hitting profiles.json publically displays only public stuff; if you're connected to a user, it shows that user's complete profile response
This commit is contained in:
danielgrippi
parent
c3b0bbd425
commit
d5f511c325
2 changed files with 36 additions and 6 deletions
|
|
@ -3,7 +3,7 @@
|
||||||
# the COPYRIGHT file.
|
# the COPYRIGHT file.
|
||||||
|
|
||||||
class ProfilesController < ApplicationController
|
class ProfilesController < ApplicationController
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!, :except => ['show']
|
||||||
|
|
||||||
respond_to :html, :except => [:show]
|
respond_to :html, :except => [:show]
|
||||||
respond_to :js, :only => :update
|
respond_to :js, :only => :update
|
||||||
|
|
@ -14,11 +14,20 @@ class ProfilesController < ApplicationController
|
||||||
@person = Person.find_by_guid!(params[:id])
|
@person = Person.find_by_guid!(params[:id])
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.json { render :json => @person.as_api_response(:backbone).merge({
|
format.json {
|
||||||
:location => @person.profile.location,
|
public_json = @person.as_api_response(:backbone)
|
||||||
:birthday => @person.profile.formatted_birthday,
|
extra_json = {}
|
||||||
:bio => @person.profile.bio
|
|
||||||
}) }
|
if(current_user && current_user.contacts.receiving.where(:person_id => @person.id).first)
|
||||||
|
extra_json = {
|
||||||
|
:location => @person.profile.location,
|
||||||
|
:birthday => @person.profile.formatted_birthday,
|
||||||
|
:bio => @person.profile.bio
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
render :json => public_json.merge(extra_json)
|
||||||
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,27 @@ describe ProfilesController do
|
||||||
get :show, :id => @user.person.guid, :format => :json
|
get :show, :id => @user.person.guid, :format => :json
|
||||||
JSON.parse(response.body).should include(JSON.parse(@user.person.as_api_response(:backbone).to_json))
|
JSON.parse(response.body).should include(JSON.parse(@user.person.as_api_response(:backbone).to_json))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "returns the user's public information if a user is not logged in" do
|
||||||
|
sign_out :user
|
||||||
|
get :show, :id => @user.person.guid, :format => :json
|
||||||
|
JSON.parse(response.body).should include(JSON.parse(@user.person.as_api_response(:backbone).to_json))
|
||||||
|
end
|
||||||
|
|
||||||
|
it "returns the user's public information if a user is logged in and the visiting user is not receiving" do
|
||||||
|
sign_in :user, alice
|
||||||
|
|
||||||
|
puts alice.contacts.first.person.inspect
|
||||||
|
|
||||||
|
get :show, :id => @user.person.guid, :format => :json
|
||||||
|
response.body.should_not match(/.location./)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "returns the user's private information if a user is logged in and the visiting user is receiving" do
|
||||||
|
sign_in :user, bob
|
||||||
|
get :show, :id => @user.person.guid, :format => :json
|
||||||
|
response.body.should match(/.location./)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe '#edit' do
|
describe '#edit' do
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue