Close privacy mode gaps on accounts, budget editing, and account activity (#1495)

* Initial plan * Hide missed values in privacy mode Agent-Logs-Url: https://github.com/we-promise/sure/sessions/ba225f77-fcf1-4d79-8f89-da446e77fab6 Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Tighten privacy mode test coverage Agent-Logs-Url: https://github.com/we-promise/sure/sessions/ba225f77-fcf1-4d79-8f89-da446e77fab6 Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Polish privacy mode assertions Agent-Logs-Url: https://github.com/we-promise/sure/sessions/ba225f77-fcf1-4d79-8f89-da446e77fab6 Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Refine privacy mode tests Agent-Logs-Url: https://github.com/we-promise/sure/sessions/ba225f77-fcf1-4d79-8f89-da446e77fab6 Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Restore budget privacy mode form interactivity Agent-Logs-Url: https://github.com/we-promise/sure/sessions/f3c51447-290c-421f-9cad-e8ff88c91d2f Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com>
2026-04-25 17:15:07 +02:00 · 2026-04-19 18:12:03 +02:00
parent b32e9dbc45
commit cb842d0d9b
7 changed files with 37 additions and 8 deletions
--- a/app/assets/tailwind/privacy-mode.css
+++ b/app/assets/tailwind/privacy-mode.css
@@ -2,10 +2,13 @@
 html.privacy-mode .privacy-sensitive {
  filter: blur(8px);
  user-select: none;
-  pointer-events: none;
  transition: filter 0.2s ease;
 }

+html.privacy-mode .privacy-sensitive:not(.privacy-sensitive-interactive) {
+  pointer-events: none;
+}
+
 html:not(.privacy-mode) .privacy-sensitive {
  transition: filter 0.2s ease;
-}
+}
--- a/app/views/accounts/index/_account_groups.erb
+++ b/app/views/accounts/index/_account_groups.erb
@@ -9,7 +9,7 @@
      <p><%= accounts.count %></p>

      <% unless accounts.any?(&:syncing?) %>
-        <p class="ml-auto"><%= totals_by_currency(collection: accounts, money_method: :balance_money) %></p>
+        <p class="ml-auto privacy-sensitive"><%= totals_by_currency(collection: accounts, money_method: :balance_money) %></p>
      <% end %>
    </div>
    <div class="bg-container rounded-lg shadow-border-xs overflow-hidden">
--- a/app/views/budget_categories/_budget_category_form.html.erb
+++ b/app/views/budget_categories/_budget_category_form.html.erb
@@ -8,13 +8,13 @@
  <div class="text-sm mr-3">
    <p class="text-primary font-medium mb-0.5"><%= budget_category.category.name %></p>

-    <p class="text-secondary"><%= budget_category.median_monthly_expense_money.format(precision: 0) %>/m avg</p>
+    <p class="text-secondary privacy-sensitive"><%= budget_category.median_monthly_expense_money.format(precision: 0) %>/m avg</p>
  </div>

  <div class="ml-auto">
    <%= form_with model: [budget_category.budget, budget_category], data: { controller: "auto-submit-form preserve-focus" } do |f| %>
      <div class="form-field w-[120px]">
-        <div class="flex items-center">
+        <div class="flex items-center privacy-sensitive privacy-sensitive-interactive">
          <span class="text-secondary text-sm mr-2"><%= currency.symbol %></span>
          <%= f.number_field :budgeted_spending,
                            class: "form-field__input text-right [appearance:textfield] [&::-webkit-outer-spin-button]:appearance-none [&::-webkit-inner-spin-button]:appearance-none",
--- a/app/views/budget_categories/_uncategorized_budget_category_form.html.erb
+++ b/app/views/budget_categories/_uncategorized_budget_category_form.html.erb
@@ -7,12 +7,12 @@

