nekobus
/
mastodon_neko
forked from closed-social/mastodon
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
闭社主体 forked from https://github.com/tootsuite/mastodon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4686 Commits
2 Branches
112 MiB
Tree: 481fac7c84
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '481fac7c84'
${ noResults }
mastodon_neko/spec/policies/status_policy_spec.rb

109 lines
2.9 KiB
Raw Normal View History

Extract authorization policy for viewing statuses (#3150)
7 years ago
Add status destroy authorization to policy (#3453) * Add status destroy authorization to policy * Create explicit unreblog status authorization
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Add status destroy authorization to policy (#3453) * Add status destroy authorization to policy * Create explicit unreblog status authorization
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Move status reblog authorization into policy (#3425)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Fix incorrect visibility setter in StatusPolicySpec (#3456)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Fix incorrect visibility setter in StatusPolicySpec (#3456)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Move status reblog authorization into policy (#3425)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Move status reblog authorization into policy (#3425)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Move status reblog authorization into policy (#3425)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Move status reblog authorization into policy (#3425)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Add status destroy authorization to policy (#3453) * Add status destroy authorization to policy * Create explicit unreblog status authorization
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
 
  1. require 'rails_helper'
  2. require 'pundit/rspec'
  3. 

  4. RSpec.describe StatusPolicy, type: :model do
  5.   subject { described_class }
  6. 

  7.   let(:admin) { Fabricate(:user, admin: true) }
  8.   let(:alice) { Fabricate(:account, username: 'alice') }
  9.   let(:bob) { Fabricate(:account, username: 'bob') }
  10.   let(:status) { Fabricate(:status, account: alice) }
  11. 

  12.   permissions :show?, :reblog? do
  13.     it 'grants access when no viewer' do
  14.       expect(subject).to permit(nil, status)
  15.     end
  16. 

  17.     it 'denies access when viewer is blocked' do
  18.       block = Fabricate(:block)
  19.       status.visibility = :private
  20.       status.account = block.target_account
  21. 

  22.       expect(subject).to_not permit(block.account, status)
  23.     end
  24.   end
  25. 

  26.   permissions :show? do
  27.     it 'grants access when direct and account is viewer' do
  28.       status.visibility = :direct
  29. 

  30.       expect(subject).to permit(status.account, status)
  31.     end
  32. 

  33.     it 'grants access when direct and viewer is mentioned' do
  34.       status.visibility = :direct
  35.       status.mentions = [Fabricate(:mention, account: alice)]
  36. 

  37.       expect(subject).to permit(alice, status)
  38.     end
  39. 

  40.     it 'denies access when direct and viewer is not mentioned' do
  41.       viewer = Fabricate(:account)
  42.       status.visibility = :direct
  43. 

  44.       expect(subject).to_not permit(viewer, status)
  45.     end
  46. 

  47.     it 'grants access when private and account is viewer' do
  48.       status.visibility = :private
  49. 

  50.       expect(subject).to permit(status.account, status)
  51.     end
  52. 

  53.     it 'grants access when private and account is following viewer' do
  54.       follow = Fabricate(:follow)
  55.       status.visibility = :private
  56.       status.account = follow.target_account
  57. 

  58.       expect(subject).to permit(follow.account, status)
  59.     end
  60. 

  61.     it 'grants access when private and viewer is mentioned' do
  62.       status.visibility = :private
  63.       status.mentions = [Fabricate(:mention, account: alice)]
  64. 

  65.       expect(subject).to permit(alice, status)
  66.     end
  67. 

  68.     it 'denies access when private and viewer is not mentioned or followed' do
  69.       viewer = Fabricate(:account)
  70.       status.visibility = :private
  71. 

  72.       expect(subject).to_not permit(viewer, status)
  73.     end
  74.   end
  75. 

  76.   permissions :reblog? do
  77.     it 'denies access when private' do
  78.       viewer = Fabricate(:account)
  79.       status.visibility = :private
  80. 

  81.       expect(subject).to_not permit(viewer, status)
  82.     end
  83. 

  84.     it 'denies access when direct' do
  85.       viewer = Fabricate(:account)
  86.       status.visibility = :direct
  87. 

  88.       expect(subject).to_not permit(viewer, status)
  89.     end
  90.   end
  91. 

  92.   permissions :destroy?, :unreblog? do
  93.     it 'grants access when account is deleter' do
  94.       expect(subject).to permit(status.account, status)
  95.     end
  96. 

  97.     it 'grants access when account is admin' do
  98.       expect(subject).to permit(admin.account, status)
  99.     end
  100. 

  101.     it 'denies access when account is not deleter' do
  102.       expect(subject).to_not permit(bob, status)
  103.     end
  104. 

  105.     it 'denies access when no deleter' do
  106.       expect(subject).to_not permit(nil, status)
  107.     end
  108.   end
  109. end