nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Show private profile info if contact is sharing

Browse source
This commit is contained in:
Steffen van Bergerem 2015-09-13 12:16:25 +02:00 committed by Jonne Haß
parent 782c1ef6ee
commit ebad0961a9
4 changed files with 48 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/models/person.rb
View file

@ -299,11 +299,6 @@ class Person < ActiveRecord::Base
end end
end end
#gross method pulled out from controller, not exactly sure how it should be used.
def shares_with(user)
user.contacts.receiving.where(:person_id => self.id).first if user
end
# @param person [Person] # @param person [Person]
# @param url [String] # @param url [String]
def update_url(url) def update_url(url)

4
app/presenters/person_presenter.rb
View file

@ -66,7 +66,9 @@ class PersonPresenter < BasePresenter
end end
def person_is_following_current_user def person_is_following_current_user
@presentable.shares_with(current_user) return false unless current_user
contact = current_user_person_contact
contact && contact.sharing?
end end
private private

28
spec/controllers/people_controller_spec.rb
View file

@ -270,6 +270,11 @@ describe PeopleController, :type => :controller do
expect(response).to be_redirect expect(response).to be_redirect
expect(response).to redirect_to new_user_session_path expect(response).to redirect_to new_user_session_path
end end
it "leaks no private profile info" do
get :show, id: @person.to_param
expect(response.body).not_to include(@person.profile.bio)
end
end end
context "when the person is a contact of the current user" do context "when the person is a contact of the current user" do
@ -295,6 +300,11 @@ describe PeopleController, :type => :controller do
note.reload note.reload
}.to change(Notification.where(:unread => true), :count).by(-1) }.to change(Notification.where(:unread => true), :count).by(-1)
end end
it "includes private profile info" do
get :show, id: @person.to_param
expect(response.body).to include(@person.profile.bio)
end
end end
context "when the person is not a contact of the current user" do context "when the person is not a contact of the current user" do
@ -311,6 +321,24 @@ describe PeopleController, :type => :controller do
get :show, :id => @person.to_param, :format => :mobile get :show, :id => @person.to_param, :format => :mobile
expect(response).to be_success expect(response).to be_success
end end
it "leaks no private profile info" do
get :show, id: @person.to_param
expect(response.body).not_to include(@person.profile.bio)
end
end
context "when the user is following the person" do
before do
sign_out :user
sign_in :user, peter
@person = alice.person
end
it "leaks no private profile info" do
get :show, id: @person.to_param
expect(response.body).not_to include(@person.profile.bio)
end
end end
end end

22
spec/presenters/person_presenter_spec.rb
View file

@ -4,6 +4,11 @@ describe PersonPresenter do
let(:profile_user) { FactoryGirl.create(:user_with_aspect) } let(:profile_user) { FactoryGirl.create(:user_with_aspect) }
let(:person) { profile_user.person } let(:person) { profile_user.person }
let(:mutual_contact) { double(id: 1, mutual?: true, sharing?: true, receiving?: true) }
let(:receiving_contact) { double(id: 1, mutual?: false, sharing?: false, receiving?: true) }
let(:sharing_contact) { double(id: 1, mutual?: false, sharing?: true, receiving?: false) }
let(:non_contact) { double(id: 1, mutual?: false, sharing?: false, receiving?: false) }
describe "#as_json" do describe "#as_json" do
context "with no current_user" do context "with no current_user" do
it "returns the user's public information if a user is not logged in" do it "returns the user's public information if a user is not logged in" do
@ -16,11 +21,22 @@ describe PersonPresenter do
let(:presenter){ PersonPresenter.new(person, current_user) } let(:presenter){ PersonPresenter.new(person, current_user) }
it "doesn't share private information when the users aren't connected" do it "doesn't share private information when the users aren't connected" do
allow(current_user).to receive(:contact_for) { non_contact }
expect(presenter.full_hash_with_profile[:profile]).not_to have_key(:location)
end
it "doesn't share private information when the current user is sharing with the person" do
allow(current_user).to receive(:contact_for) { receiving_contact }
expect(presenter.full_hash_with_profile[:profile]).not_to have_key(:location) expect(presenter.full_hash_with_profile[:profile]).not_to have_key(:location)
end end
it "has private information when the person is sharing with the current user" do it "has private information when the person is sharing with the current user" do
expect(person).to receive(:shares_with).with(current_user).and_return(true) allow(current_user).to receive(:contact_for) { sharing_contact }
expect(presenter.full_hash_with_profile[:profile]).to have_key(:location)
end
it "has private information when the relationship is mutual" do
allow(current_user).to receive(:contact_for) { mutual_contact }
expect(presenter.full_hash_with_profile[:profile]).to have_key(:location) expect(presenter.full_hash_with_profile[:profile]).to have_key(:location)
end end
@ -32,10 +48,6 @@ describe PersonPresenter do
describe "#full_hash" do describe "#full_hash" do
let(:current_user) { FactoryGirl.create(:user) } let(:current_user) { FactoryGirl.create(:user) }
let(:mutual_contact) { double(:id => 1, :mutual? => true, :sharing? => true, :receiving? => true ) }
let(:receiving_contact) { double(:id => 1, :mutual? => false, :sharing? => false, :receiving? => true) }
let(:sharing_contact) { double(:id => 1, :mutual? => false, :sharing? => true, :receiving? => false) }
let(:non_contact) { double(:id => 1, :mutual? => false, :sharing? => false, :receiving? => false) }
before do before do
@p = PersonPresenter.new(person, current_user) @p = PersonPresenter.new(person, current_user)