Do not show contact if given domain does not belong to the current user

test/system/registrant_area/contacts/details_test.rb

@@ -24,4 +24,12 @@ class RegistrantAreaContactDetailsTest < ApplicationSystemTestCase
     assert_text "Created at #{l Time.zone.parse('2010-07-05')}"
     assert_text "Updated at #{l Time.zone.parse('2010-07-06')}"
   end
+
+  def test_registrant_user_cannot_access_contact_when_given_domain_belongs_to_another_user
+    suppress(ActionView::Template::Error) do
+      visit registrant_domain_contact_url(domains(:metro), @contact)
+      assert_response :not_found
+      assert_no_text 'Name John'
+    end
+  end
 end

test/system/registrant_area/domains/details_test.rb

@@ -55,4 +55,12 @@ class RegistrantAreaDomainDetailsTest < ApplicationSystemTestCase
       assert_css '.tech-domain-contact', count: 2
     end
   end
+
+  def test_registrant_user_cannot_access_domains_of_other_users
+    suppress(ActiveRecord::RecordNotFound) do
+      visit registrant_domain_url(domains(:metro))
+      assert_response :not_found
+      assert_no_text 'metro.test'
+    end
+  end
 end

test/system/registrant_area/domains/list_test.rb

@@ -15,6 +15,11 @@ class RegistrantAreaDomainListTest < ApplicationSystemTestCase
     assert_link 'John', href: registrant_domain_contact_path(@domain, @domain.registrant)
     assert_link 'Best Names', href: registrant_registrar_path(@domain.registrar)
     assert_text l(Time.zone.parse('2010-07-05'))
-    assert_css '.domains .domain', count: 5
+    assert_css '.domains .domain', count: 4
+  end
+
+  def test_do_not_show_domains_of_other_registrant_users
+    visit registrant_domains_url
+    assert_no_text 'metro.test'
   end
 end