Allow non-logged-in users to see public photos

app/controllers/photos_controller.rb

@@ -3,7 +3,7 @@
 #   the COPYRIGHT file.
 
 class PhotosController < ApplicationController
-  before_filter :authenticate_user!
+  before_filter :authenticate_user!, :except => :show
 
   helper_method :parent, :photo, :additional_photos, :next_photo, :previous_photo, :ownership
 
@@ -140,8 +140,14 @@ class PhotosController < ApplicationController
   end
 
   def show
-    if photo
+    if user_signed_in?
-      respond_with photo
+      @photo = current_user.find_visible_shareable_by_id(Photo, params[:id])
+    else
+      @photo = Photo.where(id => params[:id], :public => true)
+    end
+
+    if @photo
+      respond_with @photo
     else
       redirect_to :back
     end

spec/controllers/photos_controller_spec.rb

@@ -109,16 +109,34 @@ describe PhotosController do
       before do
         user3 = Factory(:user_with_aspect)
         @photo = user3.post(:photo, :user_file => uploaded_photo, :to => user3.aspects.first.id, :public => true)
-        get :show, :id => @photo.to_param
       end
+      context "user logged in" do
+        before do
+          get :show, :id => @photo.to_param
+        end
 
-      it "succeeds" do
+        it "succeeds" do
-        response.should be_success
+          response.should be_success
+        end
+
+        it "assigns the photo" do
+          assigns[:photo].should == @photo
+          @controller.ownership.should be_false
+        end
       end
+      context "not logged in" do
+        before do
+          sign_out :user
+          get :show, :id => @photo.to_param
+        end
 
-      it "assigns the photo" do
+        it "succeeds" do
-        assigns[:photo].should == @photo
+          response.should be_success
-        @controller.ownership.should be_false
+        end
+        
+        it "assigns the photo" do
+          assigns[:photo].should == @photo
+        end
       end
     end
   end