Allow to change the privacy level of external versions

docs/pull-requests.rst

@@ -38,8 +38,15 @@ Privacy levels
 
    Privacy levels are only supported on :doc:`/commercial/index`.
 
-All docs built from a pull requests are private by default.
-Currently, this can't be changed, but we are planning to support this.
+By default all docs built from pull requests are private.
+To change their privacy level:
+
+#. Go to your project dashboard
+#. Go to :guilabel:`Admin > Advanced settings`
+#. Select your option in :guilabel:`Privacy level of builds from pull requests`
+#. Click on :guilabel:`Save`
+
+Privacy levels work the same way as for :ref:`normal versions <versions:privacy levels>`.
 
 Limitations
 -----------

readthedocs/builds/querysets.py

@@ -9,6 +9,7 @@
 from readthedocs.builds.constants import (
     BUILD_STATE_FINISHED,
     BUILD_STATE_TRIGGERED,
+    EXTERNAL,
 )
 from readthedocs.core.utils.extend import SettingsOverrideObject
 from readthedocs.projects import constants
@@ -41,9 +42,27 @@ def _add_from_user_projects(self, queryset, user, admin=False, member=False):
             queryset = user_queryset | queryset
         return queryset
 
-    def public(self, user=None, project=None, only_active=True,
-               include_hidden=True, only_built=False):
-        queryset = self.filter(privacy_level=constants.PUBLIC)
+    def public(
+        self,
+        user=None,
+        project=None,
+        only_active=True,
+        include_hidden=True,
+        only_built=False,
+    ):
+        """
+        Get all allowed versions.
+
+        .. note::
+
+           External versions use the `Project.external_builds_privacy_level`
+           field instead of its `privacy_level` field.
+        """
+        queryset = self.filter(privacy_level=constants.PUBLIC).exclude(type=EXTERNAL)
+        queryset |= self.filter(
+            type=EXTERNAL,
+            project__external_builds_privacy_level=constants.PUBLIC,
+        )
         if user:
             if user.is_superuser:
                 queryset = self.all()
@@ -93,9 +112,27 @@ def _add_from_user_projects(self, queryset, user, admin=False, member=False):
         return queryset
 
     def public(self, user=None, project=None):
-        queryset = self.filter(
-            version__privacy_level=constants.PUBLIC,
-            version__project__privacy_level=constants.PUBLIC,
+        """
+        Get all allowed builds.
+
+        Builds are public if the linked version and project are public.
+
+        .. note::
+
+           External versions use the `Project.external_builds_privacy_level`
+           field instead of its `privacy_level` field.
+        """
+        queryset = (
+            self.filter(
+                version__privacy_level=constants.PUBLIC,
+                version__project__privacy_level=constants.PUBLIC,
+            )
+            .exclude(version__type=EXTERNAL)
+        )
+        queryset |= self.filter(
+            version__type=EXTERNAL,
+            project__external_builds_privacy_level=constants.PUBLIC,
+            project__privacy_level=constants.PUBLIC,
         )
         if user:
             if user.is_superuser:

readthedocs/projects/forms.py

@@ -198,12 +198,13 @@ class Meta:
         per_project_settings = (
             'default_version',
             'default_branch',
+            'privacy_level',
             'analytics_code',
             'analytics_disabled',
             'show_version_warning',
             'single_version',
             'external_builds_enabled',
-            'privacy_level',
+            'external_builds_privacy_level',
         )
         # These that can be set per-version using a config file.
         per_version_settings = (
@@ -235,8 +236,9 @@ def __init__(self, *args, **kwargs):
 
         per_project_settings = list(self.Meta.per_project_settings)
         if not settings.ALLOW_PRIVATE_REPOS:
-            self.fields.pop('privacy_level')
-            per_project_settings.remove('privacy_level')
+            for field in ['privacy_level', 'external_builds_privacy_level']:
+                self.fields.pop(field)
+                per_project_settings.remove(field)
 
         field_sets = [
             Fieldset(

readthedocs/projects/migrations/0076_add_external_builds_privacy_level_field.py

@@ -0,0 +1,25 @@
+# Generated by Django 2.2.17 on 2021-01-12 22:39
+
+from django.db import migrations, models
+
+import readthedocs.projects.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('projects', '0075_change_mkdocs_name'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='project',
+            name='external_builds_privacy_level',
+            field=models.CharField(choices=[('public', 'Public'), ('private', 'Private')], default=readthedocs.projects.models.default_privacy_level, help_text='Should builds from pull requests be public?', max_length=20, null=True, verbose_name='Privacy level of Pull Requests'),
+        ),
+        migrations.AlterField(
+            model_name='project',
+            name='external_builds_enabled',
+            field=models.BooleanField(default=False, help_text='More information in <a href="https://docs.readthedocs.io/page/guides/autobuild-docs-for-pull-requests.html">our docs</a>', verbose_name='Build pull requests for this project'),
+        ),
+    ]

readthedocs/projects/models.py

@@ -59,6 +59,10 @@
 log = logging.getLogger(__name__)
 
