closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9754 Commits
4 Branches
567 MiB
Tree: 3134691948
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3134691948'
${ noResults }
mastodon/spec/controllers/statuses_controller_spec.rb

863 lines
24 KiB
Raw Normal View History

More coverage yes more even more (#2627) * Add coverage for admin/confirmations controller * Coverage for statuses controller show action * Add coverage for admin/domain_blocks controller * Add coverage for settings/profiles#update
7 years ago
Fix RSS feeds not being cachable (#14368) * Add tests for some cachable responses This only covers responses that we should have managed to make cachable so far. It's not the case of all responses that should be cachable in the end. * Fix RSS feeds not being cachable
3 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
More coverage yes more even more (#2627) * Add coverage for admin/confirmations controller * Coverage for statuses controller show action * Add coverage for admin/domain_blocks controller * Add coverage for settings/profiles#update
7 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Fetch reblogs as Announce activity instead of Note object (#4672) * Process Create / Announce activity in FetchRemoteStatusService * Use activity URL in ActivityPub for reblogs * Redirect to the original status on StatusesController#show
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Fetch reblogs as Announce activity instead of Note object (#4672) * Process Create / Announce activity in FetchRemoteStatusService * Use activity URL in ActivityPub for reblogs * Redirect to the original status on StatusesController#show
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Fix RSS feeds not being cachable (#14368) * Add tests for some cachable responses This only covers responses that we should have managed to make cachable so far. It's not the case of all responses that should be cachable in the end. * Fix RSS feeds not being cachable
3 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Fetch reblogs as Announce activity instead of Note object (#4672) * Process Create / Announce activity in FetchRemoteStatusService * Use activity URL in ActivityPub for reblogs * Redirect to the original status on StatusesController#show
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Paginate descendant statuses in public page (#7148)
6 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Fix RSS feeds not being cachable (#14368) * Add tests for some cachable responses This only covers responses that we should have managed to make cachable so far. It's not the case of all responses that should be cachable in the end. * Fix RSS feeds not being cachable
3 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Add support for reversible suspensions through ActivityPub (#14989)
3 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Use raw status code on have_http_status (#7214)
6 years ago
Cover StatusesController more (#3259)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Cover StatusesController more (#3259)
7 years ago
More coverage yes more even more (#2627) * Add coverage for admin/confirmations controller * Coverage for statuses controller show action * Add coverage for admin/domain_blocks controller * Add coverage for settings/profiles#update
7 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'rails_helper'
  4. 

  5. describe StatusesController do
  6.   render_views
  7. 

  8.   shared_examples 'cachable response' do
  9.     it 'does not set cookies' do
  10.       expect(response.cookies).to be_empty
  11.       expect(response.headers['Set-Cookies']).to be nil
  12.     end
  13. 

  14.     it 'does not set sessions' do
  15.       expect(session).to be_empty
  16.     end
  17. 

  18.     it 'returns public Cache-Control header' do
  19.       expect(response.headers['Cache-Control']).to include 'public'
  20.     end
  21.   end
  22. 

  23.   describe 'GET #show' do
  24.     let(:account) { Fabricate(:account) }
  25.     let(:status)  { Fabricate(:status, account: account) }
  26. 

  27.     context 'when account is permanently suspended' do
  28.       before do
  29.         account.suspend!
  30.         account.deletion_request.destroy
  31. 

  32.         get :show, params: { account_username: account.username, id: status.id }
  33.       end
  34. 

  35.       it 'returns http gone' do
  36.         expect(response).to have_http_status(410)
  37.       end
  38.     end
  39. 

  40.     context 'when account is temporarily suspended' do
  41.       before do
  42.         account.suspend!
  43. 

  44.         get :show, params: { account_username: account.username, id: status.id }
  45.       end
  46. 

  47.       it 'returns http forbidden' do
  48.         expect(response).to have_http_status(403)
  49.       end
  50.     end
  51. 

  52.     context 'when status is a reblog' do
  53.       let(:original_account) { Fabricate(:account, domain: 'example.com') }
  54.       let(:original_status) { Fabricate(:status, account: original_account, url: 'https://example.com/123') }
  55.       let(:status) { Fabricate(:status, account: account, reblog: original_status) }
  56. 

  57.       before do
  58.         get :show, params: { account_username: status.account.username, id: status.id }
  59.       end
  60. 

  61.       it 'redirects to the original status' do
  62.         expect(response).to redirect_to(original_status.url)
  63.       end
  64.     end
  65. 

  66.     context 'when status is public' do
  67.       before do
  68.         get :show, params: { account_username: status.account.username, id: status.id, format: format }
  69.       end
  70. 

  71.       context 'as HTML' do
  72.         let(:format) { 'html' }
  73. 

  74.         it 'returns http success' do
  75.           expect(response).to have_http_status(200)
  76.         end
  77. 

  78.         it 'returns Link header' do
  79.           expect(response.headers['Link'].to_s).to include 'activity+json'
  80.         end
  81. 

  82.         it 'returns Vary header' do
  83.           expect(response.headers['Vary']).to eq 'Accept'
  84.         end
  85. 

  86.         it 'returns public Cache-Control header' do
  87.           expect(response.headers['Cache-Control']).to include 'public'
  88.         end
  89. 

  90.         it 'renders status' do
  91.           expect(response).to render_template(:show)
  92.           expect(response.body).to include status.text
  93.         end
  94.       end
  95. 

  96.       context 'as JSON' do
  97.         let(:format) { 'json' }
  98. 

  99.         it 'returns http success' do
  100.           expect(response).to have_http_status(200)
  101.         end
  102. 

  103.         it 'returns Link header' do
  104.           expect(response.headers['Link'].to_s).to include 'activity+json'
  105.         end
  106. 

  107.         it 'returns Vary header' do
  108.           expect(response.headers['Vary']).to eq 'Accept'
  109.         end
  110. 

  111.         it_behaves_like 'cachable response'
  112. 

  113.         it 'returns Content-Type header' do
  114.           expect(response.headers['Content-Type']).to include 'application/activity+json'
  115.         end
  116. 

  117.         it 'renders ActivityPub Note object' do
  118.           json = body_as_json
  119.           expect(json[:content]).to include status.text
  120.         end
  121.       end
  122.     end
  123. 

  124.     context 'when status is private' do
  125.       let(:status) { Fabricate(:status, account: account, visibility: :private) }
  126. 

  127.       before do
  128.         get :show, params: { account_username: status.account.username, id: status.id, format: format }
  129.       end
  130. 

  131.       context 'as JSON' do
  132.         let(:format) { 'json' }
  133. 

  134.         it 'returns http not found' do
  135.           expect(response).to have_http_status(404)
  136.         end
  137.       end
  138. 

  139.       context 'as HTML' do
  140.         let(:format) { 'html' }
  141. 

  142.         it 'returns http not found' do
  143.           expect(response).to have_http_status(404)
  144.         end
  145.       end
  146.     end
  147. 

  148.     context 'when status is direct' do
  149.       let(:status) { Fabricate(:status, account: account, visibility: :direct) }
  150. 

  151.       before do
  152.         get :show, params: { account_username: status.account.username, id: status.id, format: format }
  153.       end
  154. 

  155.       context 'as JSON' do
  156.         let(:format) { 'json' }
  157. 

  158.         it 'returns http not found' do
  159.           expect(response).to have_http_status(404)
  160.         end
  161.       end
  162. 

  163.       context 'as HTML' do
  164.         let(:format) { 'html' }
  165. 

  166.         it 'returns http not found' do
  167.           expect(response).to have_http_status(404)
  168.         end
  169.       end
  170.     end
  171. 

  172.     context 'when signed-in' do
  173.       let(:user) { Fabricate(:user) }
  174. 

  175.       before do
  176.         sign_in(user)
  177.       end
  178. 

  179.       context 'when account blocks user' do
  180.         before do
  181.           account.block!(user.account)
  182.           get :show, params: { account_username: status.account.username, id: status.id }
  183.         end
  184. 

  185.         it 'returns http not found' do
  186.           expect(response).to have_http_status(404)
  187.         end
  188.       end
  189. 

  190.       context 'when status is public' do
  191.         before do
  192.           get :show, params: { account_username: status.account.username, id: status.id, format: format }
  193.         end
  194. 

  195.         context 'as HTML' do
  196.           let(:format) { 'html' }
  197. 

  198.           it 'returns http success' do
  199.             expect(response).to have_http_status(200)
  200.           end
  201. 

  202.           it 'returns Link header' do
  203.             expect(response.headers['Link'].to_s).to include 'activity+json'
  204.           end
  205. 

  206.           it 'returns Vary header' do
  207.             expect(response.headers['Vary']).to eq 'Accept'
  208.           end
  209. 

  210.           it 'returns no Cache-Control header' do
  211.             expect(response.headers).to_not include 'Cache-Control'
  212.           end
  213. 

  214.           it 'renders status' do
  215.             expect(response).to render_template(:show)
  216.             expect(response.body).to include status.text
  217.           end
  218.         end
  219. 

  220.         context 'as JSON' do
  221.           let(:format) { 'json' }
  222. 

  223.           it 'returns http success' do
  224.             expect(response).to have_http_status(200)
  225.           end
  226. 

  227.           it 'returns Link header' do
  228.             expect(response.headers['Link'].to_s).to include 'activity+json'
  229.           end
  230. 

  231.           it 'returns Vary header' do
  232.             expect(response.headers['Vary']).to eq 'Accept'
  233.           end
  234. 

  235.           it 'returns public Cache-Control header' do
  236.             expect(response.headers['Cache-Control']).to include 'public'
  237.           end
  238. 

  239.           it 'returns Content-Type header' do
  240.             expect(response.headers['Content-Type']).to include 'application/activity+json'
  241.           end
  242. 

  243.           it 'renders ActivityPub Note object' do
  244.             json = body_as_json
  245.             expect(json[:content]).to include status.text
  246.           end
  247.         end
  248.       end
  249. 

  250.       context 'when status is private' do
  251.         let(:status) { Fabricate(:status, account: account, visibility: :private) }
  252. 

  253.         context 'when user is authorized to see it' do
  254.           before do
  255.             user.account.follow!(account)
  256.             get :show, params: { account_username: status.account.username, id: status.id, format: format }
  257.           end
  258. 

  259.           context 'as HTML' do
  260.             let(:format) { 'html' }
  261. 

  262.             it 'returns http success' do
  263.               expect(response).to have_http_status(200)
  264.             end
  265. 

  266.             it 'returns Link header' do
  267.               expect(response.headers['Link'].to_s).to include 'activity+json'
  268.             end
  269. 

  270.             it 'returns Vary header' do
  271.               expect(response.headers['Vary']).to eq 'Accept'
  272.             end
  273. 

  274.             it 'returns no Cache-Control header' do
  275.               expect(response.headers).to_not include 'Cache-Control'
  276.             end
  277. 

  278.             it 'renders status' do
  279.               expect(response).to render_template(:show)
  280.               expect(response.body).to include status.text
  281.             end
  282.           end
  283. 

  284.           context 'as JSON' do
  285.             let(:format) { 'json' }
  286. 

  287.             it 'returns http success' do
  288.               expect(response).to have_http_status(200)
  289.             end
  290. 

  291.             it 'returns Link header' do
  292.               expect(response.headers['Link'].to_s).to include 'activity+json'
  293.             end
  294. 

  295.             it 'returns Vary header' do
  296.               expect(response.headers['Vary']).to eq 'Accept'
  297.             end
  298. 

  299.             it 'returns private Cache-Control header' do
  300.               expect(response.headers['Cache-Control']).to include 'private'
  301.             end
  302. 

  303.             it 'returns Content-Type header' do
  304.               expect(response.headers['Content-Type']).to include 'application/activity+json'
  305.             end
  306. 

  307.             it 'renders ActivityPub Note object' do
  308.               json = body_as_json
  309.               expect(json[:content]).to include status.text
  310.             end
  311.           end
  312.         end
  313. 

  314.         context 'when user is not authorized to see it' do
  315.           before do
  316.             get :show, params: { account_username: status.account.username, id: status.id, format: format }
  317.           end
  318. 

  319.           context 'as JSON' do
  320.             let(:format) { 'json' }
  321. 

  322.             it 'returns http not found' do
  323.               expect(response).to have_http_status(404)
  324.             end
  325.           end
  326. 

  327.           context 'as HTML' do
  328.             let(:format) { 'html' }
  329. 

  330.             it 'returns http not found' do
  331.               expect(response).to have_http_status(404)
  332.             end
  333.           end
  334.         end
  335.       end
  336. 

  337.       context 'when status is direct' do
  338.         let(:status) { Fabricate(:status, account: account, visibility: :direct) }
  339. 

  340.         context 'when user is authorized to see it' do
  341.           before do
  342.             Fabricate(:mention, account: user.account, status: status)
  343.             get :show, params: { account_username: status.account.username, id: status.id, format: format }
  344.           end
  345. 

  346.           context 'as HTML' do
  347.             let(:format) { 'html' }
  348. 

  349.             it 'returns http success' do
  350.               expect(response).to have_http_status(200)
  351.             end
  352. 

  353.             it 'returns Link header' do
  354.               expect(response.headers['Link'].to_s).to include 'activity+json'
  355.             end
  356. 

  357.             it 'returns Vary header' do
  358.               expect(response.headers['Vary']).to eq 'Accept'
  359.             end
  360. 

  361.             it 'returns no Cache-Control header' do
  362.               expect(response.headers).to_not include 'Cache-Control'
  363.             end
  364. 

  365.             it 'renders status' do
  366.               expect(response).to render_template(:show)
  367.               expect(response.body).to include status.text
  368.             end
  369.           end
  370. 

  371.           context 'as JSON' do
  372.             let(:format) { 'json' }
  373. 

  374.             it 'returns http success' do
  375.               expect(response).to have_http_status(200)
  376.             end
  377. 

  378.             it 'returns Link header' do
  379.               expect(response.headers['Link'].to_s).to include 'activity+json'
  380.             end
  381. 

  382.             it 'returns Vary header' do
  383.               expect(response.headers['Vary']).to eq 'Accept'
  384.             end
  385. 

  386.             it 'returns private Cache-Control header' do
  387.               expect(response.headers['Cache-Control']).to include 'private'
  388.             end
  389. 

  390.             it 'returns Content-Type header' do
  391.               expect(response.headers['Content-Type']).to include 'application/activity+json'
  392.             end
  393. 

  394.             it 'renders ActivityPub Note object' do
  395.               json = body_as_json
  396.               expect(json[:content]).to include status.text
  397.             end
  398.           end
  399.         end
  400. 

  401.         context 'when user is not authorized to see it' do
  402.           before do
  403.             get :show, params: { account_username: status.account.username, id: status.id, format: format }
  404.           end
  405. 

  406.           context 'as JSON' do
  407.             let(:format) { 'json' }
  408. 

  409.             it 'returns http not found' do
  410.               expect(response).to have_http_status(404)
  411.             end
  412.           end
  413. 

  414.           context 'as HTML' do
  415.             let(:format) { 'html' }
  416. 

  417.             it 'returns http not found' do
  418.               expect(response).to have_http_status(404)
  419.             end
  420.           end
  421.         end
  422.       end
  423.     end
  424. 

  425.     context 'with signature' do
  426.       let(:remote_account) { Fabricate(:account, domain: 'example.com') }
  427. 

  428.       before do
  429.         allow(controller).to receive(:signed_request_account).and_return(remote_account)
  430.       end
  431. 

  432.       context 'when account blocks account' do
  433.         before do
  434.           account.block!(remote_account)
  435.           get :show, params: { account_username: status.account.username, id: status.id }
  436.         end
  437. 

  438.         it 'returns http not found' do
  439.           expect(response).to have_http_status(404)
  440.         end
  441.       end
  442. 

  443.       context 'when account domain blocks account' do
  444.         before do
  445.           account.block_domain!(remote_account.domain)
  446.           get :show, params: { account_username: status.account.username, id: status.id }
  447.         end
  448. 

  449.         it 'returns http not found' do
  450.           expect(response).to have_http_status(404)
  451.         end
  452.       end
  453. 

  454.       context 'when status is public' do
  455.         before do
  456.           get :show, params: { account_username: status.account.username, id: status.id, format: format }
  457.         end
  458. 

  459.         context 'as HTML' do
  460.           let(:format) { 'html' }
  461. 

  462.           it 'returns http success' do
  463.             expect(response).to have_http_status(200)
  464.           end
  465. 

  466.           it 'returns Link header' do
  467.             expect(response.headers['Link'].to_s).to include 'activity+json'
  468.           end
  469. 

  470.           it 'returns Vary header' do
  471.             expect(response.headers['Vary']).to eq 'Accept'
  472.           end
  473. 

  474.           it 'returns no Cache-Control header' do
  475.             expect(response.headers).to_not include 'Cache-Control'
  476.           end
  477. 

  478.           it 'renders status' do
  479.             expect(response).to render_template(:show)
  480.             expect(response.body).to include status.text
  481.           end
  482.         end
  483. 

  484.         context 'as JSON' do
  485.           let(:format) { 'json' }
  486. 

  487.           it 'returns http success' do
  488.             expect(response).to have_http_status(200)
  489.           end
  490. 

  491.           it 'returns Link header' do
  492.             expect(response.headers['Link'].to_s).to include 'activity+json'
  493.           end
  494. 

  495.           it 'returns Vary header' do
  496.             expect(response.headers['Vary']).to eq 'Accept'
  497.           end
  498. 

  499.           it_behaves_like 'cachable response'
  500. 

  501.           it 'returns Content-Type header' do
  502.             expect(response.headers['Content-Type']).to include 'application/activity+json'
  503.           end
  504. 

  505.           it 'renders ActivityPub Note object' do
  506.             json = body_as_json
  507.             expect(json[:content]).to include status.text
  508.           end
  509.         end
  510.       end
  511. 

  512.       context 'when status is private' do
  513.         let(:status) { Fabricate(:status, account: account, visibility: :private) }
  514. 

  515.         context 'when user is authorized to see it' do
  516.           before do
  517.             remote_account.follow!(account)
  518.             get :show, params: { account_username: status.account.username, id: status.id, format: format }
  519.           end
  520. 

  521.           context 'as HTML' do
  522.             let(:format) { 'html' }
  523. 

  524.             it 'returns http success' do
  525.               expect(response).to have_http_status(200)
  526.             end
  527. 

  528.             it 'returns Link header' do
  529.               expect(response.headers['Link'].to_s).to include 'activity+json'
  530.             end
  531. 

  532.             it 'returns Vary header' do
  533.               expect(response.headers['Vary']).to eq 'Accept'
  534.             end
  535. 

  536.             it 'returns no Cache-Control header' do
  537.               expect(response.headers).to_not include 'Cache-Control'
  538.             end
  539. 

  540.             it 'renders status' do
  541.               expect(response).to render_template(:show)
  542.               expect(response.body).to include status.text
  543.             end
  544.           end
  545. 

  546.           context 'as JSON' do
  547.             let(:format) { 'json' }
  548. 

  549.             it 'returns http success' do
  550.               expect(response).to have_http_status(200)
  551.             end
  552. 

  553.             it 'returns Link header' do
  554.               expect(response.headers['Link'].to_s).to include 'activity+json'
  555.             end
  556. 

  557.             it 'returns Vary header' do
  558.               expect(response.headers['Vary']).to eq 'Accept'
  559.             end
  560. 

  561.             it 'returns private Cache-Control header' do
  562.               expect(response.headers['Cache-Control']).to include 'private'
  563.             end
  564. 

  565.             it 'returns Content-Type header' do
  566.               expect(response.headers['Content-Type']).to include 'application/activity+json'
  567.             end
  568. 

  569.             it 'renders ActivityPub Note object' do
  570.               json = body_as_json
  571.               expect(json[:content]).to include status.text
  572.             end
  573.           end
  574.         end
  575. 

  576.         context 'when user is not authorized to see it' do
  577.           before do
  578.             get :show, params: { account_username: status.account.username, id: status.id, format: format }
  579.           end
  580. 

  581.           context 'as JSON' do
  582.             let(:format) { 'json' }
  583. 

