From ab1b2de1f657ce69766d4a6d91ad483d25d75fe1 Mon Sep 17 00:00:00 2001 From: octavioamu Date: Thu, 23 May 2019 21:05:18 -0300 Subject: [PATCH 1/8] fix data leak --- app/dashboard/views.py | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/app/dashboard/views.py b/app/dashboard/views.py index cb02dbc24f0..41c97cdd9cb 100644 --- a/app/dashboard/views.py +++ b/app/dashboard/views.py @@ -820,33 +820,39 @@ def users_fetch(request): all_users = [] for user in all_pages.page(page): profile_json = {} - profile_json = user.to_standard_dict() - if user.avatar_baseavatar_related.exists(): - user_avatar = user.avatar_baseavatar_related.first() - profile_json['avatar_id'] = user_avatar.pk - profile_json['avatar_url'] = user_avatar.avatar_url + # profile_json = user.to_standard_dict() count_work_completed = Activity.objects.filter(profile=user, activity_type='work_done').count() count_work_in_progress = Activity.objects.filter(profile=user, activity_type='start_work').count() - previously_worked_with = 0 - if profile: - previously_worked_with = BountyFulfillment.objects.filter( - bounty__bounty_owner_github_username__iexact=profile.handle, - fulfiller_github_username__iexact=user.handle, - bounty__network=network, - bounty__accepted=True - ).count() - + profile_json['id'] = user.id + profile_json['actions_count'] = user.actions_count + profile_json['created_on'] = user.created_on + profile_json['data'] = user.data + profile_json['email'] = user.email + profile_json['handle'] = user.handle + profile_json['hide_profile'] = user.hide_profile + profile_json['job_status'] = user.job_status_verbose if user.job_search_status else None + profile_json['show_job_status'] = user.show_job_status + profile_json['job_location'] = user.job_location + profile_json['job_salary'] = user.job_salary + profile_json['job_search_status'] = user.job_search_status + profile_json['job_type'] = user.job_type + profile_json['linkedin_url'] = user.linkedin_url + profile_json['resume'] = user.resume + profile_json['remote'] = user.remote + profile_json['keywords'] = user.keywords + profile_json['organizations'] = user.organizations profile_json['position_contributor'] = user.get_contributor_leaderboard_index() profile_json['position_funder'] = user.get_funder_leaderboard_index() profile_json['work_done'] = count_work_completed profile_json['work_inprogress'] = count_work_in_progress - profile_json['previously_worked'] = previously_worked_with > 0 - - profile_json['job_status'] = user.job_status_verbose if user.job_search_status else None profile_json['verification'] = user.get_my_verified_check profile_json['avg_rating'] = user.get_average_star_rating # profile_json['bounties'] = user.get_quarterly_stats profile_json['is_org'] = user.is_org + if user.avatar_baseavatar_related.exists(): + user_avatar = user.avatar_baseavatar_related.first() + profile_json['avatar_id'] = user_avatar.pk + profile_json['avatar_url'] = user_avatar.avatar_url all_users.append(profile_json) # dumping and loading the json here quickly passes serialization issues - definitely can be a better solution From f5eaf728eb8b370d90f16d5be87c02ef3e2c8a16 Mon Sep 17 00:00:00 2001 From: octavioamu Date: Thu, 23 May 2019 21:10:10 -0300 Subject: [PATCH 2/8] fix resume condition --- app/dashboard/templates/dashboard/users.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/dashboard/templates/dashboard/users.html b/app/dashboard/templates/dashboard/users.html index 2502397a115..00af6c4ca31 100644 --- a/app/dashboard/templates/dashboard/users.html +++ b/app/dashboard/templates/dashboard/users.html @@ -167,9 +167,10 @@
- + [[ user.job_status ]] + [[ user.job_status ]]
