From 1496bb6079b8edbb46cce5bc2b3aa06ce1ccaa36 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Mon, 24 Jun 2024 08:19:11 +0000
Subject: [PATCH] Better logic for showing user feed/public activity elements
 (#4189)

There are a few changes of template logic which defines when which elements should be shown on profile page. The motivation is to have the elements when needed and don't when they're not relevant.

## Changes

### RSS button

Now displayed if:
* feeds are enabled
AND one or more of:
* the current user is an admin
* the current user is viewing their profile
* the activity is publicly available

So, basically in cases when the .rss feed actually contains any events. Before this change this button was constantly shown and was giving an empty feed if it was unavailable.

### Public activity tab

The tab is displayed if:
* the current user is an admin
* the current user is viewing their profile
* the activity is publicly available
* the current tab is this exact tab, for example, in case it was accessed by adding `?tab=activity` to the URL, so that the UI is not broken w/o a highlighted tab

So, this tab is not displayed when it's not going to contain any information, but still can be accessed.

### Banner "This user has disabled the public visibility of the activity."

For admins:
* always show the big blue banner to warn that sharing a screenshot of this publicly is bad idea

For self:
* always display a little note about the current visibility status with a "Change" link

For others:
* only display a little note to explain why the activity is not shown

### Heatmap and activity feed

Elements are only displayed when relevant, instead of keeping empty leftovers, for easier testing. This template change is also covered by test. **Everything in this Changes section is covered by test unless I forgot something.**

## Preview

There's obviously too many states to screenshot, here are highlights:

![](https://codeberg.org/attachments/47559531-9bcd-46c0-90d4-8b51512da752)
_Warning admin for why they're seeing the information_

![](https://codeberg.org/attachments/3107bf62-955b-4fe5-bce3-6305a928afe1)
_Viewing self - private_

![](https://codeberg.org/attachments/afb63ead-fb0b-4fc7-9d8b-c6c09e9ae62b)
_Viewing self - public_

![](https://codeberg.org/attachments/df3c090a-7490-4827-b33b-771fd4fa0a9f)
_Don't have access to the information_

![](https://codeberg.org/attachments/2dd2b0ac-2fe0-4453-aa4b-e91fd08f4411)
_The tab is not shown when the activity can't be accessed_

![](https://codeberg.org/attachments/ed4c61de-b3b7-4523-b92b-bc76e1d8b7c5)
_Can't access the RSS feed_

![](https://codeberg.org/attachments/5a27f2be-d79c-4fb4-85a5-758348398f1b)
_Can access the RSS feed_

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4189
Reviewed-by: Otto <otto@codeberg.org>
---
 options/locale/locale_en-US.ini               |  7 +-
 release-notes/8.0.0/4189.md                   |  1 +
 templates/shared/user/profile_big_avatar.tmpl |  2 +-
 templates/user/overview/header.tmpl           |  8 +-
 templates/user/profile.tmpl                   | 30 +++++-
 .../integration/user_profile_activity_test.go | 97 +++++++++++++++++++
 6 files changed, 135 insertions(+), 10 deletions(-)
 create mode 100644 release-notes/8.0.0/4189.md
 create mode 100644 tests/integration/user_profile_activity_test.go

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index a6a3446cac..7ef6b3f894 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -679,11 +679,16 @@ overview = Overview
 block = Block
 unblock = Unblock
 user_bio = Biography
-disabled_public_activity = This user has disabled the public visibility of the activity.
 email_visibility.limited = Your email address is visible to all authenticated users
 show_on_map = Show this place on a map
 settings = User settings
 
