type' => 'single'} });
+                $target = Bugzilla::User->check($login);
+            }
         }
     }
+    $login ||= $target->login;
 
     # load statistics into $vars
     my $dbh = Bugzilla->switch_to_shadow_db;
diff --git a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
index f1107bd6a..aabc42db2 100644
--- a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
+++ b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
@@ -18,29 +18,31 @@
 
 <table id="user_profile_table">
 
-<tr>
-  <td>&nbsp;</td>
-  <th>Search</th>
-  <td colspan="2">
-    <form action="user_profile">
-      [% INCLUDE global/userselect.html.tmpl
-        id => "login"
-        name => "login"
-        value => login
-        size => 40
-        emptyok => 0
-      %]
-      &nbsp;&nbsp;<input type="submit" value="Show">
-    </form>
-  </td>
-</tr>
+[% IF user.id %]
+  <tr>
+    <td>&nbsp;</td>
+    <th>Search</th>
+    <td colspan="2">
+      <form action="user_profile">
+        [% INCLUDE global/userselect.html.tmpl
+          id => "login"
+          name => "login"
+          value => login
+          size => 40
+          emptyok => 0
+        %]
+        &nbsp;&nbsp;<input type="submit" value="Show">
+      </form>
+    </td>
+  </tr>
 
-<tr>
-  <td colspan="4" class="separator"><hr></td>
-</tr>
+  <tr>
+    <td colspan="4" class="separator"><hr></td>
+  </tr>
+[% END %]
 
 <tr>
-  <td rowspan="16" id="gravatar-container">
+  <td rowspan="[% user.id ? 16 : 15 %]" id="gravatar-container">
     [% IF user.gravatar %]
       <img id="gravatar" src="[% target.gravatar(256) FILTER none %]" width="128" height="128"><br>
       [% IF target.id == user.id %]
@@ -54,10 +56,12 @@
   <td colspan="2">[% target.name FILTER html %]</td>
 </tr>
 
-<tr>
-  <th>Email</th>
-  <td colspan="2"><a href="mailto:[% target.login FILTER uri %]">[% target.login FILTER html %]</a></td>
-</tr>
+[% IF user.id %]
+  <tr>
+    <th>Email</th>
+    <td colspan="2"><a href="mailto:[% target.login FILTER uri %]">[% target.login FILTER html %]</a></td>
+  </tr>
+[% END %]
 
 <tr>
   <td>&nbsp;</td>
-- 
cgit v1.2.3-24-g4f1b


	Search	- - [% INCLUDE global/userselect.html.tmpl - id => "login" - name => "login" - value => login - size => 40 - emptyok => 0 - %] - - -
	Search	+ + [% INCLUDE global/userselect.html.tmpl + id => "login" + name => "login" + value => login + size => 40 + emptyok => 0 + %] + + +


+	[% IF user.gravatar %] [% IF target.id == user.id %] @@ -54,10 +56,12 @@	[% target.name FILTER html %]
	Email	[% target.login FILTER html %]
	Email	[% target.login FILTER html %]