allow users to hide stats from public lookup

2026-04-20 00:35:22 +00:00 · 2025-05-31 22:46:40 -04:00 · 2025-05-31 22:46:40 -04:00 · 3ac7d9e2b0
commit 3ac7d9e2b0
parent e0c45879d3
6 changed files with 29 additions and 2 deletions
--- a/app/controllers/api/v1/stats_controller.rb
+++ b/app/controllers/api/v1/stats_controller.rb
@ -34,6 +34,10 @@ class Api::V1::StatsController < ApplicationController

    return render plain: "User not found", status: :not_found unless @user.present?

+    if !@user.allow_public_stats_lookup && (!current_user || current_user != @user)
+      return render json: { error: "user has disabled public stats" }, status: :forbidden
+    end
+
    start_date = params[:start_date].to_datetime if params[:start_date].present?
    start_date ||= 10.years.ago
    end_date = params[:end_date].to_datetime if params[:end_date].present?
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -100,6 +100,6 @@ class UsersController < ApplicationController
  end

  def user_params
-    params.require(:user).permit(:uses_slack_status, :hackatime_extension_text_type, :timezone)
+    params.require(:user).permit(:uses_slack_status, :hackatime_extension_text_type, :timezone, :allow_public_stats_lookup)
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -7,6 +7,8 @@ class User < ApplicationRecord
  validates :timezone, inclusion: { in: TZInfo::Timezone.all_identifiers }, allow_nil: false
  validates :country_code, inclusion: { in: ISO3166::Country.codes }, allow_nil: true

+  attribute :allow_public_stats_lookup, :boolean, default: true
+
  def country_name
    ISO3166::Country.new(country_code).common_name
  end
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@ -212,6 +212,21 @@
    </p>
  </section>

+  <section>
+    <h2 id="user_privacy">Privacy</h2>
+    <%= form_with model: @user,
+      url: @is_own_settings ? my_settings_path : settings_user_path(@user),
+      method: :patch do |f| %>
+      <fieldset>
+        <label for="user_allow_public_stats_lookup">
+          <%= f.check_box :allow_public_stats_lookup, id: "user_allow_public_stats_lookup" %>
+          <%= f.label :allow_public_stats_lookup, "Allow others to look up my public coding stats via the API" %>
+        </label>
+      </fieldset>
+      <%= f.submit "Save Settings" %>
+    <% end %>
+  </section>
+
  <% admin_tool do %>
    <section>
      <h2 id="wakatime_mirror">WakaTime Mirror</h2>
--- a/db/migrate/20250531120000_add_allow_public_stats_lookup_to_users.rb
+++ b/db/migrate/20250531120000_add_allow_public_stats_lookup_to_users.rb
@ -0,0 +1,5 @@
+class AddAllowPublicStatsLookupToUsers < ActiveRecord::Migration[7.0]
+  def change
+    add_column :users, :allow_public_stats_lookup, :boolean, default: true, null: false
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema[8.0].define(version: 2025_05_30_135145) do
+ActiveRecord::Schema[8.0].define(version: 2025_05_31_120000) do
  create_schema "pganalyze"

  # These are extensions that must be enabled in order to support this database
@ -426,6 +426,7 @@ ActiveRecord::Schema[8.0].define(version: 2025_05_30_135145) do
    t.integer "trust_level", default: 0, null: false
    t.string "country_code"
    t.string "mailing_address_otc"
+    t.boolean "allow_public_stats_lookup", default: true, null: false
    t.index ["slack_uid"], name: "index_users_on_slack_uid", unique: true
    t.index ["timezone"], name: "index_users_on_timezone"
  end