diff --git a/app/controllers/photos_controller.rb b/app/controllers/photos_controller.rb index b29f39fd8..d321c2a86 100644 --- a/app/controllers/photos_controller.rb +++ b/app/controllers/photos_controller.rb @@ -3,7 +3,7 @@ # the COPYRIGHT file. class PhotosController < ApplicationController - before_filter :authenticate_user! + before_filter :authenticate_user!, :except => :show helper_method :parent, :photo, :additional_photos, :next_photo, :previous_photo, :ownership @@ -140,8 +140,14 @@ class PhotosController < ApplicationController end def show - if photo - respond_with photo + if user_signed_in? + @photo = current_user.find_visible_shareable_by_id(Photo, params[:id]) + else + @photo = Photo.where(id => params[:id], :public => true) + end + + if @photo + respond_with @photo else redirect_to :back end diff --git a/spec/controllers/photos_controller_spec.rb b/spec/controllers/photos_controller_spec.rb index b87662082..fc1ff3a5a 100644 --- a/spec/controllers/photos_controller_spec.rb +++ b/spec/controllers/photos_controller_spec.rb @@ -109,16 +109,34 @@ describe PhotosController do before do user3 = Factory(:user_with_aspect) @photo = user3.post(:photo, :user_file => uploaded_photo, :to => user3.aspects.first.id, :public => true) - get :show, :id => @photo.to_param end + context "user logged in" do + before do + get :show, :id => @photo.to_param + end - it "succeeds" do - response.should be_success + it "succeeds" do + response.should be_success + end + + it "assigns the photo" do + assigns[:photo].should == @photo + @controller.ownership.should be_false + end end + context "not logged in" do + before do + sign_out :user + get :show, :id => @photo.to_param + end - it "assigns the photo" do - assigns[:photo].should == @photo - @controller.ownership.should be_false + it "succeeds" do + response.should be_success + end + + it "assigns the photo" do + assigns[:photo].should == @photo + end end end end