diff --git a/app/models/person.rb b/app/models/person.rb index 052ee76d3..f4c2c49a7 100644 --- a/app/models/person.rb +++ b/app/models/person.rb @@ -299,11 +299,6 @@ class Person < ActiveRecord::Base end end - #gross method pulled out from controller, not exactly sure how it should be used. - def shares_with(user) - user.contacts.receiving.where(:person_id => self.id).first if user - end - # @param person [Person] # @param url [String] def update_url(url) diff --git a/app/presenters/person_presenter.rb b/app/presenters/person_presenter.rb index fc8100e52..99e759a6d 100644 --- a/app/presenters/person_presenter.rb +++ b/app/presenters/person_presenter.rb @@ -41,7 +41,9 @@ class PersonPresenter < BasePresenter end def person_is_following_current_user - @presentable.shares_with(current_user) + return false unless current_user + contact = current_user_person_contact + contact && contact.sharing? end def full_hash_with_profile diff --git a/spec/controllers/people_controller_spec.rb b/spec/controllers/people_controller_spec.rb index 841e3d616..3c926d48c 100644 --- a/spec/controllers/people_controller_spec.rb +++ b/spec/controllers/people_controller_spec.rb @@ -270,6 +270,11 @@ describe PeopleController, :type => :controller do expect(response).to be_redirect expect(response).to redirect_to new_user_session_path end + + it "leaks no private profile info" do + get :show, id: @person.to_param + expect(response.body).not_to include(@person.profile.bio) + end end context "when the person is a contact of the current user" do @@ -295,6 +300,11 @@ describe PeopleController, :type => :controller do note.reload }.to change(Notification.where(:unread => true), :count).by(-1) end + + it "includes private profile info" do + get :show, id: @person.to_param + expect(response.body).to include(@person.profile.bio) + end end context "when the person is not a contact of the current user" do @@ -311,6 +321,24 @@ describe PeopleController, :type => :controller do get :show, :id => @person.to_param, :format => :mobile expect(response).to be_success end + + it "leaks no private profile info" do + get :show, id: @person.to_param + expect(response.body).not_to include(@person.profile.bio) + end + end + + context "when the user is following the person" do + before do + sign_out :user + sign_in :user, peter + @person = alice.person + end + + it "leaks no private profile info" do + get :show, id: @person.to_param + expect(response.body).not_to include(@person.profile.bio) + end end end diff --git a/spec/presenters/person_presenter_spec.rb b/spec/presenters/person_presenter_spec.rb index 1873d80cb..2ef6726b8 100644 --- a/spec/presenters/person_presenter_spec.rb +++ b/spec/presenters/person_presenter_spec.rb @@ -4,6 +4,11 @@ describe PersonPresenter do let(:profile_user) { FactoryGirl.create(:user_with_aspect) } let(:person) { profile_user.person } + let(:mutual_contact) { double(id: 1, mutual?: true, sharing?: true, receiving?: true) } + let(:receiving_contact) { double(id: 1, mutual?: false, sharing?: false, receiving?: true) } + let(:sharing_contact) { double(id: 1, mutual?: false, sharing?: true, receiving?: false) } + let(:non_contact) { double(id: 1, mutual?: false, sharing?: false, receiving?: false) } + describe "#as_json" do context "with no current_user" do it "returns the user's basic profile" do @@ -22,17 +27,26 @@ describe PersonPresenter do end context "with a current_user" do - let(:current_user) { FactoryGirl.create(:user)} + let(:current_user) { FactoryGirl.create(:user) } let(:presenter){ PersonPresenter.new(person, current_user) } # here private information == addtional user profile, because additional profile by default is private it "doesn't share private information when the users aren't connected" do + allow(current_user).to receive(:contact_for) { non_contact } + expect(person.profile.public_details).to be_falsey + expect(presenter.as_json[:show_profile_info]).to be_falsey + expect(presenter.as_json[:profile]).not_to have_key(:location) + end + + it "doesn't share private information when the current user is sharing with the person" do + allow(current_user).to receive(:contact_for) { receiving_contact } expect(person.profile.public_details).to be_falsey expect(presenter.as_json[:show_profile_info]).to be_falsey expect(presenter.as_json[:profile]).not_to have_key(:location) end it "shares private information when the users aren't connected, but profile is public" do + allow(current_user).to receive(:contact_for) { non_contact } person.profile.public_details = true expect(presenter.as_json[:show_profile_info]).to be_truthy expect(presenter.as_json[:relationship]).to be(:not_sharing) @@ -40,7 +54,15 @@ describe PersonPresenter do end it "has private information when the person is sharing with the current user" do - expect(person).to receive(:shares_with).with(current_user).and_return(true) + allow(current_user).to receive(:contact_for) { sharing_contact } + expect(person.profile.public_details).to be_falsey + pr_json = presenter.as_json + expect(pr_json[:show_profile_info]).to be_truthy + expect(pr_json[:profile]).to have_key(:location) + end + + it "has private information when the relationship is mutual" do + allow(current_user).to receive(:contact_for) { mutual_contact } expect(person.profile.public_details).to be_falsey pr_json = presenter.as_json expect(pr_json[:show_profile_info]).to be_truthy @@ -58,10 +80,6 @@ describe PersonPresenter do describe "#full_hash" do let(:current_user) { FactoryGirl.create(:user) } - let(:mutual_contact) { double(:id => 1, :mutual? => true, :sharing? => true, :receiving? => true ) } - let(:receiving_contact) { double(:id => 1, :mutual? => false, :sharing? => false, :receiving? => true) } - let(:sharing_contact) { double(:id => 1, :mutual? => false, :sharing? => true, :receiving? => false) } - let(:non_contact) { double(:id => 1, :mutual? => false, :sharing? => false, :receiving? => false) } before do @p = PersonPresenter.new(person, current_user)