 
+def default_privacy_level():
+    return settings.DEFAULT_PRIVACY_LEVEL
+
+
 class ProjectRelationship(models.Model):
 
     """
@@ -213,10 +217,22 @@ class Project(models.Model):
         ),
     )
 
+    # External versions
     external_builds_enabled = models.BooleanField(
         _('Build pull requests for this project'),
         default=False,
-        help_text=_('More information in <a href="https://docs.readthedocs.io/en/latest/guides/autobuild-docs-for-pull-requests.html">our docs</a>')  # noqa
+        help_text=_('More information in <a href="https://docs.readthedocs.io/page/guides/autobuild-docs-for-pull-requests.html">our docs</a>')  # noqa
+    )
+    external_builds_privacy_level = models.CharField(
+        _('Privacy level of Pull Requests'),
+        max_length=20,
+        # TODO: remove after migration
+        null=True,
+        choices=constants.PRIVACY_CHOICES,
+        default=default_privacy_level,
+        help_text=_(
+            'Should builds from pull requests be public?',
+        ),
     )
 
     # Project features
@@ -433,8 +449,6 @@ def __str__(self):
         return self.name
 
     def save(self, *args, **kwargs):  # pylint: disable=arguments-differ
-        from readthedocs.projects import tasks
-        first_save = self.pk is None
         if not self.slug:
             # Subdomains can't have underscores in them.
             self.slug = slugify(self.name)
@@ -1162,7 +1176,7 @@ def get_default_branch(self):
         return self.vcs_class().fallback_branch
 
     def add_subproject(self, child, alias=None):
-        subproject, __ = ProjectRelationship.objects.get_or_create(
+        subproject, _ = ProjectRelationship.objects.get_or_create(
             parent=self,
             child=child,
             alias=alias,

readthedocs/rtd_tests/tests/test_footer.py

@@ -23,6 +23,7 @@ def setUp(self):
             slug='pip',
             repo='https://github.com/rtfd/readthedocs.org',
             privacy_level=PUBLIC,
+            external_builds_privacy_level=PUBLIC,
             main_language_project=None,
         )
         self.pip.versions.update(privacy_level=PUBLIC, built=True)

readthedocs/rtd_tests/tests/test_managers.py

@@ -20,6 +20,7 @@ def setUp(self):
         self.project = get(
             Project,
             privacy_level=PUBLIC,
+            external_builds_privacy_level=PUBLIC,
             users=[self.user],
             main_language_project=None,
             versions=[],
@@ -78,6 +79,7 @@ def setUp(self):
         self.another_project = get(
             Project,
             privacy_level=PUBLIC,
+            external_builds_privacy_level=PUBLIC,
             users=[self.another_user],
             main_language_project=None,
             versions=[],
@@ -136,6 +138,7 @@ def setUp(self):
         self.shared_project = get(
             Project,
             privacy_level=PUBLIC,
+            external_builds_privacy_level=PUBLIC,
             users=[self.user, self.another_user],
             main_language_project=None,
             versions=[],
@@ -280,22 +283,28 @@ def test_all(self):
         self.assertEqual(set(query), external_builds)
 
     def test_public(self):
+        self.shared_project.external_builds_privacy_level = PRIVATE
+        self.shared_project.save()
         query = Build.external.public()
         public_external_builds = {
             self.build_public_external,
+            self.build_private_external,
             self.another_build_public_external,
-            self.shared_build_public_external,
+            self.another_build_private_external,
         }
         self.assertEqual(query.count(), len(public_external_builds))
         self.assertEqual(set(query), public_external_builds)
 
     def test_public_user(self):
+        self.project.external_builds_privacy_level = PRIVATE
+        self.project.save()
+        self.another_project.external_builds_privacy_level = PRIVATE
+        self.another_project.save()
         query = Build.external.public(user=self.user)
         builds = {
             self.build_private_external,
             self.shared_build_private_external,
             self.build_public_external,
-            self.another_build_public_external,
             self.shared_build_public_external,
         }
         self.assertEqual(query.count(), len(builds))
@@ -311,12 +320,13 @@ def test_public_project(self):
         self.assertEqual(set(query), builds)
 
     def test_api(self):
+        self.another_project.external_builds_privacy_level = PRIVATE
+        self.another_project.save()
         query = Build.external.api(user=self.user)
         builds = {
             self.build_private_external,
             self.shared_build_private_external,
             self.build_public_external,
-            self.another_build_public_external,
             self.shared_build_public_external,
         }
         self.assertEqual(query.count(), len(builds))

readthedocs/rtd_tests/tests/test_project_forms.py

@@ -288,6 +288,7 @@ def test_can_update_privacy_level(self):
                 'documentation_type': SPHINX,
                 'python_interpreter': 'python3',
                 'privacy_level': PRIVATE,
+                'external_builds_privacy_level': PRIVATE,
             },
             instance=self.project,
         )

readthedocs/rtd_tests/tests/test_version_querysets.py

@@ -17,6 +17,7 @@ def setUp(self):
         self.project = get(
             Project,
             privacy_level=PUBLIC,
+            external_builds_privacy_level=PUBLIC,
             users=[self.user],
             main_language_project=None,
             versions=[],
@@ -38,6 +39,7 @@ def setUp(self):
         self.another_project = get(
             Project,
             privacy_level=PUBLIC,
+            external_builds_privacy_level=PUBLIC,
             users=[self.another_user],
             main_language_project=None,
             versions=[],
@@ -59,6 +61,7 @@ def setUp(self):
         self.shared_project = get(
             Project,
             privacy_level=PUBLIC,
+            external_builds_privacy_level=PUBLIC,
             users=[self.user, self.another_user],
             main_language_project=None,
             versions=[],
@@ -287,22 +290,53 @@ def test_all(self):
         self.assertEqual(query.count(), len(versions))
         self.assertEqual(set(query), versions)
 
-    def test_public(self):
+    def test_public_with_private_external_versions(self):
+        self.project.external_builds_privacy_level = PRIVATE
+        self.project.save()
+        self.another_project.external_builds_privacy_level = PRIVATE
+        self.another_project.save()
+        self.shared_project.external_builds_privacy_level = PRIVATE
+        self.shared_project.save()
+        query = Version.external.public()
+        versions = set()
+        self.assertEqual(query.count(), len(versions))
+        self.assertEqual(set(query), versions)
+
+    def test_public_with_some_private_external_versions(self):
+        self.another_project.external_builds_privacy_level = PRIVATE
+        self.another_project.save()
+        self.shared_project.external_builds_privacy_level = PRIVATE
+        self.shared_project.save()
         query = Version.external.public()
         versions = {
             self.external_version_public,
-            self.another_external_version_public,
+            self.external_version_private,
+        }
+        self.assertEqual(query.count(), len(versions))
+        self.assertEqual(set(query), versions)
+
+    def test_public_with_public_external_versions(self):
+        query = Version.external.public()
+        versions = {
+            self.external_version_public,
+            self.external_version_private,
             self.shared_external_version_public,
+            self.shared_external_version_private,
+            self.another_external_version_public,
+            self.another_external_version_private,
         }
         self.assertEqual(query.count(), len(versions))
         self.assertEqual(set(query), versions)
 
     def test_public_user(self):
+        self.project.external_builds_privacy_level = PRIVATE
+        self.project.save()
+        self.another_project.external_builds_privacy_level = PRIVATE
+        self.another_project.save()
         query = Version.external.public(user=self.user)
         versions = {
             self.external_version_public,
             self.external_version_private,
-            self.another_external_version_public,
             self.shared_external_version_public,
             self.shared_external_version_private,
         }
@@ -319,11 +353,14 @@ def test_public_project(self):
         self.assertEqual(set(query), versions)
 
     def test_api(self):
+        self.project.external_builds_privacy_level = PRIVATE
+        self.project.save()
+        self.another_project.external_builds_privacy_level = PRIVATE
+        self.another_project.save()
         query = Version.external.api()
         versions = {
-            self.external_version_public,
-            self.another_external_version_public,
             self.shared_external_version_public,
+            self.shared_external_version_private,
         }
         self.assertEqual(query.count(), len(versions))
         self.assertEqual(set(query), versions)

readthedocs/rtd_tests/tests/test_views.py

@@ -233,6 +233,10 @@ class BuildViewTests(TestCase):
     def setUp(self):
         self.client.login(username='eric', password='test')
         self.pip = Project.objects.get(slug='pip')
+        self.pip.privacy_level = PUBLIC
+        self.pip.external_builds_privacy_level = PUBLIC
+        self.pip.save()
+        self.pip.versions.update(privacy_level=PUBLIC)
 
     @mock.patch('readthedocs.projects.tasks.update_docs_task')
     def test_build_redirect(self, mock):