mirror of
https://git.kescher.at/CatCatNya/catstodon.git
synced 2024-12-12 13:19:03 +01:00
92c06a1113
Conflicts: - `app/controllers/admin/base_controller.rb`: Minor conflict caused by glitch-soc's theming system. - `app/javascript/mastodon/initial_state.js`: Minor conflict caused by glitch-soc making use of max_toot_chars. - `app/models/form/admin_settings.rb`: Minor conflict caused by glitch-soc's theming system. - `app/models/trends.rb`: Minor conflict caused by glitch-soc having more granular notification settings for trends. - `app/views/admin/accounts/index.html.haml`: Minor conflict caused by glitch-soc's theming system. - `app/views/admin/instances/show.html.haml`: Minor conflict caused by glitch-soc's theming system. - `app/views/layouts/application.html.haml`: Minor conflict caused by glitch-soc's theming system. - `app/views/settings/preferences/notifications/show.html.haml`: Minor conflict caused by glitch-soc having more granular notification settings for trends. - `config/navigation.rb`: Minor conflict caused by glitch-soc having additional navigation items for the theming system while upstream slightly changed every line.
163 lines
4.4 KiB
Ruby
163 lines
4.4 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
require 'pundit/rspec'
|
|
|
|
RSpec.describe StatusPolicy, type: :model do
|
|
subject { described_class }
|
|
|
|
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
|
|
let(:alice) { Fabricate(:account, username: 'alice') }
|
|
let(:bob) { Fabricate(:account, username: 'bob') }
|
|
let(:status) { Fabricate(:status, account: alice) }
|
|
|
|
permissions :show?, :reblog? do
|
|
it 'grants access when no viewer' do
|
|
expect(subject).to permit(nil, status)
|
|
end
|
|
|
|
it 'denies access when viewer is blocked' do
|
|
block = Fabricate(:block)
|
|
status.visibility = :private
|
|
status.account = block.target_account
|
|
|
|
expect(subject).to_not permit(block.account, status)
|
|
end
|
|
end
|
|
|
|
permissions :show? do
|
|
it 'grants access when direct and account is viewer' do
|
|
status.visibility = :direct
|
|
|
|
expect(subject).to permit(status.account, status)
|
|
end
|
|
|
|
it 'grants access when direct and viewer is mentioned' do
|
|
status.visibility = :direct
|
|
status.mentions = [Fabricate(:mention, account: alice)]
|
|
|
|
expect(subject).to permit(alice, status)
|
|
end
|
|
|
|
it 'denies access when direct and viewer is not mentioned' do
|
|
viewer = Fabricate(:account)
|
|
status.visibility = :direct
|
|
|
|
expect(subject).to_not permit(viewer, status)
|
|
end
|
|
|
|
it 'grants access when private and account is viewer' do
|
|
status.visibility = :private
|
|
|
|
expect(subject).to permit(status.account, status)
|
|
end
|
|
|
|
it 'grants access when private and account is following viewer' do
|
|
follow = Fabricate(:follow)
|
|
status.visibility = :private
|
|
status.account = follow.target_account
|
|
|
|
expect(subject).to permit(follow.account, status)
|
|
end
|
|
|
|
it 'grants access when private and viewer is mentioned' do
|
|
status.visibility = :private
|
|
status.mentions = [Fabricate(:mention, account: alice)]
|
|
|
|
expect(subject).to permit(alice, status)
|
|
end
|
|
|
|
it 'denies access when private and viewer is not mentioned or followed' do
|
|
viewer = Fabricate(:account)
|
|
status.visibility = :private
|
|
|
|
expect(subject).to_not permit(viewer, status)
|
|
end
|
|
|
|
it 'denies access when local-only and the viewer is not logged in' do
|
|
allow(status).to receive(:local_only?) { true }
|
|
|
|
expect(subject).to_not permit(nil, status)
|
|
end
|
|
|
|
it 'denies access when local-only and the viewer is from another domain' do
|
|
viewer = Fabricate(:account, domain: 'remote-domain')
|
|
allow(status).to receive(:local_only?) { true }
|
|
expect(subject).to_not permit(viewer, status)
|
|
end
|
|
end
|
|
|
|
permissions :reblog? do
|
|
it 'denies access when private' do
|
|
viewer = Fabricate(:account)
|
|
status.visibility = :private
|
|
|
|
expect(subject).to_not permit(viewer, status)
|
|
end
|
|
|
|
it 'denies access when direct' do
|
|
viewer = Fabricate(:account)
|
|
status.visibility = :direct
|
|
|
|
expect(subject).to_not permit(viewer, status)
|
|
end
|
|
end
|
|
|
|
permissions :destroy?, :unreblog? do
|
|
it 'grants access when account is deleter' do
|
|
expect(subject).to permit(status.account, status)
|
|
end
|
|
|
|
it 'grants access when account is admin' do
|
|
expect(subject).to permit(admin.account, status)
|
|
end
|
|
|
|
it 'denies access when account is not deleter' do
|
|
expect(subject).to_not permit(bob, status)
|
|
end
|
|
|
|
it 'denies access when no deleter' do
|
|
expect(subject).to_not permit(nil, status)
|
|
end
|
|
end
|
|
|
|
permissions :favourite? do
|
|
it 'grants access when viewer is not blocked' do
|
|
follow = Fabricate(:follow)
|
|
status.account = follow.target_account
|
|
|
|
expect(subject).to permit(follow.account, status)
|
|
end
|
|
|
|
it 'denies when viewer is blocked' do
|
|
block = Fabricate(:block)
|
|
status.account = block.target_account
|
|
|
|
expect(subject).to_not permit(block.account, status)
|
|
end
|
|
end
|
|
|
|
permissions :index? do
|
|
it 'grants access if staff' do
|
|
expect(subject).to permit(admin.account)
|
|
end
|
|
|
|
it 'denies access unless staff' do
|
|
expect(subject).to_not permit(alice)
|
|
end
|
|
end
|
|
|
|
permissions :update? do
|
|
it 'grants access if staff' do
|
|
expect(subject).to permit(admin.account, status)
|
|
end
|
|
|
|
it 'grants access if owner' do
|
|
expect(subject).to permit(status.account, status)
|
|
end
|
|
|
|
it 'denies access unless staff' do
|
|
expect(subject).to_not permit(bob, status)
|
|
end
|
|
end
|
|
end
|