diff --git a/app/assets/templates/profile_header_tpl.jst.hbs b/app/assets/templates/profile_header_tpl.jst.hbs index 45c06f9eb..c1d9487b1 100644 --- a/app/assets/templates/profile_header_tpl.jst.hbs +++ b/app/assets/templates/profile_header_tpl.jst.hbs @@ -20,85 +20,81 @@ {{/if}} - {{#if loggedIn}} - {{#if has_tags}} + {{#if has_tags}} +
+ + {{fmtTags profile.tags}} +
+ {{else}} + {{#if is_own_profile}}
- - {{fmtTags profile.tags}} + {{t 'profile.you_have_no_tags'}} + + {{t 'profile.add_some'}} +
- {{else}} - {{#if is_own_profile}} -
- {{t 'profile.you_have_no_tags'}} - - {{t 'profile.add_some'}} - -
- {{/if}} {{/if}} {{/if}} -{{#if loggedIn}} -
- {{#if show_profile_btns}} -
- {{#if is_receiving}} - {{!-- create status message with mention --}} - - @ - - {{/if}} +
+ {{#if show_profile_btns}} +
+ {{#if is_receiving}} + {{!-- create status message with mention --}} + + @ + + {{/if}} - {{#if is_mutual}} - {{!-- create private conversation with person --}} - - - - {{/if}} + {{#if is_mutual}} + {{!-- create private conversation with person --}} + + + + {{/if}} - {{#unless is_blocked}} - {{!-- ignore the person --}} - - - - {{/unless}} -
- {{/if}} + {{#unless is_blocked}} + {{!-- ignore the person --}} + + + + {{/unless}} +
+ {{/if}} -
+ {{else}} + + + {{t 'profile.contacts'}} +
{{contacts.count}}
+ + {{/if}} + + {{/if}}
-{{/if}} + diff --git a/app/controllers/people_controller.rb b/app/controllers/people_controller.rb index 190b3b006..b2343d941 100644 --- a/app/controllers/people_controller.rb +++ b/app/controllers/people_controller.rb @@ -84,7 +84,7 @@ class PeopleController < ApplicationController end gon.preloads[:person] = @person_json gon.preloads[:photos] = { - count: photos_from(@person, :all).count(:all) + count: Photo.visible(current_user, @person).count(:all) } gon.preloads[:contacts] = { count: Contact.contact_contacts_for(current_user, @person).count(:all), @@ -146,7 +146,7 @@ class PeopleController < ApplicationController @contacts_of_contact = Contact.contact_contacts_for(current_user, @person) gon.preloads[:person] = PersonPresenter.new(@person, current_user).full_hash_with_profile gon.preloads[:photos] = { - count: photos_from(@person, :all).count(:all) + count: Photo.visible(current_user, @person).count(:all) } gon.preloads[:contacts] = { count: @contacts_of_contact.count(:all), @@ -224,14 +224,6 @@ class PeopleController < ApplicationController @person.try(:remote?) && !user_signed_in? end - def photos_from(person, limit) - @photos ||= if user_signed_in? - current_user.photos_from(person, limit: limit) - else - Photo.where(author_id: person.id, public: true) - end.order('created_at desc') - end - def mark_corresponding_notifications_read Notification.where(recipient_id: current_user.id, target_type: "Person", target_id: @person.id, unread: true).each do |n| n.set_read_state( true ) diff --git a/app/controllers/photos_controller.rb b/app/controllers/photos_controller.rb index 8512ab752..a0c6a5b76 100644 --- a/app/controllers/photos_controller.rb +++ b/app/controllers/photos_controller.rb @@ -3,7 +3,7 @@ # the COPYRIGHT file. class PhotosController < ApplicationController - before_action :authenticate_user!, :except => :show + before_action :authenticate_user!, except: %i(show index) respond_to :html, :json def show @@ -19,15 +19,16 @@ class PhotosController < ApplicationController def index @post_type = :photos @person = Person.find_by_guid(params[:person_id]) + authenticate_user! if @person.try(:remote?) && !user_signed_in? if @person - @contact = current_user.contact_for(@person) - @posts = current_user.photos_from(@person, max_time: max_time).order('created_at desc') + @contact = current_user.contact_for(@person) if user_signed_in? + @posts = Photo.visible(current_user, @person, :all, max_time) respond_to do |format| format.all do gon.preloads[:person] = PersonPresenter.new(@person, current_user).full_hash_with_profile gon.preloads[:photos] = { - count: current_user.photos_from(@person, limit: :all).count(:all) + count: Photo.visible(current_user, @person).count(:all) } gon.preloads[:contacts] = { count: Contact.contact_contacts_for(current_user, @person).count(:all), diff --git a/app/models/photo.rb b/app/models/photo.rb index b652093e7..f38263620 100644 --- a/app/models/photo.rb +++ b/app/models/photo.rb @@ -145,4 +145,13 @@ class Photo < ActiveRecord::Base def mutable? true end + + def self.visible(current_user, person, limit=:all, max_time=nil) + photos = if current_user + current_user.photos_from(person, limit: limit, max_time: max_time) + else + Photo.where(author_id: person.id, public: true) + end + photos.order("created_at desc") + end end diff --git a/spec/controllers/people_controller_spec.rb b/spec/controllers/people_controller_spec.rb index 3c926d48c..b18751233 100644 --- a/spec/controllers/people_controller_spec.rb +++ b/spec/controllers/people_controller_spec.rb @@ -205,19 +205,6 @@ describe PeopleController, :type => :controller do expect(response.body).not_to include(profile.first_name) end - it "doesn't leak photos in the sidebar" do - private_photo = @user.post(:photo, user_file: uploaded_photo, to: @aspect.id, public: false) - public_photo = @user.post(:photo, user_file: uploaded_photo, to: @aspect.id, public: true) - allow(@user.person).to receive(:remote?) { false } - - sign_out :user - get :show, id: @user.person.to_param - - expect(response).to be_success - expect(assigns(:photos)).not_to include private_photo - expect(assigns(:photos)).to include public_photo - end - it "displays the correct number of photos" do 16.times do |i| eve.post(:photo, :user_file => uploaded_photo, :to => eve.aspects.first.id, :public => true) diff --git a/spec/controllers/photos_controller_spec.rb b/spec/controllers/photos_controller_spec.rb index c0e2efcab..630735b67 100644 --- a/spec/controllers/photos_controller_spec.rb +++ b/spec/controllers/photos_controller_spec.rb @@ -130,6 +130,49 @@ describe PhotosController, :type => :controller do expect(assigns[:posts]).to be_empty end + + context "with no user signed in" do + before do + sign_out :user + @person = bob.person + end + + it "succeeds" do + get :index, person_id: @person.to_param + expect(response.status).to eq(200) + end + + it "succeeds on the mobile site" do + get :index, person_id: @person.to_param, format: :mobile + expect(response).to be_success + end + + it "forces to sign in if the person is remote" do + p = FactoryGirl.create(:person) + + get :index, person_id: p.to_param + expect(response).to be_redirect + expect(response).to redirect_to new_user_session_path + end + + it "displays the correct number of photos" do + 16.times do + eve.post(:photo, user_file: uploaded_photo, to: eve.aspects.first.id, public: true) + end + get :index, person_id: eve.person.to_param + expect(response.body).to include '"photos":{"count":16}' + + eve.post(:photo, user_file: uploaded_photo, to: eve.aspects.first.id, public: false) + get :index, person_id: eve.person.to_param + expect(response.body).to include '"photos":{"count":16}' + end + + it "displays a person's pictures" do + get :index, person_id: bob.person.guid.to_s + expect(assigns[:person]).to eq(bob.person) + expect(assigns[:posts]).to eq([@bobs_photo]) + end + end end describe '#edit' do diff --git a/spec/models/photo_spec.rb b/spec/models/photo_spec.rb index 49ecf950d..863864c2e 100644 --- a/spec/models/photo_spec.rb +++ b/spec/models/photo_spec.rb @@ -298,4 +298,20 @@ describe Photo, :type => :model do @photo.receive_public end end + + describe "#visible" do + context "with a current user" do + it "calls photos_from" do + expect(@user).to receive(:photos_from).with(@user.person, limit: :all, max_time: nil).and_call_original + Photo.visible(@user, @user.person) + end + end + + context "without a current user" do + it "returns all public photos" do + expect(Photo).to receive(:where).with(author_id: @user.person.id, public: true).and_call_original + Photo.visible(nil, @user.person) + end + end + end end