From ddbd5febb3e7558413c29cc0039dc3df1ac11c34 Mon Sep 17 00:00:00 2001
From: Raphael Sofaer <raphael@joindiaspora.com>
Date: Thu, 10 Mar 2011 12:30:14 -0800
Subject: [PATCH] Make people pages publicly accessible

---
 app/controllers/aspects_controller.rb       |  4 +--
 app/controllers/people_controller.rb        | 35 ++++++++++++---------
 app/views/people/_profile_sidebar.html.haml |  6 ++--
 app/views/people/show.html.haml             |  6 ++--
 app/views/shared/_stream_element.html.haml  |  2 +-
 spec/controllers/people_controller_spec.rb  | 21 +++++++++++++
 6 files changed, 50 insertions(+), 24 deletions(-)

diff --git a/app/controllers/aspects_controller.rb b/app/controllers/aspects_controller.rb
index 670b27597..f58999e5b 100644
--- a/app/controllers/aspects_controller.rb
+++ b/app/controllers/aspects_controller.rb
@@ -86,10 +86,10 @@ class AspectsController < ApplicationController
     begin
       current_user.drop_aspect @aspect
       flash[:notice] = I18n.t 'aspects.destroy.success',:name => @aspect.name
-      redirect_to :back
+      redirect_to aspects_path
     rescue ActiveRecord::StatementInvalid => e
       flash[:error] = I18n.t 'aspects.destroy.failure',:name => @aspect.name
-      redirect_to :back
+      redirect_to aspects_path
     end
   end
 
diff --git a/app/controllers/people_controller.rb b/app/controllers/people_controller.rb
index f4965373a..27175d243 100644
--- a/app/controllers/people_controller.rb
+++ b/app/controllers/people_controller.rb
@@ -3,7 +3,7 @@
 #   the COPYRIGHT file.
 
 class PeopleController < ApplicationController
-  before_filter :authenticate_user!
+  before_filter :authenticate_user!, :except => [:show]
 
   respond_to :html
   respond_to :json, :only => [:index, :show]
@@ -48,27 +48,32 @@ class PeopleController < ApplicationController
     @share_with = (params[:share_with] == 'true')
 
     if @person
-      @incoming_request = current_user.request_from(@person)
 
       @profile = @person.profile
-      @contact = current_user.contact_for(@person)
-      @aspects_with_person = []
 
-      if @contact
-        @aspects_with_person = @contact.aspects
-        @contacts_of_contact = @contact.contacts
+      if current_user
+        @incoming_request = current_user.request_from(@person)
+        @contact = current_user.contact_for(@person)
+        @aspects_with_person = []
+        if @contact
+          @aspects_with_person = @contact.aspects
+          @contacts_of_contact = @contact.contacts
+        else
+          @contact ||= Contact.new
+          @contacts_of_contact = []
+        end
+
+        if (@person != current_user.person) && (!@contact || @contact.pending)
+          @commenting_disabled = true
+        else
+          @commenting_disabled = false
+        end
+        @posts = current_user.posts_from(@person).where(:type => "StatusMessage").paginate(:per_page => 15, :page => params[:page])
       else
-        @contact ||= Contact.new
-        @contacts_of_contact = []
-      end
-
-      if (@person != current_user.person) && (!@contact || @contact.pending)
         @commenting_disabled = true
-      else
-        @commenting_disabled = false
+        @posts = @person.posts.where(:type => "StatusMessage", :public => true).paginate(:per_page => 15, :page => params[:page])
       end
 
-      @posts = current_user.posts_from(@person).where(:type => "StatusMessage").paginate  :per_page => 15, :page => params[:page]
       @fakes = PostsFake.new(@posts)
       respond_with @person, :locals => {:post_type => :all}
 
diff --git a/app/views/people/_profile_sidebar.html.haml b/app/views/people/_profile_sidebar.html.haml
index c731de4be..7643365b9 100644
--- a/app/views/people/_profile_sidebar.html.haml
+++ b/app/views/people/_profile_sidebar.html.haml
@@ -18,14 +18,14 @@
   .profile_photo
     = person_image_link(person, :size => :thumb_large, :to => :photos)
 