+disabled_public_activity = This user has disabled the public visibility of the activity.
+public_activity.visibility_hint.self_public = Your activity is visible to everyone, except for interactions in private spaces. <a href="%s">Configure</a>.
+public_activity.visibility_hint.admin_public = This activity is visible to everyone, but as an administrator you can also see interactions in private spaces.
+public_activity.visibility_hint.self_private = Your activity is only visible to you and the instance administrators. <a href="%s">Configure</a>.
+public_activity.visibility_hint.admin_private = This activity is visible to you because you're an administrator, but the user wants it to remain private.
+
 form.name_reserved = The username "%s" is reserved.
 form.name_pattern_not_allowed = The pattern "%s" is not allowed in a username.
 form.name_chars_not_allowed = Username "%s" contains invalid characters.
diff --git a/release-notes/8.0.0/4189.md b/release-notes/8.0.0/4189.md
new file mode 100644
index 0000000000..214a104965
--- /dev/null
+++ b/release-notes/8.0.0/4189.md
@@ -0,0 +1 @@
+User profiles: only show RSS feed button and Public activity tab when the activity can be accessed, add messages about visibility
diff --git a/templates/shared/user/profile_big_avatar.tmpl b/templates/shared/user/profile_big_avatar.tmpl
index 8590c712ca..3063aeacf7 100644
--- a/templates/shared/user/profile_big_avatar.tmpl
+++ b/templates/shared/user/profile_big_avatar.tmpl
@@ -20,7 +20,7 @@
 				{{end}}</span>
 		<div class="tw-mt-2">
 			<a class="muted" href="{{.ContextUser.HomeLink}}?tab=followers">{{svg "octicon-people" 18 "tw-mr-1"}}{{ctx.Locale.TrN .NumFollowers "user.followers_one" "user.followers_few" .NumFollowers}}</a> · <a class="muted" href="{{.ContextUser.HomeLink}}?tab=following">{{ctx.Locale.TrN .NumFollowing "user.following_one" "user.following_few" .NumFollowing}}</a>
-			{{if .EnableFeed}}
+			{{if and .EnableFeed (or .IsAdmin (eq .SignedUserID .ContextUser.ID) (not .ContextUser.KeepActivityPrivate))}}
 				<a href="{{.ContextUser.HomeLink}}.rss"><i class="ui text grey tw-ml-2" data-tooltip-content="{{ctx.Locale.Tr "rss_feed"}}">{{svg "octicon-rss" 18}}</i></a>
 			{{end}}
 		</div>
diff --git a/templates/user/overview/header.tmpl b/templates/user/overview/header.tmpl
index 1ec83042a3..27568c311c 100644
--- a/templates/user/overview/header.tmpl
+++ b/templates/user/overview/header.tmpl
@@ -32,9 +32,11 @@
 			</a>
 		{{end}}
 		{{if .ContextUser.IsIndividual}}
-			<a class="{{if eq .TabName "activity"}}active {{end}}item" href="{{.ContextUser.HomeLink}}?tab=activity">
-				{{svg "octicon-rss"}} {{ctx.Locale.Tr "user.activity"}}
-			</a>
+			{{if or (eq .TabName "activity") .IsAdmin (eq .SignedUserID .ContextUser.ID) (not .ContextUser.KeepActivityPrivate)}}
+				<a class="{{if eq .TabName "activity"}}active {{end}}item" href="{{.ContextUser.HomeLink}}?tab=activity">
+					{{svg "octicon-rss"}} {{ctx.Locale.Tr "user.activity"}}
+				</a>
+			{{end}}
 			{{if not .DisableStars}}
 			<a class="{{if eq .TabName "stars"}}active {{end}}item" href="{{.ContextUser.HomeLink}}?tab=stars">
 				{{svg "octicon-star"}} {{ctx.Locale.Tr "user.starred"}}
diff --git a/templates/user/profile.tmpl b/templates/user/profile.tmpl
index 51b7a4f0ef..477b838b0f 100644
--- a/templates/user/profile.tmpl
+++ b/templates/user/profile.tmpl
@@ -9,13 +9,33 @@
 			<div class="ui twelve wide column tw-mb-4">
 				{{template "user/overview/header" .}}
 				{{if eq .TabName "activity"}}
-					{{if .ContextUser.KeepActivityPrivate}}
-						<div class="ui info message">
-							<p>{{ctx.Locale.Tr "user.disabled_public_activity"}}</p>
+					{{if eq .SignedUserID .ContextUser.ID}}
+					<p id="visibility-hint">
+						{{if .ContextUser.KeepActivityPrivate}}
+							{{ctx.Locale.Tr "user.public_activity.visibility_hint.self_private" "/user/settings#keep-activity-private"}}
+						{{else}}
+							{{ctx.Locale.Tr "user.public_activity.visibility_hint.self_public" "/user/settings#keep-activity-private"}}
+						{{end}}
+					</p>
+					{{else}}
+						{{if .IsAdmin}}
+						<div id="visibility-hint" class="ui info message">
+							{{if .ContextUser.KeepActivityPrivate}}
+								{{ctx.Locale.Tr "user.public_activity.visibility_hint.admin_private"}}
+							{{else}}
+								{{ctx.Locale.Tr "user.public_activity.visibility_hint.admin_public"}}
+							{{end}}
 						</div>
+						{{else}}
+							{{if .ContextUser.KeepActivityPrivate}}
+								<p id="visibility-hint">{{ctx.Locale.Tr "user.disabled_public_activity"}}</p>
+							{{end}}
+						{{end}}
+					{{end}}
+					{{if or .IsAdmin (eq .SignedUserID .ContextUser.ID) (not .ContextUser.KeepActivityPrivate)}}
+						{{template "user/heatmap" .}}
+						{{template "user/dashboard/feeds" .}}
 					{{end}}
-					{{template "user/heatmap" .}}
-					{{template "user/dashboard/feeds" .}}
 				{{else if eq .TabName "stars"}}
 					<div class="stars">
 						{{template "shared/repo_search" .}}
