Privacy improvements

Hi there,

To help keep privacy issues to a minimum on my app, I want to be able to hide the personal info about a user, until friendship between 2 users is accepted.

I've added some logic that hides the profile (only visible = Profile pic and Add user as a buddy)..

However - once friendship is requested, the 'requestor' can view the requestee's profile. Not ideal.

Is there a way of hiding specific info until the requestee has accepted the friend(buddy) request?

Many Thanks...

My Profile Controller's show action is below if it of any help?

  def show     @hide_edit_links = true

    username = params[:username]

    #Look for the user     @user = User.find_by_username(username)     @logged_in_user = User.find(session[:user_id]) #if @user.logged_in?

  if @user       @title = "Profile page of: #{username}"

      @info = @user.info ||= Info.new

      @posts = Post.find_by_user_id( @user.id, 1, :limit => 1, :conditions => "active_post = 1", :order => "created_at desc")       respond_to do |format|         format.html       end   else       flash[:notice] = "No user #{username} found!"       redirect_to :action => "index"     end   end

To help keep privacy issues to a minimum on my app, I want to be able to hide the personal info about a user, until friendship between 2 users is accepted.

However - once friendship is requested, the 'requestor' can view the requestee's profile. Not ideal.

Sooo... why did you write it that way?

Is there a way of hiding specific info until the requestee has accepted the friend(buddy) request?

Yes, it's called "programming". :slight_smile:

Hint: I'd expect to see something like

  if @logged_in_user.is_friends_with?(@user)

somewhere in your controller.

Hint #2: If you wrote the tests first for the behavior you want, you'd likely find the possible solutions much clearer.

FWIW,