go-gitea · techknowlogick · Jun 5, 2020 · May 4, 2020 · May 4, 2020 · May 4, 2020
diff --git a/integrations/privateactivity_test.go b/integrations/privateactivity_test.go
diff --git a/models/action.go b/models/action.go
@@ -319,6 +319,12 @@ func GetFeeds(opts GetFeedsOptions) ([]*Action, error) {
 		cond = cond.And(builder.In("repo_id", AccessibleRepoIDsQuery(opts.Actor)))
 	}
 
+	if opts.Actor == nil || !opts.Actor.IsAdmin {
+		if opts.RequestedUser.KeepActivityPrivate && actorID != opts.RequestedUser.ID {
+			return make([]*Action, 0), nil
+		}
+	}
+
 	cond = cond.And(builder.Eq{"user_id": opts.RequestedUser.ID})
 
 	if opts.OnlyPerformedBy {

diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
@@ -210,6 +210,8 @@ var migrations = []Migration{
 	NewMigration("Add Branch Protection Block Outdated Branch", addBlockOnOutdatedBranch),
 	// v138 -> v139
 	NewMigration("Add ResolveDoerID to Comment table", addResolveDoerIDCommentColumn),
+	// v139 -> 140
+	NewMigration("Add KeepActivityPrivate to User table", addKeepActivityPrivateUserColumn),
 }
 
 // GetCurrentDBVersion returns the current db version

diff --git a/models/migrations/v139.go b/models/migrations/v139.go
@@ -0,0 +1,22 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"fmt"
+
+	"xorm.io/xorm"
+)
+
+func addKeepActivityPrivateUserColumn(x *xorm.Engine) error {
+	type User struct {
+		KeepActivityPrivate bool
+	}
+
+	if err := x.Sync2(new(User)); err != nil {
+		return fmt.Errorf("Sync2: %v", err)
+	}
+	return nil
+}
diff --git a/models/user.go b/models/user.go
@@ -163,8 +163,9 @@ type User struct {
 	RepoAdminChangeTeamAccess bool                `xorm:"NOT NULL DEFAULT false"`
 
 	// Preferences
-	DiffViewStyle string `xorm:"NOT NULL DEFAULT ''"`
-	Theme         string `xorm:"NOT NULL DEFAULT ''"`
+	DiffViewStyle       string `xorm:"NOT NULL DEFAULT ''"`
+	Theme               string `xorm:"NOT NULL DEFAULT ''"`
+	KeepActivityPrivate bool   `xorm:"NOT NULL DEFAULT false"`
 }
 
 // SearchOrganizationsOptions options to filter organizations

diff --git a/models/user_heatmap.go b/models/user_heatmap.go
@@ -18,6 +18,11 @@ type UserHeatmapData struct {
 // GetUserHeatmapDataByUser returns an array of UserHeatmapData
 func GetUserHeatmapDataByUser(user *User) ([]*UserHeatmapData, error) {
 	hdata := make([]*UserHeatmapData, 0)
+
+	if user.KeepActivityPrivate {
+		return hdata, nil
+	}
+
 	var groupBy string
 	var groupByName = "timestamp" // We need this extra case because mssql doesn't allow grouping by alias
 	switch {

diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go
@@ -196,14 +196,15 @@ func (f *AccessTokenForm) Validate(ctx *macaron.Context, errs binding.Errors) bi
 
 // UpdateProfileForm form for updating profile
 type UpdateProfileForm struct {
-	Name             string `binding:"AlphaDashDot;MaxSize(40)"`
-	FullName         string `binding:"MaxSize(100)"`
-	Email            string `binding:"Required;Email;MaxSize(254)"`
-	KeepEmailPrivate bool
-	Website          string `binding:"ValidUrl;MaxSize(255)"`
-	Location         string `binding:"MaxSize(50)"`
-	Language         string `binding:"Size(5)"`
-	Description      string `binding:"MaxSize(255)"`
+	Name                string `binding:"AlphaDashDot;MaxSize(40)"`
+	FullName            string `binding:"MaxSize(100)"`
+	Email               string `binding:"Required;Email;MaxSize(254)"`
+	KeepEmailPrivate    bool
+	Website             string `binding:"ValidUrl;MaxSize(255)"`
+	Location            string `binding:"MaxSize(50)"`
+	Language            string `binding:"Size(5)"`
+	Description         string `binding:"MaxSize(255)"`
+	KeepActivityPrivate bool
 }
 