diff --git a/tests/integration/user_profile_activity_test.go b/tests/integration/user_profile_activity_test.go
new file mode 100644
index 0000000000..c5485db11b
--- /dev/null
+++ b/tests/integration/user_profile_activity_test.go
@@ -0,0 +1,97 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"net/http"
+	"net/url"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// TestUserProfileActivity ensures visibility and correctness of elements related to activity of a user:
+// - RSS feed button (doesn't test `other.ENABLE_FEED:false`)
+// - Public activity tab
+// - Banner/hint in the tab
+// - "Configure" link in the hint
+func TestUserProfileActivity(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
+		// This test needs multiple users with different access statuses to check for all possible states
+		userAdmin := loginUser(t, "user1")
+		userRegular := loginUser(t, "user2")
+		// Activity availability should be the same for guest and another non-admin user, so this is not tested separately
+		userGuest := emptyTestSession(t)
+
+		// The hint may contain "Configure" link with an anchor. Verify that it works.
+		response := userRegular.MakeRequest(t, NewRequest(t, "GET", "/user/settings"), http.StatusOK)
+		page := NewHTMLParser(t, response.Body)
+		assert.True(t, page.Find(".checkbox#keep-activity-private").Length() > 0)
+
+		// = Public =
+
+		// Set activity visibility of user2 to public. This is the default, but won't hurt to set it before testing.
+		testChangeUserActivityVisibility(t, userRegular, "off")
+
+		// Verify availability of RSS button and activity tab
+		testUser2ActivityButtonsAvailability(t, userAdmin, true)
+		testUser2ActivityButtonsAvailability(t, userRegular, true)
+		testUser2ActivityButtonsAvailability(t, userGuest, true)
+
+		// Verify the hint for all types of users: admin, self, guest
+		testUser2ActivityVisibility(t, userAdmin, "This activity is visible to everyone, but as an administrator you can also see interactions in private spaces.", true)
+		testUser2ActivityVisibility(t, userRegular, "Your activity is visible to everyone, except for interactions in private spaces. Configure.", true)
+		testUser2ActivityVisibility(t, userGuest, "", true)
+
+		// = Private =
+
+		// Set activity visibility of user2 to private
+		testChangeUserActivityVisibility(t, userRegular, "on")
+
+		// Verify availability of RSS button and activity tab
+		testUser2ActivityButtonsAvailability(t, userAdmin, true)
+		testUser2ActivityButtonsAvailability(t, userRegular, true)
+		testUser2ActivityButtonsAvailability(t, userGuest, false)
+
+		// Verify the hint for all types of users: admin, self, guest
+		testUser2ActivityVisibility(t, userAdmin, "This activity is visible to you because you're an administrator, but the user wants it to remain private.", true)
+		testUser2ActivityVisibility(t, userRegular, "Your activity is only visible to you and the instance administrators. Configure.", true)
+		testUser2ActivityVisibility(t, userGuest, "This user has disabled the public visibility of the activity.", false)
+	})
+}
+
+// testChangeUserActivityVisibility allows to easily change visibility of public activity for a user
+func testChangeUserActivityVisibility(t *testing.T, session *TestSession, newState string) {
+	t.Helper()
+	session.MakeRequest(t, NewRequestWithValues(t, "POST", "/user/settings",
+		map[string]string{
+			"_csrf":                 GetCSRF(t, session, "/user/settings"),
+			"keep_activity_private": newState,
+		}), http.StatusSeeOther)
+}
+
+// testUser2ActivityVisibility checks visibility of UI elements on /<user>?tab=activity
+func testUser2ActivityVisibility(t *testing.T, session *TestSession, hint string, availability bool) {
+	response := session.MakeRequest(t, NewRequest(t, "GET", "/user2?tab=activity"), http.StatusOK)
+	page := NewHTMLParser(t, response.Body)
+	// Check hint visibility and correctness
+	testSelectorEquals(t, page, "#visibility-hint", hint)
+
+	// Check that the hint aligns with the actual feed availability
+	assert.EqualValues(t, availability, page.Find("#activity-feed").Length() > 0)
+
+	// Check availability of RSS feed button too
+	assert.EqualValues(t, availability, page.Find("#profile-avatar-card a[href='/user2.rss']").Length() > 0)
+
+	// Check that the current tab is displayed and is active regardless of it's actual availability
+	// For example, on /<user> it wouldn't be available to guest, but it should be still present on /<user>?tab=activity
+	assert.True(t, page.Find("overflow-menu .active.item[href='/user2?tab=activity']").Length() > 0)
+}
+
+// testUser2ActivityButtonsAvailability check visibility of Public activity tab on main profile page
+func testUser2ActivityButtonsAvailability(t *testing.T, session *TestSession, buttons bool) {
+	response := session.MakeRequest(t, NewRequest(t, "GET", "/user2"), http.StatusOK)
+	page := NewHTMLParser(t, response.Body)
+	assert.EqualValues(t, buttons, page.Find("overflow-menu .item[href='/user2?tab=activity']").Length() > 0)
+}