You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

151 lines
3.9 KiB

  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. require 'pundit/rspec'
  4. RSpec.describe StatusPolicy, type: :model do
  5. subject { described_class }
  6. let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
  7. let(:alice) { Fabricate(:account, username: 'alice') }
  8. let(:bob) { Fabricate(:account, username: 'bob') }
  9. let(:status) { Fabricate(:status, account: alice) }
  10. permissions :show?, :reblog? do
  11. it 'grants access when no viewer' do
  12. expect(subject).to permit(nil, status)
  13. end
  14. it 'denies access when viewer is blocked' do
  15. block = Fabricate(:block)
  16. status.visibility = :private
  17. status.account = block.target_account
  18. expect(subject).to_not permit(block.account, status)
  19. end
  20. end
  21. permissions :show? do
  22. it 'grants access when direct and account is viewer' do
  23. status.visibility = :direct
  24. expect(subject).to permit(status.account, status)
  25. end
  26. it 'grants access when direct and viewer is mentioned' do
  27. status.visibility = :direct
  28. status.mentions = [Fabricate(:mention, account: alice)]
  29. expect(subject).to permit(alice, status)
  30. end
  31. it 'denies access when direct and viewer is not mentioned' do
  32. viewer = Fabricate(:account)
  33. status.visibility = :direct
  34. expect(subject).to_not permit(viewer, status)
  35. end
  36. it 'grants access when private and account is viewer' do
  37. status.visibility = :private
  38. expect(subject).to permit(status.account, status)
  39. end
  40. it 'grants access when private and account is following viewer' do
  41. follow = Fabricate(:follow)
  42. status.visibility = :private
  43. status.account = follow.target_account
  44. expect(subject).to permit(follow.account, status)
  45. end
  46. it 'grants access when private and viewer is mentioned' do
  47. status.visibility = :private
  48. status.mentions = [Fabricate(:mention, account: alice)]
  49. expect(subject).to permit(alice, status)
  50. end
  51. it 'denies access when private and viewer is not mentioned or followed' do
  52. viewer = Fabricate(:account)
  53. status.visibility = :private
  54. expect(subject).to_not permit(viewer, status)
  55. end
  56. end
  57. permissions :reblog? do
  58. it 'denies access when private' do
  59. viewer = Fabricate(:account)
  60. status.visibility = :private
  61. expect(subject).to_not permit(viewer, status)
  62. end
  63. it 'denies access when direct' do
  64. viewer = Fabricate(:account)
  65. status.visibility = :direct
  66. expect(subject).to_not permit(viewer, status)
  67. end
  68. end
  69. permissions :destroy?, :unreblog? do
  70. it 'grants access when account is deleter' do
  71. expect(subject).to permit(status.account, status)
  72. end
  73. it 'grants access when account is admin' do
  74. expect(subject).to permit(admin.account, status)
  75. end
  76. it 'denies access when account is not deleter' do
  77. expect(subject).to_not permit(bob, status)
  78. end
  79. it 'denies access when no deleter' do
  80. expect(subject).to_not permit(nil, status)
  81. end
  82. end
  83. permissions :favourite? do
  84. it 'grants access when viewer is not blocked' do
  85. follow = Fabricate(:follow)
  86. status.account = follow.target_account
  87. expect(subject).to permit(follow.account, status)
  88. end
  89. it 'denies when viewer is blocked' do
  90. block = Fabricate(:block)
  91. status.account = block.target_account
  92. expect(subject).to_not permit(block.account, status)
  93. end
  94. end
  95. permissions :index? do
  96. it 'grants access if staff' do
  97. expect(subject).to permit(admin.account)
  98. end
  99. it 'denies access unless staff' do
  100. expect(subject).to_not permit(alice)
  101. end
  102. end
  103. permissions :update? do
  104. it 'grants access if staff' do
  105. expect(subject).to permit(admin.account, status)
  106. end
  107. it 'grants access if owner' do
  108. expect(subject).to permit(status.account, status)
  109. end
  110. it 'denies access unless staff' do
  111. expect(subject).to_not permit(bob, status)
  112. end
  113. end
  114. end