New bio field in UserProfile.

fad63938 · cahrens · Andy Armstrong · 0a962bf9 · fad63938 · fad63938
Commit fad63938 authored Mar 12, 2015 by cahrens Committed by Andy Armstrong Apr 17, 2015
5 changed files
--- a/common/djangoapps/student/migrations/0047_add_bio_field.py
+++ b/common/djangoapps/student/migrations/0047_add_bio_field.py
--- a/common/djangoapps/student/models.py
+++ b/common/djangoapps/student/models.py
@@ -249,6 +249,7 @@ class UserProfile(models.Model):
    country = CountryField(blank=True, null=True)
    goals = models.TextField(blank=True, null=True)
    allow_certificate = models.BooleanField(default=1)
+    bio = models.TextField(blank=True, null=True)
    def get_meta(self):  # pylint: disable=missing-docstring
        js_str = self.meta

--- a/openedx/core/djangoapps/user_api/accounts/serializers.py
+++ b/openedx/core/djangoapps/user_api/accounts/serializers.py
@@ -21,7 +21,8 @@ class AccountLegacyProfileSerializer(serializers.HyperlinkedModelSerializer):
    class Meta:
        model = UserProfile
        fields = (
-            "name", "gender", "goals", "year_of_birth", "level_of_education", "language", "country", "mailing_address"
+            "name", "gender", "goals", "year_of_birth", "level_of_education", "language", "country",
+            "mailing_address", "bio"
        )
        # Currently no read-only field, but keep this so view code doesn't need to know.
        read_only_fields = ()

--- a/openedx/core/djangoapps/user_api/accounts/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/accounts/tests/test_views.py
@@ -85,6 +85,7 @@ class UserAPITestCase(APITestCase):
        legacy_profile.year_of_birth = 1900
        legacy_profile.goals = "world peace"
        legacy_profile.mailing_address = "Park Ave"
+        legacy_profile.bio = "Tired mother of twins"
        legacy_profile.save()
@@ -110,7 +111,7 @@ class TestAccountAPI(UserAPITestCase):
        self.assertIsNone(data["profile_image"])
        self.assertIsNone(data["time_zone"])
        self.assertIsNone(data["languages"])
-        self.assertIsNone(data["bio"])
+        self.assertEqual("Tired mother of twins", data["bio"])
    def _verify_private_account_response(self, response):
        """
@@ -139,6 +140,7 @@ class TestAccountAPI(UserAPITestCase):
        self.assertEqual(self.user.email, data["email"])
        self.assertTrue(data["is_active"])
        self.assertIsNotNone(data["date_joined"])
+        self.assertEqual("Tired mother of twins", data["bio"])
    def test_anonymous_access(self):
        """
@@ -243,7 +245,7 @@ class TestAccountAPI(UserAPITestCase):
            self.assertEqual(12, len(data))
            self.assertEqual(self.user.username, data["username"])
            self.assertEqual(self.user.first_name + " " + self.user.last_name, data["name"])
-            for empty_field in ("year_of_birth", "level_of_education", "mailing_address"):
+            for empty_field in ("year_of_birth", "level_of_education", "mailing_address", "bio"):
                self.assertIsNone(data[empty_field])
            self.assertIsNone(data["country"])
            # TODO: what should the format of this be?
@@ -316,6 +318,10 @@ class TestAccountAPI(UserAPITestCase):
        ("language", "Creole"),
        ("goals", "Smell the roses"),
        ("mailing_address", "Sesame Street"),
+        ("bio", "Lacrosse-playing superhero"),
+        ("bio", u"壓是進界推日不復女"),
+        # Note that we store the raw data, so it is up to client to escape the HTML.
+        ("bio", "<html>fancy text</html>"),
        # Note that email is tested below, as it is not immediately updated.
    )
    @ddt.unpack

--- a/openedx/core/djangoapps/user_api/accounts/views.py
+++ b/openedx/core/djangoapps/user_api/accounts/views.py
@@ -38,12 +38,13 @@ class AccountView(APIView):
                * name: The full name of the user.
-                * email: The confirmed email address for the user. The request
+                * email: email for the user (the new email address must be
-                  will not return an unconfirmed email address.
+                    confirmed via a confirmation email, so GET will not reflect
+                    the change until the address has been confirmed).
-                * date_joined: The date the account was created, in
+                * date_joined: The date the account was created, in the string
-                  the string format provided by datetime (for example,
+                    format provided by datetime.
-                  "2014-08-26T17:52:11Z").
+                    For example, "2014-08-26T17:52:11Z".
                * gender: One of the fullowing values:
@@ -77,6 +78,14 @@ class AccountView(APIView):
                * goals: The textual representation of the user's goals, or null.
+                * bio: null or textural representation of user biographical
+                    information ("about me")
+            For all text fields, clients rendering the values should take care
+            to HTML escape them to avoid script injections, as the data is
+            stored exactly as specified. The intention is that plain text is
+            supported, not HTML.
            If a user who does not have "is_staff" access requests account
            information for a different user, only a subset of these fields is
            returned. The fields returned depend on the configuration setting