Merge branch 'xanf-blocked-profile-page' into 'master'

Resolve "Profile page remains active after user has been blocked"

See merge request gitlab-org/gitlab!21706

app/policies/user_policy.rb

@@ -10,6 +10,9 @@ class UserPolicy < BasePolicy
   desc "The profile is private"
   condition(:private_profile, scope: :subject, score: 0) { @subject.private_profile? }
 
+  desc "The user is blocked"
+  condition(:blocked_user, scope: :subject, score: 0) { @subject.blocked? }
+
   rule { ~restricted_public_level }.enable :read_user
   rule { ~anonymous }.enable :read_user
 
@@ -20,5 +23,5 @@ class UserPolicy < BasePolicy
   end
 
   rule { default }.enable :read_user_profile
-  rule { private_profile & ~(user_is_self | admin) }.prevent :read_user_profile
+  rule { (private_profile | blocked_user) & ~(user_is_self | admin) }.prevent :read_user_profile
 end

app/views/users/_profile_basic_info.html.haml

+%p
+  %span.middle-dot-divider
+    @#{@user.username}
+  - if can?(current_user, :read_user_profile, @user)
+    %span.middle-dot-divider
+      = s_('Member since %{date}') % { date: @user.created_at.to_date.to_s(:long) }

app/views/users/show.html.haml

 - @hide_top_links = true
 - @hide_breadcrumbs = true
 - @no_container = true
-- page_title       @user.name
+- page_title       @user.blocked? ? s_('UserProfile|Blocked user') : @user.name
 - page_description @user.bio
 - header_title     @user.name, user_path(@user)
 
@@ -36,50 +36,48 @@
         = link_to avatar_icon_for_user(@user, 400), target: '_blank', rel: 'noopener noreferrer' do
           = image_tag avatar_icon_for_user(@user, 90), class: "avatar s90", alt: ''
 
-      .user-info
-        .cover-title
-          = @user.name
-
-        - if @user.status
-          .cover-status
-            = emoji_icon(@user.status.emoji)
-            = markdown_field(@user.status, :message)
-
-        .cover-desc.member-date.cgray
-          %p
-            %span.middle-dot-divider
-              @#{@user.username}
-            - if can?(current_user, :read_user_profile, @user)
-              %span.middle-dot-divider
-                = s_('Member since %{date}') % { date: @user.created_at.to_date.to_s(:long) }
-
-        .cover-desc.cgray
-          - unless @user.public_email.blank?
-            .profile-link-holder.middle-dot-divider
-              = link_to @user.public_email, "mailto:#{@user.public_email}", class: 'text-link'
-          - unless @user.skype.blank?
-            .profile-link-holder.middle-dot-divider
-              = link_to "skype:#{@user.skype}", title: "Skype" do
-                = icon('skype')
-          - unless @user.linkedin.blank?
-            .profile-link-holder.middle-dot-divider
-              = link_to linkedin_url(@user), title: "LinkedIn", target: '_blank', rel: 'noopener noreferrer nofollow' do
-                = icon('linkedin-square')
-          - unless @user.twitter.blank?
-            .profile-link-holder.middle-dot-divider
-              = link_to twitter_url(@user), title: "Twitter", target: '_blank', rel: 'noopener noreferrer nofollow' do
-                = icon('twitter-square')
-          - unless @user.website_url.blank?
-            .profile-link-holder.middle-dot-divider
-              = link_to @user.short_website_url, @user.full_website_url, class: 'text-link', target: '_blank', rel: 'me noopener noreferrer nofollow'
-          - unless @user.location.blank?
-            .profile-link-holder.middle-dot-divider
-              = sprite_icon('location', size: 16, css_class: 'vertical-align-sub')
-              = @user.location
-          - unless @user.organization.blank?
-            .profile-link-holder.middle-dot-divider
-              = sprite_icon('work', size: 16, css_class: 'vertical-align-sub')
-              = @user.organization
+      - if @user.blocked?
+        .user-info
+          .cover-title
+            = s_('UserProfile|Blocked user')
+        = render "users/profile_basic_info"
+      - else
+        .user-info
+          .cover-title
+            = @user.name
+
+          - if @user.status
+            .cover-status
+              = emoji_icon(@user.status.emoji)
+              = markdown_field(@user.status, :message)
+          = render "users/profile_basic_info"
+          .cover-desc.cgray
+            - unless @user.public_email.blank?
+              .profile-link-holder.middle-dot-divider
+                = link_to @user.public_email, "mailto:#{@user.public_email}", class: 'text-link'
+            - unless @user.skype.blank?
+              .profile-link-holder.middle-dot-divider
+                = link_to "skype:#{@user.skype}", title: "Skype" do
+                  = icon('skype')
+            - unless @user.linkedin.blank?
+              .profile-link-holder.middle-dot-divider
+                = link_to linkedin_url(@user), title: "LinkedIn", target: '_blank', rel: 'noopener noreferrer nofollow' do
+                  = icon('linkedin-square')
+            - unless @user.twitter.blank?
+              .profile-link-holder.middle-dot-divider
+                = link_to twitter_url(@user), title: "Twitter", target: '_blank', rel: 'noopener noreferrer nofollow' do
+                  = icon('twitter-square')
+            - unless @user.website_url.blank?
+              .profile-link-holder.middle-dot-divider
+                = link_to @user.short_website_url, @user.full_website_url, class: 'text-link', target: '_blank', rel: 'me noopener noreferrer nofollow'
+            - unless @user.location.blank?
+              .profile-link-holder.middle-dot-divider
+                = sprite_icon('location', size: 16, css_class: 'vertical-align-sub')
+                = @user.location
+            - unless @user.organization.blank?
+              .profile-link-holder.middle-dot-divider
+                = sprite_icon('work', size: 16, css_class: 'vertical-align-sub')
+                = @user.organization
 
