Always show public photos

    {{/if}}

  </h2>

  {{#if loggedIn}}

  {{#if has_tags}}

    <div class="description">

      <i class="entypo tag"></i>

      </div>

    {{/if}}

  {{/if}}

  {{/if}}

</div>

{{#if loggedIn}}

<div id="profile_horizontal_bar">

  {{#if show_profile_btns}}

    <div id="profile_buttons" class="pull-right">

    {{/if}}

  </div>

</div>

{{/if}}

        end

        gon.preloads[:person] = @person_json

        gon.preloads[:photos] = {

          count: photos_from(@person, :all).count(:all)

          count: Photo.visible(current_user, @person).count(:all)

        }

        gon.preloads[:contacts] = {

          count: Contact.contact_contacts_for(current_user, @person).count(:all),

          @contacts_of_contact = Contact.contact_contacts_for(current_user, @person)

          gon.preloads[:person] = PersonPresenter.new(@person, current_user).full_hash_with_profile

          gon.preloads[:photos] = {

            count: photos_from(@person, :all).count(:all)

            count: Photo.visible(current_user, @person).count(:all)

          }

          gon.preloads[:contacts] = {

            count: @contacts_of_contact.count(:all),

    @person.try(:remote?) && !user_signed_in?

  end

  def photos_from(person, limit)

    @photos ||= if user_signed_in?

      current_user.photos_from(person, limit: limit)

    else

      Photo.where(author_id: person.id, public: true)

    end.order('created_at desc')

  end

  def mark_corresponding_notifications_read

    Notification.where(recipient_id: current_user.id, target_type: "Person", target_id: @person.id, unread: true).each do |n|

      n.set_read_state( true )

#   the COPYRIGHT file.

class PhotosController < ApplicationController

  before_action :authenticate_user!, :except => :show

  before_action :authenticate_user!, except: %i(show index)

  respond_to :html, :json

  def show

  def index

    @post_type = :photos

    @person = Person.find_by_guid(params[:person_id])

    authenticate_user! if @person.try(:remote?) && !user_signed_in?

    if @person

      @contact = current_user.contact_for(@person)

      @posts = current_user.photos_from(@person, max_time: max_time).order('created_at desc')

      @contact = current_user.contact_for(@person) if user_signed_in?

      @posts = Photo.visible(current_user, @person, :all, max_time)

      respond_to do |format|

        format.all do

          gon.preloads[:person] = PersonPresenter.new(@person, current_user).full_hash_with_profile

          gon.preloads[:photos] = {

            count: current_user.photos_from(@person, limit: :all).count(:all)

            count: Photo.visible(current_user, @person).count(:all)

          }

          gon.preloads[:contacts] = {

            count: Contact.contact_contacts_for(current_user, @person).count(:all),

  def mutable?

    true

  end

  def self.visible(current_user, person, limit=:all, max_time=nil)

    photos = if current_user

               current_user.photos_from(person, limit: limit, max_time: max_time)

             else

               Photo.where(author_id: person.id, public: true)

             end

    photos.order("created_at desc")

  end

end

      expect(response.body).not_to include(profile.first_name)

    end

    it "doesn't leak photos in the sidebar" do

      private_photo = @user.post(:photo, user_file: uploaded_photo, to: @aspect.id, public: false)

      public_photo = @user.post(:photo, user_file: uploaded_photo, to: @aspect.id, public: true)

      allow(@user.person).to receive(:remote?) { false }

      sign_out :user

      get :show, id: @user.person.to_param

      expect(response).to be_success

      expect(assigns(:photos)).not_to include private_photo

      expect(assigns(:photos)).to include public_photo

    end

    it "displays the correct number of photos" do

      16.times do |i|

        eve.post(:photo, :user_file => uploaded_photo, :to => eve.aspects.first.id, :public => true)