Home Explore Help
Register Sign In
bida
/
bastodon
7
0
Fork 0
Files Issues 9 Pull Requests 0 Wiki
Tree: fe6c055f35
Branches Tags
bastodon
/
spec
/
policies
/
status_policy_spec.rb

status_policy_spec.rb 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149 
  1. # frozen_string_literal: true
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. require 'pundit/rspec'
    5. 

  5. 

  6. RSpec.describe StatusPolicy, type: :model do
    7. 

  7.   subject { described_class }
    8. 

  8. 

  9.   let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
    10. 

  10.   let(:alice) { Fabricate(:account, username: 'alice') }
    11. 

  11.   let(:bob) { Fabricate(:account, username: 'bob') }
    12. 

  12.   let(:status) { Fabricate(:status, account: alice) }
    13. 

  13. 

  14.   context 'with the permissions of show? and reblog?' do
    15. 

  15.     permissions :show?, :reblog? do
    16. 

  16.       it 'grants access when no viewer' do
    17. 

  17.         expect(subject).to permit(nil, status)
    18. 

  18.       end
    19. 

  19. 

  20.       it 'denies access when viewer is blocked' do
    21. 

  21.         block = Fabricate(:block)
    22. 

  22.         status.visibility = :private
    23. 

  23.         status.account = block.target_account
    24. 

  24. 

  25.         expect(subject).to_not permit(block.account, status)
    26. 

  26.       end
    27. 

  27.     end
    28. 

  28.   end
    29. 

  29. 

  30.   context 'with the permission of show?' do
    31. 

  31.     permissions :show? do
    32. 

  32.       it 'grants access when direct and account is viewer' do
    33. 

  33.         status.visibility = :direct
    34. 

  34. 

  35.         expect(subject).to permit(status.account, status)
    36. 

  36.       end
    37. 

  37. 

  38.       it 'grants access when direct and viewer is mentioned' do
    39. 

  39.         status.visibility = :direct
    40. 

  40.         status.mentions = [Fabricate(:mention, account: alice)]
    41. 

  41. 

  42.         expect(subject).to permit(alice, status)
    43. 

  43.       end
    44. 

  44. 

  45.       it 'grants access when direct and non-owner viewer is mentioned and mentions are loaded' do
    46. 

  46.         status.visibility = :direct
    47. 

  47.         status.mentions = [Fabricate(:mention, account: bob)]
    48. 

  48.         status.mentions.load
    49. 

  49. 

  50.         expect(subject).to permit(bob, status)
    51. 

  51.       end
    52. 

  52. 

  53.       it 'denies access when direct and viewer is not mentioned' do
    54. 

  54.         viewer = Fabricate(:account)
    55. 

  55.         status.visibility = :direct
    56. 

  56. 

  57.         expect(subject).to_not permit(viewer, status)
    58. 

  58.       end
    59. 

  59. 

  60.       it 'grants access when private and account is viewer' do
    61. 

  61.         status.visibility = :private
    62. 

  62. 

  63.         expect(subject).to permit(status.account, status)
    64. 

  64.       end
    65. 

  65. 

  66.       it 'grants access when private and account is following viewer' do
    67. 

  67.         follow = Fabricate(:follow)
    68. 

  68.         status.visibility = :private
    69. 

  69.         status.account = follow.target_account
    70. 

  70. 

  71.         expect(subject).to permit(follow.account, status)
    72. 

  72.       end
    73. 

  73. 

  74.       it 'grants access when private and viewer is mentioned' do
    75. 

  75.         status.visibility = :private
    76. 

  76.         status.mentions = [Fabricate(:mention, account: alice)]
    77. 

  77. 

  78.         expect(subject).to permit(alice, status)
    79. 

  79.       end
    80. 

  80. 

  81.       it 'denies access when private and viewer is not mentioned or followed' do
    82. 

  82.         viewer = Fabricate(:account)
    83. 

  83.         status.visibility = :private
    84. 

  84. 

  85.         expect(subject).to_not permit(viewer, status)
    86. 

  86.       end
    87. 

  87.     end
    88. 

  88.   end
    89. 

  89. 

  90.   context 'with the permission of reblog?' do
    91. 

  91.     permissions :reblog? do
    92. 

  92.       it 'denies access when private' do
    93. 

  93.         viewer = Fabricate(:account)
    94. 

  94.         status.visibility = :private
    95. 

  95. 

  96.         expect(subject).to_not permit(viewer, status)
    97. 

  97.       end
    98. 

  98. 

  99.       it 'denies access when direct' do
    100. 

  100.         viewer = Fabricate(:account)
    101. 

  101.         status.visibility = :direct
    102. 

  102. 

  103.         expect(subject).to_not permit(viewer, status)
    104. 

  104.       end
    105. 

  105.     end
    106. 

  106.   end
    107. 

  107. 

  108.   context 'with the permissions of destroy? and unreblog?' do
    109. 

  109.     permissions :destroy?, :unreblog? do
    110. 

  110.       it 'grants access when account is deleter' do
    111. 

  111.         expect(subject).to permit(status.account, status)
    112. 

  112.       end
    113. 

  113. 

  114.       it 'denies access when account is not deleter' do
    115. 

  115.         expect(subject).to_not permit(bob, status)
    116. 

  116.       end
    117. 

  117. 

  118.       it 'denies access when no deleter' do
    119. 

  119.         expect(subject).to_not permit(nil, status)
    120. 

  120.       end
    121. 

  121.     end
    122. 

  122.   end
    123. 

  123. 

  124.   context 'with the permission of favourite?' do
    125. 

  125.     permissions :favourite? do
    126. 

  126.       it 'grants access when viewer is not blocked' do
    127. 

  127.         follow         = Fabricate(:follow)
    128. 

  128.         status.account = follow.target_account
    129. 

  129. 

  130.         expect(subject).to permit(follow.account, status)
    131. 

  131.       end
    132. 

  132. 

  133.       it 'denies when viewer is blocked' do
    134. 

  134.         block          = Fabricate(:block)
    135. 

  135.         status.account = block.target_account
    136. 

  136. 

  137.         expect(subject).to_not permit(block.account, status)
    138. 

  138.       end
    139. 

  139.     end
    140. 

  140.   end
    141. 

  141. 

  142.   context 'with the permission of update?' do
    143. 

  143.     permissions :update? do
    144. 

  144.       it 'grants access if owner' do
    145. 

  145.         expect(subject).to permit(status.account, status)
    146. 

  146.       end
    147. 

  147.     end
    148. 

  148.   end
    149. 

  149. end
    150.