#[[ user.position_contributor ]] contributor #[[ user.position_funder ]] funder From 7c732560cf8c0411b702d345a7473ab453b8d4ea Mon Sep 17 00:00:00 2001 From: octavioamu Date: Thu, 23 May 2019 21:57:37 -0300 Subject: [PATCH 3/8] remove json data --- app/dashboard/templates/dashboard/users.html | 9 +++------ app/dashboard/views.py | 7 +++++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/dashboard/templates/dashboard/users.html b/app/dashboard/templates/dashboard/users.html index 00af6c4ca31..1649344a55a 100644 --- a/app/dashboard/templates/dashboard/users.html +++ b/app/dashboard/templates/dashboard/users.html @@ -127,7 +127,7 @@
- [[ user.data.name || user.handle ]] + [[ user.name || user.handle ]] verify badget @@ -153,15 +153,12 @@
- + - + - - - diff --git a/app/dashboard/views.py b/app/dashboard/views.py index 41c97cdd9cb..af90f4dca07 100644 --- a/app/dashboard/views.py +++ b/app/dashboard/views.py @@ -826,8 +826,7 @@ def users_fetch(request): profile_json['id'] = user.id profile_json['actions_count'] = user.actions_count profile_json['created_on'] = user.created_on - profile_json['data'] = user.data - profile_json['email'] = user.email + # profile_json['data'] = user.data profile_json['handle'] = user.handle profile_json['hide_profile'] = user.hide_profile profile_json['job_status'] = user.job_status_verbose if user.job_search_status else None @@ -853,6 +852,10 @@ def users_fetch(request): user_avatar = user.avatar_baseavatar_related.first() profile_json['avatar_id'] = user_avatar.pk profile_json['avatar_url'] = user_avatar.avatar_url + if user.data: + user_data = user.data + print(user_data) + profile_json['blog'] = user_data['blog'] all_users.append(profile_json) # dumping and loading the json here quickly passes serialization issues - definitely can be a better solution From 54a795e15bf9f218f1b67cbbf051c4e94290ad8a Mon Sep 17 00:00:00 2001 From: octavioamu Date: Thu, 23 May 2019 22:31:54 -0300 Subject: [PATCH 4/8] filter hide_profiles --- app/dashboard/views.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/dashboard/views.py b/app/dashboard/views.py index af90f4dca07..753d8e85a87 100644 --- a/app/dashboard/views.py +++ b/app/dashboard/views.py @@ -776,7 +776,9 @@ def users_fetch(request): else: network = 'rinkeby' - user_list = Profile.objects.prefetch_related('fulfilled', 'leaderboard_ranks', 'feedbacks_got').order_by(order_by) + user_list = Profile.objects.prefetch_related( + 'fulfilled', 'leaderboard_ranks', 'feedbacks_got' + ).exclude(hide_profile=True).order_by(order_by) if q: user_list = user_list.filter(Q(handle__icontains=q) | Q(keywords__icontains=q)) From 83221f6c507dc126660b563967363ef77d50ecb2 Mon Sep 17 00:00:00 2001 From: octavioamu Date: Fri, 24 May 2019 16:56:19 -0300 Subject: [PATCH 5/8] review changes --- app/dashboard/views.py | 41 +++++++++++++---------------------------- 1 file changed, 13 insertions(+), 28 deletions(-) diff --git a/app/dashboard/views.py b/app/dashboard/views.py index 753d8e85a87..dacb9d05f30 100644 --- a/app/dashboard/views.py +++ b/app/dashboard/views.py @@ -776,18 +776,18 @@ def users_fetch(request): else: network = 'rinkeby' - user_list = Profile.objects.prefetch_related( + profile_list = Profile.objects.prefetch_related( 'fulfilled', 'leaderboard_ranks', 'feedbacks_got' ).exclude(hide_profile=True).order_by(order_by) if q: - user_list = user_list.filter(Q(handle__icontains=q) | Q(keywords__icontains=q)) + profile_list = profile_list.filter(Q(handle__icontains=q) | Q(keywords__icontains=q)) if skills: - user_list = user_list.filter(keywords__icontains=skills) + profile_list = profile_list.filter(keywords__icontains=skills) if len(bounties_completed) == 2: - user_list = user_list.annotate( + profile_list = profile_list.annotate( count=Count('fulfilled', filter=Q(fulfilled__bounty__network=network, fulfilled__accepted=True)) ).filter( count__gte=bounties_completed[0], @@ -795,7 +795,7 @@ def users_fetch(request): ) if len(leaderboard_rank) == 2: - user_list = user_list.filter( + profile_list = profile_list.filter( leaderboard_ranks__isnull=False, leaderboard_ranks__leaderboard='quarterly_earners', leaderboard_ranks__rank__gte=leaderboard_rank[0], @@ -804,59 +804,44 @@ def users_fetch(request): ) if rating != 0: - user_list = user_list.annotate( + profile_list = profile_list.annotate( average_rating=Avg('feedbacks_got__rating', filter=Q(feedbacks_got__bounty__network=network)) ).filter( average_rating__gte=rating ) if organisation: - user_list = user_list.filter( + profile_list = profile_list.filter( fulfilled__bounty__network=network, fulfilled__bounty__accepted=True, fulfilled__bounty__github_url__icontains=organisation ).distinct() params = dict() - all_pages = Paginator(user_list, limit) + all_pages = Paginator(profile_list, limit) all_users = [] for user in all_pages.page(page): profile_json = {} - # profile_json = user.to_standard_dict() count_work_completed = Activity.objects.filter(profile=user, activity_type='work_done').count() count_work_in_progress = Activity.objects.filter(profile=user, activity_type='start_work').count() - profile_json['id'] = user.id - profile_json['actions_count'] = user.actions_count - profile_json['created_on'] = user.created_on - # profile_json['data'] = user.data - profile_json['handle'] = user.handle - profile_json['hide_profile'] = user.hide_profile + profile_json = {k: getattr(user, k) for k in + ['id', 'actions_count', 'created_on', 'handle', 'hide_profile', + 'show_job_status', 'job_location', 'job_salary', 'job_search_status', + 'job_type', 'linkedin_url', 'resume', 'remote', 'keywords', + 'organizations', 'is_org']} profile_json['job_status'] = user.job_status_verbose if user.job_search_status else None - profile_json['show_job_status'] = user.show_job_status - profile_json['job_location'] = user.job_location - profile_json['job_salary'] = user.job_salary - profile_json['job_search_status'] = user.job_search_status - profile_json['job_type'] = user.job_type - profile_json['linkedin_url'] = user.linkedin_url - profile_json['resume'] = user.resume - profile_json['remote'] = user.remote - profile_json['keywords'] = user.keywords - profile_json['organizations'] = user.organizations profile_json['position_contributor'] = user.get_contributor_leaderboard_index() profile_json['position_funder'] = user.get_funder_leaderboard_index() profile_json['work_done'] = count_work_completed profile_json['work_inprogress'] = count_work_in_progress profile_json['verification'] = user.get_my_verified_check profile_json['avg_rating'] = user.get_average_star_rating - # profile_json['bounties'] = user.get_quarterly_stats - profile_json['is_org'] = user.is_org if user.avatar_baseavatar_related.exists(): user_avatar = user.avatar_baseavatar_related.first() profile_json['avatar_id'] = user_avatar.pk profile_json['avatar_url'] = user_avatar.avatar_url if user.data: user_data = user.data - print(user_data) profile_json['blog'] = user_data['blog'] all_users.append(profile_json) From 35ecc37db85bbca20388b4cea217507578cbf4c5 Mon Sep 17 00:00:00 2001 From: octavioamu Date: Mon, 27 May 2019 19:10:12 -0300 Subject: [PATCH 6/8] change code style --- app/dashboard/views.