Commit ebad0961 authored by Steffen van Bergerem's avatar Steffen van Bergerem Committed by Jonne Haß

Show private profile info if contact is sharing

parent 782c1ef6
......@@ -299,11 +299,6 @@ class Person < ActiveRecord::Base
end
end
#gross method pulled out from controller, not exactly sure how it should be used.
def shares_with(user)
user.contacts.receiving.where(:person_id => self.id).first if user
end
# @param person [Person]
# @param url [String]
def update_url(url)
......
......@@ -66,7 +66,9 @@ class PersonPresenter < BasePresenter
end
def person_is_following_current_user
@presentable.shares_with(current_user)
return false unless current_user
contact = current_user_person_contact
contact && contact.sharing?
end
private
......
......@@ -270,6 +270,11 @@ describe PeopleController, :type => :controller do
expect(response).to be_redirect
expect(response).to redirect_to new_user_session_path
end
it "leaks no private profile info" do
get :show, id: @person.to_param
expect(response.body).not_to include(@person.profile.bio)
end
end
context "when the person is a contact of the current user" do
......@@ -295,6 +300,11 @@ describe PeopleController, :type => :controller do
note.reload
}.to change(Notification.where(:unread => true), :count).by(-1)
end
it "includes private profile info" do
get :show, id: @person.to_param
expect(response.body).to include(@person.profile.bio)
end
end
context "when the person is not a contact of the current user" do
......@@ -311,6 +321,24 @@ describe PeopleController, :type => :controller do
get :show, :id => @person.to_param, :format => :mobile
expect(response).to be_success
end
it "leaks no private profile info" do
get :show, id: @person.to_param
expect(response.body).not_to include(@person.profile.bio)
end
end
context "when the user is following the person" do
before do
sign_out :user
sign_in :user, peter
@person = alice.person
end
it "leaks no private profile info" do
get :show, id: @person.to_param
expect(response.body).not_to include(@person.profile.bio)
end
end
end
......
......@@ -4,6 +4,11 @@ describe PersonPresenter do
let(:profile_user) { FactoryGirl.create(:user_with_aspect) }
let(:person) { profile_user.person }
let(:mutual_contact) { double(id: 1, mutual?: true, sharing?: true, receiving?: true) }
let(:receiving_contact) { double(id: 1, mutual?: false, sharing?: false, receiving?: true) }
let(:sharing_contact) { double(id: 1, mutual?: false, sharing?: true, receiving?: false) }
let(:non_contact) { double(id: 1, mutual?: false, sharing?: false, receiving?: false) }
describe "#as_json" do
context "with no current_user" do
it "returns the user's public information if a user is not logged in" do
......@@ -16,11 +21,22 @@ describe PersonPresenter do
let(:presenter){ PersonPresenter.new(person, current_user) }
it "doesn't share private information when the users aren't connected" do
allow(current_user).to receive(:contact_for) { non_contact }
expect(presenter.full_hash_with_profile[:profile]).not_to have_key(:location)
end
it "doesn't share private information when the current user is sharing with the person" do
allow(current_user).to receive(:contact_for) { receiving_contact }
expect(presenter.full_hash_with_profile[:profile]).not_to have_key(:location)
end
it "has private information when the person is sharing with the current user" do
expect(person).to receive(:shares_with).with(current_user).and_return(true)
allow(current_user).to receive(:contact_for) { sharing_contact }
expect(presenter.full_hash_with_profile[:profile]).to have_key(:location)
end
it "has private information when the relationship is mutual" do
allow(current_user).to receive(:contact_for) { mutual_contact }
expect(presenter.full_hash_with_profile[:profile]).to have_key(:location)
end
......@@ -32,10 +48,6 @@ describe PersonPresenter do
describe "#full_hash" do
let(:current_user) { FactoryGirl.create(:user) }
let(:mutual_contact) { double(:id => 1, :mutual? => true, :sharing? => true, :receiving? => true ) }
let(:receiving_contact) { double(:id => 1, :mutual? => false, :sharing? => false, :receiving? => true) }
let(:sharing_contact) { double(:id => 1, :mutual? => false, :sharing? => true, :receiving? => false) }
let(:non_contact) { double(:id => 1, :mutual? => false, :sharing? => false, :receiving? => false) }
before do
@p = PersonPresenter.new(person, current_user)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment