1
0

status_policy_spec.rb 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. RSpec.describe StatusPolicy, type: :model do
  4. subject { described_class }
  5. let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
  6. let(:alice) { Fabricate(:account, username: 'alice') }
  7. let(:bob) { Fabricate(:account, username: 'bob') }
  8. let(:status) { Fabricate(:status, account: alice) }
  9. context 'with the permissions of show? and reblog?' do
  10. permissions :show?, :reblog? do
  11. it 'grants access when no viewer' do
  12. expect(subject).to permit(nil, status)
  13. end
  14. it 'denies access when viewer is blocked' do
  15. block = Fabricate(:block)
  16. status.visibility = :private
  17. status.account = block.target_account
  18. expect(subject).to_not permit(block.account, status)
  19. end
  20. end
  21. end
  22. context 'with the permission of show?' do
  23. permissions :show? do
  24. it 'grants access when direct and account is viewer' do
  25. status.visibility = :direct
  26. expect(subject).to permit(status.account, status)
  27. end
  28. it 'grants access when direct and viewer is mentioned' do
  29. status.visibility = :direct
  30. status.mentions = [Fabricate(:mention, account: alice)]
  31. expect(subject).to permit(alice, status)
  32. end
  33. it 'grants access when direct and non-owner viewer is mentioned and mentions are loaded' do
  34. status.visibility = :direct
  35. status.mentions = [Fabricate(:mention, account: bob)]
  36. status.mentions.load
  37. expect(subject).to permit(bob, status)
  38. end
  39. it 'denies access when direct and viewer is not mentioned' do
  40. viewer = Fabricate(:account)
  41. status.visibility = :direct
  42. expect(subject).to_not permit(viewer, status)
  43. end
  44. it 'grants access when private and account is viewer' do
  45. status.visibility = :private
  46. expect(subject).to permit(status.account, status)
  47. end
  48. it 'grants access when private and account is following viewer' do
  49. follow = Fabricate(:follow)
  50. status.visibility = :private
  51. status.account = follow.target_account
  52. expect(subject).to permit(follow.account, status)
  53. end
  54. it 'grants access when private and viewer is mentioned' do
  55. status.visibility = :private
  56. status.mentions = [Fabricate(:mention, account: alice)]
  57. expect(subject).to permit(alice, status)
  58. end
  59. it 'denies access when private and viewer is not mentioned or followed' do
  60. viewer = Fabricate(:account)
  61. status.visibility = :private
  62. expect(subject).to_not permit(viewer, status)
  63. end
  64. end
  65. end
  66. context 'with the permission of reblog?' do
  67. permissions :reblog? do
  68. it 'denies access when private' do
  69. viewer = Fabricate(:account)
  70. status.visibility = :private
  71. expect(subject).to_not permit(viewer, status)
  72. end
  73. it 'denies access when direct' do
  74. viewer = Fabricate(:account)
  75. status.visibility = :direct
  76. expect(subject).to_not permit(viewer, status)
  77. end
  78. end
  79. end
  80. context 'with the permissions of destroy? and unreblog?' do
  81. permissions :destroy?, :unreblog? do
  82. it 'grants access when account is deleter' do
  83. expect(subject).to permit(status.account, status)
  84. end
  85. it 'denies access when account is not deleter' do
  86. expect(subject).to_not permit(bob, status)
  87. end
  88. it 'denies access when no deleter' do
  89. expect(subject).to_not permit(nil, status)
  90. end
  91. end
  92. end
  93. context 'with the permission of favourite?' do
  94. permissions :favourite? do
  95. it 'grants access when viewer is not blocked' do
  96. follow = Fabricate(:follow)
  97. status.account = follow.target_account
  98. expect(subject).to permit(follow.account, status)
  99. end
  100. it 'denies when viewer is blocked' do
  101. block = Fabricate(:block)
  102. status.account = block.target_account
  103. expect(subject).to_not permit(block.account, status)
  104. end
  105. end
  106. end
  107. context 'with the permission of update?' do
  108. permissions :update? do
  109. it 'grants access if owner' do
  110. expect(subject).to permit(status.account, status)
  111. end
  112. end
  113. end
  114. end