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/app/dashboard/views.py b/app/dashboard/views.py index dacb9d05f30..516dc8721c5 100644 --- a/app/dashboard/views.py +++ b/app/dashboard/views.py @@ -824,11 +824,12 @@ def users_fetch(request): profile_json = {} count_work_completed = Activity.objects.filter(profile=user, activity_type='work_done').count() count_work_in_progress = Activity.objects.filter(profile=user, activity_type='start_work').count() - profile_json = {k: getattr(user, k) for k in - ['id', 'actions_count', 'created_on', 'handle', 'hide_profile', - 'show_job_status', 'job_location', 'job_salary', 'job_search_status', - 'job_type', 'linkedin_url', 'resume', 'remote', 'keywords', - 'organizations', 'is_org']} + profile_json = { + k: getattr(user, k) for k in + ['id', 'actions_count', 'created_on', 'handle', 'hide_profile', + 'show_job_status', 'job_location', 'job_salary', 'job_search_status', + 'job_type', 'linkedin_url', 'resume', 'remote', 'keywords', + 'organizations', 'is_org']} profile_json['job_status'] = user.job_status_verbose if user.job_search_status else None profile_json['position_contributor'] = user.get_contributor_leaderboard_index() profile_json['position_funder'] = user.get_funder_leaderboard_index() From 34d75ee66e990c9b7db6026e1c10ceb4f3cace82 Mon Sep 17 00:00:00 2001 From: octavioamu Date: Tue, 28 May 2019 13:31:32 -0300 Subject: [PATCH 7/8] fix merge conflicts --- app/dashboard/templates/dashboard/users.html | 2 +- app/dashboard/views.py | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/dashboard/templates/dashboard/users.html b/app/dashboard/templates/dashboard/users.html index aa66e2a6a15..53fdc9bf757 100644 --- a/app/dashboard/templates/dashboard/users.html +++ b/app/dashboard/templates/dashboard/users.html @@ -190,7 +190,7 @@
Invite User to Bounty
- [[ userSelected.data.name ]] + [[ userSelected.name ]] [[ userSelected.handle ]] diff --git a/app/dashboard/views.py b/app/dashboard/views.py index 0d1970eb77b..30360d3e3ee 100644 --- a/app/dashboard/views.py +++ b/app/dashboard/views.py @@ -820,6 +820,14 @@ def users_fetch(request): all_users = [] for user in all_pages.page(page): profile_json = {} + previously_worked_with = 0 + if profile: + previously_worked_with = BountyFulfillment.objects.filter( + bounty__bounty_owner_github_username__iexact=profile.handle, + fulfiller_github_username__iexact=user.handle, + bounty__network=network, + bounty__accepted=True + ).count() count_work_completed = Activity.objects.filter(profile=user, activity_type='work_done').count() count_work_in_progress = Activity.objects.filter(profile=user, activity_type='start_work').count() profile_json = { @@ -829,6 +837,7 @@ def users_fetch(request): 'job_type', 'linkedin_url', 'resume', 'remote', 'keywords', 'organizations', 'is_org']} profile_json['job_status'] = user.job_status_verbose if user.job_search_status else None + profile_json['previously_worked'] = previously_worked_with > 0 profile_json['position_contributor'] = user.get_contributor_leaderboard_index() profile_json['position_funder'] = user.get_funder_leaderboard_index() profile_json['work_done'] = count_work_completed From 75bf696d93ab0d811473273700c4da546e4ada2f Mon Sep 17 00:00:00 2001 From: Dan Lipert Date: Wed, 29 May 2019 19:35:27 +0900 Subject: [PATCH 8/8] fix test --- app/dashboard/tests/test_users_list.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/dashboard/tests/test_users_list.py b/app/dashboard/tests/test_users_list.py index fb09b2d509f..6c5beb3369c 100644 --- a/app/dashboard/tests/test_users_list.py +++ b/app/dashboard/tests/test_users_list.py @@ -36,7 +36,8 @@ def setUp(self): for i in range(20): user = User.objects.create(password="{}".format(i), username="user{}".format(i)) - profile = Profile.objects.create(user=user, data={}, handle="{}".format(i)) + profile = Profile.objects.create( + user=user, data={}, hide_profile=False, handle="{}".format(i)) def test_user_list(self): assert json.loads(users_fetch(self.request.get('/api/v0.1/users_fetch/')).content)['count'] == 20