         - if @user.bio.present?
           .cover-desc.cgray
@@ -165,4 +163,8 @@
       .col-12.text-center
         .text-content
           %h4
-            = s_('UserProfile|This user has a private profile')
+            - if @user.blocked?
+              = s_('UserProfile|This user is blocked')
+            - else
+              = s_('UserProfile|This user has a private profile')
+

changelogs/unreleased/xanf-blocked-profile-page.yml

+---
+title: Hide profile information when user is blocked
+merge_request: 21706
+author:
+type: added

locale/gitlab.pot

@@ -19625,6 +19625,9 @@ msgstr ""
 msgid "UserProfile|Already reported for abuse"
 msgstr ""
 
+msgid "UserProfile|Blocked user"
+msgstr ""
+
 msgid "UserProfile|Contributed projects"
 msgstr ""
 
@@ -19685,6 +19688,9 @@ msgstr ""
 msgid "UserProfile|This user hasn't starred any projects"
 msgstr ""
 
+msgid "UserProfile|This user is blocked"
+msgstr ""
+
 msgid "UserProfile|View all"
 msgstr ""
 

spec/features/users/show_spec.rb

@@ -59,6 +59,42 @@ describe 'User page' do
     end
   end
 
+  context 'with blocked profile' do
+    let(:user) { create(:user, state: :blocked) }
+
+    it 'shows no tab' do
+      visit(user_path(user))
+
+      expect(page).to have_css("div.profile-header")
+      expect(page).not_to have_css("ul.nav-links")
+    end
+
+    it 'shows blocked message' do
+      visit(user_path(user))
+
+      expect(page).to have_content("This user is blocked")
+    end
+
+    it 'shows user name as blocked' do
+      visit(user_path(user))
+
+      expect(page).to have_css(".cover-title", text: 'Blocked user')
+    end
+
+    it 'shows no additional fields' do
+      visit(user_path(user))
+
+      expect(page).not_to have_css(".profile-user-bio")
+      expect(page).not_to have_css(".profile-link-holder")
+    end
+
+    it 'shows username' do
+      visit(user_path(user))
+
+      expect(page).to have_content("@#{user.username}")
+    end
+  end
+
   it 'shows the status if there was one' do
     create(:user_status, user: user, message: "Working hard!")