Fix not being able to unbookmark toots when blocked by their author (#14604)

* Fix not being able to unbookmark toots when blocked by their author * Add tests
4 years ago · f6a82cb2cd
--- a/app/controllers/api/v1/statuses/bookmarks_controller.rb
+++ b/app/controllers/api/v1/statuses/bookmarks_controller.rb
@ -5,7 +5,7 @@ class Api::V1::Statuses::BookmarksController < Api::BaseController

  before_action -> { doorkeeper_authorize! :write, :'write:bookmarks' }
  before_action :require_user!
  before_action :set_status
  before_action :set_status, only: [:create]

  def create
    current_account.bookmarks.find_or_create_by!(account: current_account, status: @status)
@ -13,10 +13,20 @@ class Api::V1::Statuses::BookmarksController < Api::BaseController
  end

  def destroy
    bookmark = current_account.bookmarks.find_by(status: @status)
    bookmark = current_account.bookmarks.find_by(status_id: params[:status_id])

    if bookmark
      @status = bookmark.status
    else
      @status = Status.find(params[:status_id])
      authorize @status, :show?
    end

    bookmark&.destroy!

    render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, bookmarks_map: { @status.id => false })
  rescue Mastodon::NotPermittedError
    not_found
  end

  private
--- a/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb
+++ b/spec/controllers/api/v1/statuses/bookmarks_controller_spec.rb
@ -72,6 +72,31 @@ describe Api::V1::Statuses::BookmarksController do
        end
      end

      context 'with public status when blocked by its author' do
        let(:status) { Fabricate(:status) }

        before do
          Bookmark.find_or_create_by!(account: user.account, status: status)
          status.account.block!(user.account)
          post :destroy, params: { status_id: status.id }
        end

        it 'returns http success' do
          expect(response).to have_http_status(200)
        end

        it 'updates the bookmarked attribute' do
          expect(user.account.bookmarked?(status)).to be false
        end

        it 'returns json with updated attributes' do
          hash_body = body_as_json

          expect(hash_body[:id]).to eq status.id.to_s
          expect(hash_body[:bookmarked]).to be false
        end
      end

      context 'with private status that was not bookmarked' do
        let(:status) { Fabricate(:status, visibility: :private) }