Allow non-logged-in users to see public photos

2011-11-03 22:07:48 -07:00 · 2011-11-03 22:07:48 -07:00 · f9a9654c86
commit f9a9654c86
parent 9ef0fbfe60
2 changed files with 33 additions and 9 deletions
--- a/app/controllers/photos_controller.rb
+++ b/app/controllers/photos_controller.rb
@ -3,7 +3,7 @@
 #   the COPYRIGHT file.

 class PhotosController < ApplicationController
-  before_filter :authenticate_user!
+  before_filter :authenticate_user!, :except => :show

  helper_method :parent, :photo, :additional_photos, :next_photo, :previous_photo, :ownership

@ -140,8 +140,14 @@ class PhotosController < ApplicationController
  end

  def show
-    if photo
-      respond_with photo
+    if user_signed_in?
+      @photo = current_user.find_visible_shareable_by_id(Photo, params[:id])
+    else
+      @photo = Photo.where(id => params[:id], :public => true)
+    end
+
+    if @photo
+      respond_with @photo
    else
      redirect_to :back
    end
--- a/spec/controllers/photos_controller_spec.rb
+++ b/spec/controllers/photos_controller_spec.rb
@ -109,6 +109,9 @@ describe PhotosController do
      before do
        user3 = Factory(:user_with_aspect)
        @photo = user3.post(:photo, :user_file => uploaded_photo, :to => user3.aspects.first.id, :public => true)
+      end
+      context "user logged in" do
+        before do
          get :show, :id => @photo.to_param
        end

@ -121,6 +124,21 @@ describe PhotosController do
          @controller.ownership.should be_false
        end
      end
+      context "not logged in" do
+        before do
+          sign_out :user
+          get :show, :id => @photo.to_param
+        end
+
+        it "succeeds" do
+          response.should be_success
+        end
+        
+        it "assigns the photo" do
+          assigns[:photo].should == @photo
+        end
+      end
+    end
  end

  describe '#edit' do