1
0

status_policy_spec.rb 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. require 'pundit/rspec'
  4. RSpec.describe StatusPolicy, type: :model do
  5. subject { described_class }
  6. let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
  7. let(:alice) { Fabricate(:account, username: 'alice') }
  8. let(:bob) { Fabricate(:account, username: 'bob') }
  9. let(:status) { Fabricate(:status, account: alice) }
  10. permissions :show?, :reblog? do
  11. it 'grants access when no viewer' do
  12. expect(subject).to permit(nil, status)
  13. end
  14. it 'denies access when viewer is blocked' do
  15. block = Fabricate(:block)
  16. status.visibility = :private
  17. status.account = block.target_account
  18. expect(subject).to_not permit(block.account, status)
  19. end
  20. end
  21. permissions :show? do
  22. it 'grants access when direct and account is viewer' do
  23. status.visibility = :direct
  24. expect(subject).to permit(status.account, status)
  25. end
  26. it 'grants access when direct and viewer is mentioned' do
  27. status.visibility = :direct
  28. status.mentions = [Fabricate(:mention, account: alice)]
  29. expect(subject).to permit(alice, status)
  30. end
  31. it 'denies access when direct and viewer is not mentioned' do
  32. viewer = Fabricate(:account)
  33. status.visibility = :direct
  34. expect(subject).to_not permit(viewer, status)
  35. end
  36. it 'grants access when private and account is viewer' do
  37. status.visibility = :private
  38. expect(subject).to permit(status.account, status)
  39. end
  40. it 'grants access when private and account is following viewer' do
  41. follow = Fabricate(:follow)
  42. status.visibility = :private
  43. status.account = follow.target_account
  44. expect(subject).to permit(follow.account, status)
  45. end
  46. it 'grants access when private and viewer is mentioned' do
  47. status.visibility = :private
  48. status.mentions = [Fabricate(:mention, account: alice)]
  49. expect(subject).to permit(alice, status)
  50. end
  51. it 'denies access when private and viewer is not mentioned or followed' do
  52. viewer = Fabricate(:account)
  53. status.visibility = :private
  54. expect(subject).to_not permit(viewer, status)
  55. end
  56. end
  57. permissions :reblog? do
  58. it 'denies access when private' do
  59. viewer = Fabricate(:account)
  60. status.visibility = :private
  61. expect(subject).to_not permit(viewer, status)
  62. end
  63. it 'denies access when direct' do
  64. viewer = Fabricate(:account)
  65. status.visibility = :direct
  66. expect(subject).to_not permit(viewer, status)
  67. end
  68. end
  69. permissions :destroy?, :unreblog? do
  70. it 'grants access when account is deleter' do
  71. expect(subject).to permit(status.account, status)
  72. end
  73. it 'denies access when account is not deleter' do
  74. expect(subject).to_not permit(bob, status)
  75. end
  76. it 'denies access when no deleter' do
  77. expect(subject).to_not permit(nil, status)
  78. end
  79. end
  80. permissions :favourite? do
  81. it 'grants access when viewer is not blocked' do
  82. follow = Fabricate(:follow)
  83. status.account = follow.target_account
  84. expect(subject).to permit(follow.account, status)
  85. end
  86. it 'denies when viewer is blocked' do
  87. block = Fabricate(:block)
  88. status.account = block.target_account
  89. expect(subject).to_not permit(block.account, status)
  90. end
  91. end
  92. permissions :update? do
  93. it 'grants access if owner' do
  94. expect(subject).to permit(status.account, status)
  95. end
  96. end
  97. end