permissions :show? do
    it 'denies access if viewed user is private' do
      expect(UserPolicy).not_to permit(current_user, private_user)
    end