  584.             it 'returns http not found' do
  585.               expect(response).to have_http_status(404)
  586.             end
  587.           end
  588. 

  589.           context 'as HTML' do
  590.             let(:format) { 'html' }
  591. 

  592.             it 'returns http not found' do
  593.               expect(response).to have_http_status(404)
  594.             end
  595.           end
  596.         end
  597.       end
  598. 

  599.       context 'when status is direct' do
  600.         let(:status) { Fabricate(:status, account: account, visibility: :direct) }
  601. 

  602.         context 'when user is authorized to see it' do
  603.           before do
  604.             Fabricate(:mention, account: remote_account, status: status)
  605.             get :show, params: { account_username: status.account.username, id: status.id, format: format }
  606.           end
  607. 

  608.           context 'as HTML' do
  609.             let(:format) { 'html' }
  610. 

  611.             it 'returns http success' do
  612.               expect(response).to have_http_status(200)
  613.             end
  614. 

  615.             it 'returns Link header' do
  616.               expect(response.headers['Link'].to_s).to include 'activity+json'
  617.             end
  618. 

  619.             it 'returns Vary header' do
  620.               expect(response.headers['Vary']).to eq 'Accept'
  621.             end
  622. 

  623.             it 'returns no Cache-Control header' do
  624.               expect(response.headers).to_not include 'Cache-Control'
  625.             end
  626. 

  627.             it 'renders status' do
  628.               expect(response).to render_template(:show)
  629.               expect(response.body).to include status.text
  630.             end
  631.           end
  632. 

  633.           context 'as JSON' do
  634.             let(:format) { 'json' }
  635. 

  636.             it 'returns http success' do
  637.               expect(response).to have_http_status(200)
  638.             end
  639. 

  640.             it 'returns Link header' do
  641.               expect(response.headers['Link'].to_s).to include 'activity+json'
  642.             end
  643. 

  644.             it 'returns Vary header' do
  645.               expect(response.headers['Vary']).to eq 'Accept'
  646.             end
  647. 

  648.             it 'returns private Cache-Control header' do
  649.               expect(response.headers['Cache-Control']).to include 'private'
  650.             end
  651. 

  652.             it 'returns Content-Type header' do
  653.               expect(response.headers['Content-Type']).to include 'application/activity+json'
  654.             end
  655. 

  656.             it 'renders ActivityPub Note object' do
  657.               json = body_as_json
  658.               expect(json[:content]).to include status.text
  659.             end
  660.           end
  661.         end
  662. 

  663.         context 'when user is not authorized to see it' do
  664.           before do
  665.             get :show, params: { account_username: status.account.username, id: status.id, format: format }
  666.           end
  667. 

  668.           context 'as JSON' do
  669.             let(:format) { 'json' }
  670. 

  671.             it 'returns http not found' do
  672.               expect(response).to have_http_status(404)
  673.             end
  674.           end
  675. 

  676.           context 'as HTML' do
  677.             let(:format) { 'html' }
  678. 

  679.             it 'returns http not found' do
  680.               expect(response).to have_http_status(404)
  681.             end
  682.           end
  683.         end
  684.       end
  685.     end
  686.   end
  687. 

  688.   describe 'GET #activity' do
  689.     let(:account) { Fabricate(:account) }
  690.     let(:status)  { Fabricate(:status, account: account) }
  691. 

  692.     context 'when account is permanently suspended' do
  693.       before do
  694.         account.suspend!
  695.         account.deletion_request.destroy
  696. 

  697.         get :activity, params: { account_username: account.username, id: status.id }
  698.       end
  699. 

  700.       it 'returns http gone' do
  701.         expect(response).to have_http_status(410)
  702.       end
  703.     end
  704. 

  705.     context 'when account is temporarily suspended' do
  706.       before do
  707.         account.suspend!
  708. 

  709.         get :activity, params: { account_username: account.username, id: status.id }
  710.       end
  711. 

  712.       it 'returns http forbidden' do
  713.         expect(response).to have_http_status(403)
  714.       end
  715.     end
  716. 

  717.     context 'when status is public' do
  718.       pending
  719.     end
  720. 

