diff options
author | Thibaut Girka <thib@sitedethib.com> | 2018-07-31 14:57:41 +0200 |
---|---|---|
committer | ThibG <thib@sitedethib.com> | 2018-07-31 15:41:04 +0200 |
commit | 9f2945ef80d1984271071e43c9948722d3bcafa3 (patch) | |
tree | 91d00676b7d8be9ad0f8b4778122165617c21f9c | |
parent | 9d09c7cc68bdbf5f073251b0ced06580f74a75a7 (diff) |
Add test to disallow remote users from fetching local-only toots
-rw-r--r-- | spec/policies/status_policy_spec.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb index a90e22aad..837fa9cee 100644 --- a/spec/policies/status_policy_spec.rb +++ b/spec/policies/status_policy_spec.rb @@ -77,6 +77,12 @@ RSpec.describe StatusPolicy, type: :model do expect(subject).to_not permit(nil, status) end + + it 'denies access when local-only and the viewer is from another domain' do + viewer = Fabricate(:account, domain: 'remote-domain') + allow(status).to receive(:local_only?) { true } + expect(subject).to_not permit(viewer, status) + end end permissions :reblog? do |