 // Validate validates the fields

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
@@ -381,6 +381,7 @@ follow = Follow
 unfollow = Unfollow
 heatmap.loading = Loading Heatmap…
 user_bio = Biography
+disabled_public_activity = This user has disabled the public visibility of the activity.
 
 form.name_reserved = The username '%s' is reserved.
 form.name_pattern_not_allowed = The pattern '%s' is not allowed in a username.
@@ -419,6 +420,9 @@ continue = Continue
 cancel = Cancel
 language = Language
 ui = Theme
+privacy = Privacy
+keep_activity_private = Hide the activity from the profile page
+keep_activity_private_popup = Makes the activity visible only for you and the admins
 
 lookup_avatar_by_mail = Look Up Avatar by Email Address
 federated_avatar_lookup = Federated Avatar Lookup

diff --git a/routers/user/home.go b/routers/user/home.go
@@ -111,7 +111,9 @@ func Dashboard(ctx *context.Context) {
 	ctx.Data["PageIsDashboard"] = true
 	ctx.Data["PageIsNews"] = true
 	ctx.Data["SearchLimit"] = setting.UI.User.RepoPagingNum
-	ctx.Data["EnableHeatmap"] = setting.Service.EnableUserHeatmap
+	// no heatmap access for admins; GetUserHeatmapDataByUser ignores the calling user
+	// so everyone would get the same empty heatmap
+	ctx.Data["EnableHeatmap"] = setting.Service.EnableUserHeatmap && !ctxUser.KeepActivityPrivate
 	ctx.Data["HeatmapUser"] = ctxUser.Name
 
 	var err error

diff --git a/routers/user/profile.go b/routers/user/profile.go
@@ -93,7 +93,9 @@ func Profile(ctx *context.Context) {
 	ctx.Data["PageIsUserProfile"] = true
 	ctx.Data["Owner"] = ctxUser
 	ctx.Data["OpenIDs"] = openIDs
-	ctx.Data["EnableHeatmap"] = setting.Service.EnableUserHeatmap
+	// no heatmap access for admins; GetUserHeatmapDataByUser ignores the calling user
+	// so everyone would get the same empty heatmap
+	ctx.Data["EnableHeatmap"] = setting.Service.EnableUserHeatmap && !ctxUser.KeepActivityPrivate
 	ctx.Data["HeatmapUser"] = ctxUser.Name
 	showPrivate := ctx.IsSigned && (ctx.User.IsAdmin || ctx.User.ID == ctxUser.ID)
 

diff --git a/routers/user/setting/profile.go b/routers/user/setting/profile.go
@@ -96,6 +96,7 @@ func ProfilePost(ctx *context.Context, form auth.UpdateProfileForm) {
 	ctx.User.Location = form.Location
 	ctx.User.Language = form.Language
 	ctx.User.Description = form.Description
+	ctx.User.KeepActivityPrivate = form.KeepActivityPrivate
 	if err := models.UpdateUserSetting(ctx.User); err != nil {
 		if _, ok := err.(models.ErrEmailAlreadyUsed); ok {
 			ctx.Flash.Error(ctx.Tr("form.email_been_used"))

diff --git a/templates/user/profile.tmpl b/templates/user/profile.tmpl
@@ -104,6 +104,11 @@
 				</div>
 
 				{{if eq .TabName "activity"}}
+					{{if .Owner.KeepActivityPrivate}}
+						<div class="ui info message">
+							<p>{{.i18n.Tr "user.disabled_public_activity"}}</p>
+						</div>
+					{{end}}
 					{{if .EnableHeatmap}}
 						<div id="user-heatmap" style="padding-right: 40px">
 							<activity-heatmap :locale="locale" :suburl="suburl" :user="heatmapUser">

diff --git a/templates/user/settings/profile.tmpl b/templates/user/settings/profile.tmpl
@@ -58,6 +58,13 @@
 						</div>
 					</div>
 
+				<div class="field">
+					<label for="keep-activity-private">{{.i18n.Tr "settings.privacy"}}</label>
+					<div class="ui checkbox" id="keep-activity-private">
+						<label class="poping up" data-content="{{.i18n.Tr "settings.keep_activity_private_popup"}}"><strong>{{.i18n.Tr "settings.keep_activity_private"}}</strong></label>
+						<input name="keep_activity_private" type="checkbox" {{if .SignedUser.KeepActivityPrivate}}checked{{end}}>
+					</div>
+				</div>
 				<div class="field">
 					<button class="ui green button">{{$.i18n.Tr "settings.update_profile"}}</button>
 				</div>