-  - if person == current_user.person
+  - if user_signed_in? && person == current_user.person
     %p
       = link_to t('people.profile_sidebar.edit_my_profile'), edit_profile_path
 
     %hr{:style=>"width:300px;"}
 
   %ul
-    - unless person == current_user.person
+    - if user_signed_in? && person != current_user.person
       %li
         = render :partial => 'people/aspect_list',
           :locals => {:person => person,
@@ -35,7 +35,7 @@
       %br
       %hr{:style=>"width:300px;"}
 
-  -if (contact.persisted? && !contact.pending?) || person == current_user.person || @incoming_request
+  -if user_signed_in? && ((contact.persisted? && !contact.pending?) || person == current_user.person || @incoming_request)
     %ul#profile_information
       %li
         - unless person.profile.bio.blank?
diff --git a/app/views/people/show.html.haml b/app/views/people/show.html.haml
index f45c472f0..76f57b1b3 100644
--- a/app/views/people/show.html.haml
+++ b/app/views/people/show.html.haml
@@ -12,7 +12,7 @@
 .span-8.append-1.last
   = render :partial => 'people/profile_sidebar', :locals => {:person => @person, :contact => @contact }
 
-  - if @contact.persisted? && @contacts_of_contact.count > 0
+  - if user_signed_in? && @contact.persisted? && @contacts_of_contact.count > 0
     .span-8.last
       %hr{:style=>"width:300px;"}
       .section.contact_pictures
@@ -24,7 +24,7 @@
 
 .span-15.last
   #author_info
-    - unless @contact.persisted? || current_user.person == @person
+    - if user_signed_in? && !(@contact.persisted? || current_user.person == @person)
       .right
         - if @incoming_request
           = link_to t('.incoming_request', :name => truncate(@person.name, :length => 20, :separator => ' ', :omission => '')),
@@ -45,7 +45,7 @@
 
 
     - else
-      - if @contact.person
+      - if user_signed_in? && @contact.person
         .right
           = link_to t('.message'), new_conversation_path(:contact_id => @contact.id, :name => @contact.person.name, :contact_id => @contact.id), :class => 'button', :rel => 'facebox'
 
diff --git a/app/views/shared/_stream_element.html.haml b/app/views/shared/_stream_element.html.haml
index 36a28cbc7..264363785 100644
--- a/app/views/shared/_stream_element.html.haml
+++ b/app/views/shared/_stream_element.html.haml
@@ -3,7 +3,7 @@
 -#   the COPYRIGHT file.
 
 .stream_element{:data=>{:guid=>post.id}}
-  - if post.author.owner_id == current_user.id
+  - if current_user && post.author.owner_id == current_user.id
     .right.hidden.controls
       - reshare_aspects = aspects_without_post(all_aspects, post)
       - unless reshare_aspects.empty?
diff --git a/spec/controllers/people_controller_spec.rb b/spec/controllers/people_controller_spec.rb
index 1bba46171..ffb5f5da4 100644
--- a/spec/controllers/people_controller_spec.rb
+++ b/spec/controllers/people_controller_spec.rb
@@ -129,6 +129,27 @@ describe PeopleController do
       end
     end
 
+    context "with no user signed in" do
+      before do
+        sign_out :user
+        @person = bob.person
+      end
+      it "succeeds" do
+        get :show, :id => @person.id
+        response.status.should == 200
+      end
+      it "assigns only public posts" do
+        public_posts = []
+        public_posts << bob.post(:status_message, :message => "first public ", :to => bob.aspects[0].id, :public => true)
+        bob.post(:status_message, :message => "to an aspect @user is not in", :to => bob.aspects[1].id)
+        bob.post(:status_message, :message => "to all aspects", :to => 'all')
+        public_posts << bob.post(:status_message, :message => "public", :to => 'all', :public => true)
+
+        get :show, :id => @person.id
+
+        assigns[:posts].should == public_posts
+      end
+    end
     context "when the person is a contact of the current user" do
       before do
         @person = bob.person