diff options
| author | Jack Jennings <jack@standard-library.com> | 2017-05-29 09:22:22 -0700 |
|---|---|---|
| committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-05-29 18:22:22 +0200 |
| commit | 3a2003ba863252f305fb32098bcd3f095b10e2ff (patch) | |
| tree | 6ff5f4a1cf6c9d042baca1441409afb9ac46775d /spec/policies | |
| parent | 9a81be0d3715eb846d940794f8b34cbbe4ba67a5 (diff) | |
Extract authorization policy for viewing statuses (#3150)
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/status_policy_spec.rb | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb new file mode 100644 index 00000000000..ee7060b989a --- /dev/null +++ b/spec/policies/status_policy_spec.rb @@ -0,0 +1,70 @@ +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe StatusPolicy, type: :model do + subject { described_class } + + let(:alice) { Fabricate(:account, username: 'alice') } + let(:status) { Fabricate(:status, account: alice) } + + permissions :show? do + it 'grants access when direct and account is viewer' do + status.visibility = :direct + expect(subject).to permit(status.account, status) + end + + it 'grants access when direct and viewer is mentioned' do + status.visibility = :direct + status.mentions = [Fabricate(:mention, account: alice)] + + expect(subject).to permit(alice, status) + end + + it 'denies access when direct and viewer is not mentioned' do + viewer = Fabricate(:account) + status.visibility = :direct + + expect(subject).to_not permit(viewer, status) + end + + it 'grants access when private and account is viewer' do + status.visibility = :direct + + expect(subject).to permit(status.account, status) + end + + it 'grants access when private and account is following viewer' do + follow = Fabricate(:follow) + status.visibility = :private + status.account = follow.target_account + + expect(subject).to permit(follow.account, status) + end + + it 'grants access when private and viewer is mentioned' do + status.visibility = :private + status.mentions = [Fabricate(:mention, account: alice)] + + expect(subject).to permit(alice, status) + end + + it 'denies access when private and viewer is not mentioned or followed' do + viewer = Fabricate(:account) + status.visibility = :private + + expect(subject).to_not permit(viewer, status) + end + + it 'grants access when no viewer' do + expect(subject).to permit(nil, status) + end + + it 'denies access when viewer is blocked' do + block = Fabricate(:block) + status.visibility = :private + status.account = block.target_account + + expect(subject).to_not permit(block.account, status) + end + end +end |