  721.     context 'when status is private' do
  722.       pending
  723.     end
  724. 

  725.     context 'when status is direct' do
  726.       pending
  727.     end
  728. 

  729.     context 'when signed-in' do
  730.       context 'when status is public' do
  731.         pending
  732.       end
  733. 

  734.       context 'when status is private' do
  735.         context 'when user is authorized to see it' do
  736.           pending
  737.         end
  738. 

  739.         context 'when user is not authorized to see it' do
  740.           pending
  741.         end
  742.       end
  743. 

  744.       context 'when status is direct' do
  745.         context 'when user is authorized to see it' do
  746.           pending
  747.         end
  748. 

  749.         context 'when user is not authorized to see it' do
  750.           pending
  751.         end
  752.       end
  753.     end
  754. 

  755.     context 'with signature' do
  756.       context 'when status is public' do
  757.         pending
  758.       end
  759. 

  760.       context 'when status is private' do
  761.         context 'when user is authorized to see it' do
  762.           pending
  763.         end
  764. 

  765.         context 'when user is not authorized to see it' do
  766.           pending
  767.         end
  768.       end
  769. 

  770.       context 'when status is direct' do
  771.         context 'when user is authorized to see it' do
  772.           pending
  773.         end
  774. 

  775.         context 'when user is not authorized to see it' do
  776.           pending
  777.         end
  778.       end
  779.     end
  780.   end
  781. 

  782.   describe 'GET #embed' do
  783.     let(:account) { Fabricate(:account) }
  784.     let(:status)  { Fabricate(:status, account: account) }
  785. 

  786.     context 'when account is suspended' do
  787.       let(:account) { Fabricate(:account, suspended: true) }
  788. 

  789.       before do
  790.         get :embed, params: { account_username: account.username, id: status.id }
  791.       end
  792. 

  793.       it 'returns http gone' do
  794.         expect(response).to have_http_status(410)
  795.       end
  796.     end
  797. 

  798.     context 'when status is a reblog' do
  799.       let(:original_account) { Fabricate(:account, domain: 'example.com') }
  800.       let(:original_status) { Fabricate(:status, account: original_account, url: 'https://example.com/123') }
  801.       let(:status) { Fabricate(:status, account: account, reblog: original_status) }
  802. 

  803.       before do
  804.         get :embed, params: { account_username: status.account.username, id: status.id }
  805.       end
  806. 

  807.       it 'returns http not found' do
  808.         expect(response).to have_http_status(404)
  809.       end
  810.     end
  811. 

  812.     context 'when status is public' do
  813.       before do
  814.         get :embed, params: { account_username: status.account.username, id: status.id }
  815.       end
  816. 

  817.       it 'returns http success' do
  818.         expect(response).to have_http_status(200)
  819.       end
  820. 

  821.       it 'returns Link header' do
  822.         expect(response.headers['Link'].to_s).to include 'activity+json'
  823.       end
  824. 

  825.       it 'returns Vary header' do
  826.         expect(response.headers['Vary']).to eq 'Accept'
  827.       end
  828. 

  829.       it 'returns public Cache-Control header' do
  830.         expect(response.headers['Cache-Control']).to include 'public'
  831.       end
  832. 

  833.       it 'renders status' do
  834.         expect(response).to render_template(:embed)
  835.         expect(response.body).to include status.text
  836.       end
  837.     end
  838. 

  839.     context 'when status is private' do
  840.       let(:status) { Fabricate(:status, account: account, visibility: :private) }
  841. 

  842.       before do
  843.         get :embed, params: { account_username: status.account.username, id: status.id }
  844.       end
  845. 

  846.       it 'returns http not found' do
  847.         expect(response).to have_http_status(404)
  848.       end
  849.     end
  850. 

  851.     context 'when status is direct' do
  852.       let(:status) { Fabricate(:status, account: account, visibility: :direct) }
  853. 

  854.       before do
  855.         get :embed, params: { account_username: status.account.username, id: status.id }
  856.       end
  857. 

  858.       it 'returns http not found' do
  859.         expect(response).to have_http_status(404)
  860.       end
  861.     end
  862.   end
  863. end