From ebad0961a9d281d644ab139c6e5761753cab18d8 Mon Sep 17 00:00:00 2001 From: Steffen van Bergerem Date: Sun, 13 Sep 2015 12:16:25 +0200 Subject: [PATCH] Show private profile info if contact is sharing --- app/models/person.rb | 5 ---- app/presenters/person_presenter.rb | 4 +++- spec/controllers/people_controller_spec.rb | 28 ++++++++++++++++++++++ spec/presenters/person_presenter_spec.rb | 22 +++++++++++++---- 4 files changed, 48 insertions(+), 11 deletions(-) diff --git a/app/models/person.rb b/app/models/person.rb index a242af670..f338daf3b 100644 --- a/app/models/person.rb +++ b/app/models/person.rb @@ -299,11 +299,6 @@ class Person < ActiveRecord::Base end end - #gross method pulled out from controller, not exactly sure how it should be used. - def shares_with(user) - user.contacts.receiving.where(:person_id => self.id).first if user - end - # @param person [Person] # @param url [String] def update_url(url) diff --git a/app/presenters/person_presenter.rb b/app/presenters/person_presenter.rb index f53087eee..6ca7351ee 100644 --- a/app/presenters/person_presenter.rb +++ b/app/presenters/person_presenter.rb @@ -66,7 +66,9 @@ class PersonPresenter < BasePresenter end def person_is_following_current_user - @presentable.shares_with(current_user) + return false unless current_user + contact = current_user_person_contact + contact && contact.sharing? end private diff --git a/spec/controllers/people_controller_spec.rb b/spec/controllers/people_controller_spec.rb index 841e3d616..3c926d48c 100644 --- a/spec/controllers/people_controller_spec.rb +++ b/spec/controllers/people_controller_spec.rb @@ -270,6 +270,11 @@ describe PeopleController, :type => :controller do expect(response).to be_redirect expect(response).to redirect_to new_user_session_path end + + it "leaks no private profile info" do + get :show, id: @person.to_param + expect(response.body).not_to include(@person.profile.bio) + end end context "when the person is a contact of the current user" do @@ -295,6 +300,11 @@ describe PeopleController, :type => :controller do note.reload }.to change(Notification.where(:unread => true), :count).by(-1) end + + it "includes private profile info" do + get :show, id: @person.to_param + expect(response.body).to include(@person.profile.bio) + end end context "when the person is not a contact of the current user" do @@ -311,6 +321,24 @@ describe PeopleController, :type => :controller do get :show, :id => @person.to_param, :format => :mobile expect(response).to be_success end + + it "leaks no private profile info" do + get :show, id: @person.to_param + expect(response.body).not_to include(@person.profile.bio) + end + end + + context "when the user is following the person" do + before do + sign_out :user + sign_in :user, peter + @person = alice.person + end + + it "leaks no private profile info" do + get :show, id: @person.to_param + expect(response.body).not_to include(@person.profile.bio) + end end end diff --git a/spec/presenters/person_presenter_spec.rb b/spec/presenters/person_presenter_spec.rb index 54424e2ee..110f1955c 100644 --- a/spec/presenters/person_presenter_spec.rb +++ b/spec/presenters/person_presenter_spec.rb @@ -4,6 +4,11 @@ describe PersonPresenter do let(:profile_user) { FactoryGirl.create(:user_with_aspect) } let(:person) { profile_user.person } + let(:mutual_contact) { double(id: 1, mutual?: true, sharing?: true, receiving?: true) } + let(:receiving_contact) { double(id: 1, mutual?: false, sharing?: false, receiving?: true) } + let(:sharing_contact) { double(id: 1, mutual?: false, sharing?: true, receiving?: false) } + let(:non_contact) { double(id: 1, mutual?: false, sharing?: false, receiving?: false) } + describe "#as_json" do context "with no current_user" do it "returns the user's public information if a user is not logged in" do @@ -16,11 +21,22 @@ describe PersonPresenter do let(:presenter){ PersonPresenter.new(person, current_user) } it "doesn't share private information when the users aren't connected" do + allow(current_user).to receive(:contact_for) { non_contact } + expect(presenter.full_hash_with_profile[:profile]).not_to have_key(:location) + end + + it "doesn't share private information when the current user is sharing with the person" do + allow(current_user).to receive(:contact_for) { receiving_contact } expect(presenter.full_hash_with_profile[:profile]).not_to have_key(:location) end it "has private information when the person is sharing with the current user" do - expect(person).to receive(:shares_with).with(current_user).and_return(true) + allow(current_user).to receive(:contact_for) { sharing_contact } + expect(presenter.full_hash_with_profile[:profile]).to have_key(:location) + end + + it "has private information when the relationship is mutual" do + allow(current_user).to receive(:contact_for) { mutual_contact } expect(presenter.full_hash_with_profile[:profile]).to have_key(:location) end @@ -32,10 +48,6 @@ describe PersonPresenter do describe "#full_hash" do let(:current_user) { FactoryGirl.create(:user) } - let(:mutual_contact) { double(:id => 1, :mutual? => true, :sharing? => true, :receiving? => true ) } - let(:receiving_contact) { double(:id => 1, :mutual? => false, :sharing? => false, :receiving? => true) } - let(:sharing_contact) { double(:id => 1, :mutual? => false, :sharing? => true, :receiving? => false) } - let(:non_contact) { double(:id => 1, :mutual? => false, :sharing? => false, :receiving? => false) } before do @p = PersonPresenter.new(person, current_user)