diff --git a/gratipay/utils/__init__.py b/gratipay/utils/__init__.py index ed2a5adb80..8624a6b076 100644 --- a/gratipay/utils/__init__.py +++ b/gratipay/utils/__init__.py @@ -136,7 +136,7 @@ def update_cta(website): nusers = website.db.one(""" SELECT nusers FROM paydays ORDER BY ts_end DESC LIMIT 1 - """, default=(0.0, 0)) + """, default=0) nreceiving_from = website.db.one(""" SELECT nreceiving_from FROM teams diff --git a/templates/profile.html b/templates/profile.html index 399562f537..992d6369ef 100644 --- a/templates/profile.html +++ b/templates/profile.html @@ -52,7 +52,7 @@ {{ _("Giving") }} {% if participant.anonymous_giving %} - {% if user.ADMIN %} + {% if user.ADMIN or (user.participant == participant)%} {{ format_currency(participant.giving, 'USD') }} [{{ participant.ngiving_to }}] {% else %} diff --git a/tests/py/test_privacy_json.py b/tests/py/test_privacy_json.py index 985a888c4a..2047b68483 100644 --- a/tests/py/test_privacy_json.py +++ b/tests/py/test_privacy_json.py @@ -58,3 +58,57 @@ def test_participant_does_show_up_on_search(self): def test_participant_doesnt_show_up_on_search(self): self.hit_privacy('POST', data={'toggle': 'is_searchable'}) assert 'alice' not in self.client.GET("/search.json?q=alice").body + + # Related to anonymous_giving + + def test_anon_can_see_giving_for_non_anonymous_giving(self): + self.make_participant('bob', claimed_time='now', + giving=10.79, ngiving_to=342, anonymous_giving=False) + assert '10.79' in self.client.GET('/~bob/').body + assert '342' in self.client.GET('/~bob/').body + + def test_auth_can_see_giving_for_non_anonymous_giving(self): + self.make_participant('bob', claimed_time='now', + giving=10.79, ngiving_to=342, anonymous_giving=False) + assert '10.79' in self.client.GET('/~bob/', auth_as='alice').body + assert '342' in self.client.GET('/~bob/', auth_as='alice').body + + def test_admin_can_see_giving_for_non_anonymous_giving(self): + self.make_participant('bob', claimed_time='now', + giving=10.79, ngiving_to=342, anonymous_giving=False) + self.make_participant('admin', is_admin=True) + assert '10.79' in self.client.GET('/~bob/', auth_as='admin').body + assert '342' in self.client.GET('/~bob/', auth_as='admin').body + assert '[342]' not in self.client.GET('/~bob/', auth_as='admin').body + + def test_self_can_see_giving_for_non_anonymous_giving(self): + self.make_participant('bob', claimed_time='now', + giving=10.79, ngiving_to=342, anonymous_giving=False) + assert '10.79' in self.client.GET('/~bob/', auth_as='bob').body.decode('utf8') + assert '342' in self.client.GET('/~bob/', auth_as='bob').body.decode('utf8') + assert '[342]' not in self.client.GET('/~bob/', auth_as='bob').body.decode('utf8') + + def test_anon_cannot_see_giving_for_anonymous_giving(self): + self.make_participant('bob', claimed_time='now', + giving=10.79, ngiving_to=342, anonymous_giving=True) + assert '10.79' not in self.client.GET('/~bob/').body + assert '342' not in self.client.GET('/~bob/').body + + def test_auth_cannot_see_giving_for_anonymous_giving(self): + self.make_participant('bob', claimed_time='now', + giving=10.79, ngiving_to=342, anonymous_giving=True) + assert '10.79' not in self.client.GET('/~bob/', auth_as='alice').body + assert '342' not in self.client.GET('/~bob/', auth_as='alice').body + + def test_admin_can_see_giving_for_anonymous_giving(self): + self.make_participant('bob', claimed_time='now', + giving=10.79, ngiving_to=342, anonymous_giving=True) + self.make_participant('admin', is_admin=True) + assert '10.79' in self.client.GET('/~bob/', auth_as='admin').body + assert '[342]' in self.client.GET('/~bob/', auth_as='admin').body + + def test_self_can_see_giving_for_anonymous_giving(self): + self.make_participant('bob', claimed_time='now', + giving=10.79, ngiving_to=342, anonymous_giving=True) + assert '10.79' in self.client.GET('/~bob/', auth_as='bob').body.decode('utf8') + assert '[342]' in self.client.GET('/~bob/', auth_as='bob').body.decode('utf8')