closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3144 Commits
4 Branches
567 MiB
Tree: 22cf18e16f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '22cf18e16f'
${ noResults }
mastodon/spec/policies/status_policy_spec.rb

89 lines
2.4 KiB
Raw Normal View History

Extract authorization policy for viewing statuses (#3150)
7 years ago
Move status reblog authorization into policy (#3425)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Fix incorrect visibility setter in StatusPolicySpec (#3456)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Fix incorrect visibility setter in StatusPolicySpec (#3456)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Move status reblog authorization into policy (#3425)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Move status reblog authorization into policy (#3425)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Move status reblog authorization into policy (#3425)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Move status reblog authorization into policy (#3425)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
 
  1. require 'rails_helper'
  2. require 'pundit/rspec'
  3. 

  4. RSpec.describe StatusPolicy, type: :model do
  5.   subject { described_class }
  6. 

  7.   let(:alice) { Fabricate(:account, username: 'alice') }
  8.   let(:status) { Fabricate(:status, account: alice) }
  9. 

  10.   permissions :show?, :reblog? do
  11.     it 'grants access when no viewer' do
  12.       expect(subject).to permit(nil, status)
  13.     end
  14. 

  15.     it 'denies access when viewer is blocked' do
  16.       block = Fabricate(:block)
  17.       status.visibility = :private
  18.       status.account = block.target_account
  19. 

  20.       expect(subject).to_not permit(block.account, status)
  21.     end
  22.   end
  23. 

  24.   permissions :show? do
  25.     it 'grants access when direct and account is viewer' do
  26.       status.visibility = :direct
  27. 

  28.       expect(subject).to permit(status.account, status)
  29.     end
  30. 

  31.     it 'grants access when direct and viewer is mentioned' do
  32.       status.visibility = :direct
  33.       status.mentions = [Fabricate(:mention, account: alice)]
  34. 

  35.       expect(subject).to permit(alice, status)
  36.     end
  37. 

  38.     it 'denies access when direct and viewer is not mentioned' do
  39.       viewer = Fabricate(:account)
  40.       status.visibility = :direct
  41. 

  42.       expect(subject).to_not permit(viewer, status)
  43.     end
  44. 

  45.     it 'grants access when private and account is viewer' do
  46.       status.visibility = :private
  47. 

  48.       expect(subject).to permit(status.account, status)
  49.     end
  50. 

  51.     it 'grants access when private and account is following viewer' do
  52.       follow = Fabricate(:follow)
  53.       status.visibility = :private
  54.       status.account = follow.target_account
  55. 

  56.       expect(subject).to permit(follow.account, status)
  57.     end
  58. 

  59.     it 'grants access when private and viewer is mentioned' do
  60.       status.visibility = :private
  61.       status.mentions = [Fabricate(:mention, account: alice)]
  62. 

  63.       expect(subject).to permit(alice, status)
  64.     end
  65. 

  66.     it 'denies access when private and viewer is not mentioned or followed' do
  67.       viewer = Fabricate(:account)
  68.       status.visibility = :private
  69. 

  70.       expect(subject).to_not permit(viewer, status)
  71.     end
  72.   end
  73. 

  74.   permissions :reblog? do
  75.     it 'denies access when private' do
  76.       viewer = Fabricate(:account)
  77.       status.visibility = :private
  78. 

  79.       expect(subject).to_not permit(viewer, status)
  80.     end
  81. 

  82.     it 'denies access when direct' do
  83.       viewer = Fabricate(:account)
  84.       status.visibility = :direct
  85. 

  86.       expect(subject).to_not permit(viewer, status)
  87.     end
  88.   end
  89. end