  <div class="text-sm mr-3">
    <p class="text-primary font-medium mb-0.5"><%= budget_category.category.name %></p>
-    <p class="text-secondary"><%= budget_category.avg_monthly_expense_money.format(precision: 0) %>/m avg</p>
+    <p class="text-secondary privacy-sensitive"><%= budget_category.avg_monthly_expense_money.format(precision: 0) %>/m avg</p>
  </div>

  <div class="ml-auto">
    <div class="form-field w-[120px]">
-      <div class="flex items-center">
+      <div class="flex items-center privacy-sensitive">
        <span class="text-subdued text-sm mr-2"><%= budget_category.budgeted_spending_money.currency.symbol %></span>
        <%= text_field_tag :uncategorized, budget_category.budgeted_spending_money.amount, autocomplete: "off", class: "form-field__input text-right [appearance:textfield] [&::-webkit-outer-spin-button]:appearance-none [&::-webkit-inner-spin-button]:appearance-none", disabled: true %>
      </div>
--- a/app/views/trades/_trade.html.erb
+++ b/app/views/trades/_trade.html.erb
@@ -57,7 +57,7 @@
        <% end %>
        <%= content_tag :p,
                    format_money(-entry.amount_money),
-                    class: ["text-green-600": entry.amount.negative?] %>
+                    class: ["privacy-sensitive", "text-green-600": entry.amount.negative?] %>
      </div>
    </div>
  <% end %>
--- a/test/controllers/accounts_controller_test.rb
+++ b/test/controllers/accounts_controller_test.rb
@@ -1,6 +1,8 @@
 require "test_helper"

 class AccountsControllerTest < ActionDispatch::IntegrationTest
+  include ActionView::RecordIdentifier
+
  setup do
    sign_in @user = users(:family_admin)
    @account = accounts(:depository)
@@ -9,6 +11,7 @@ class AccountsControllerTest < ActionDispatch::IntegrationTest
  test "should get index" do
    get accounts_url
    assert_response :success
+    assert_select "p.ml-auto.privacy-sensitive"
  end

  test "should get show" do
@@ -16,6 +19,16 @@ class AccountsControllerTest < ActionDispatch::IntegrationTest
    assert_response :success
  end

+  test "account activity marks trade amounts as privacy-sensitive" do
+    trade_entry = entries(:trade)
+    expected_amount = ApplicationController.helpers.format_money(-trade_entry.amount_money)
+
+    get account_url(accounts(:investment))
+
+    assert_response :success
+    assert_select "turbo-frame##{dom_id(trade_entry)} p.privacy-sensitive", text: expected_amount, count: 1
+  end
+
  test "activity pagination keeps activity tab when loaded from holdings tab" do
    investment = accounts(:investment)

--- a/test/controllers/budget_categories_controller_test.rb
+++ b/test/controllers/budget_categories_controller_test.rb
@@ -50,6 +50,19 @@ class BudgetCategoriesControllerTest < ActionDispatch::IntegrationTest
    )
  end

+  test "index marks budget form values as privacy-sensitive" do
+    parent_form_selector = "##{dom_id(@parent_budget_category, :form)}"
+    uncategorized_form_selector = "##{dom_id(@budget, :uncategorized_budget_category_form)}"
+
+    get budget_budget_categories_path(@budget)
+
+    assert_response :success
+    assert_select "#{parent_form_selector} .privacy-sensitive.privacy-sensitive-interactive input##{dom_id(@parent_budget_category, :budgeted_spending)}"
+    assert_select "#{parent_form_selector} p.text-secondary.privacy-sensitive", text: /\/m avg/
+    assert_select "#{uncategorized_form_selector} .privacy-sensitive input[name='uncategorized']"
+    assert_select "#{uncategorized_form_selector} p.text-secondary.privacy-sensitive", text: /\/m avg/
+  end
+
  test "updating a subcategory adjusts the parent budget by the same delta" do
    assert_changes -> { @parent_budget_category.reload.budgeted_spending.to_f }, from: 500.0, to: 550.0 do
      patch budget_budget_category_path(@budget, @electric_budget_category),