about summary refs log tree commit diff
path: root/spec/policies
diff options
context:
space:
mode:
authorJack Jennings <jack@standard-library.com>2017-05-29 09:22:22 -0700
committerEugen Rochko <eugen@zeonfederated.com>2017-05-29 18:22:22 +0200
commit3a2003ba863252f305fb32098bcd3f095b10e2ff (patch)
tree6ff5f4a1cf6c9d042baca1441409afb9ac46775d /spec/policies
parent9a81be0d3715eb846d940794f8b34cbbe4ba67a5 (diff)
Extract authorization policy for viewing statuses (#3150)
Diffstat (limited to 'spec/policies')
-rw-r--r--spec/policies/status_policy_spec.rb70
1 files changed, 70 insertions, 0 deletions
diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb
new file mode 100644
index 000000000..ee7060b98
--- /dev/null
+++ b/spec/policies/status_policy_spec.rb
@@ -0,0 +1,70 @@
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe StatusPolicy, type: :model do
+  subject { described_class }
+
+  let(:alice) { Fabricate(:account, username: 'alice') }
+  let(:status) { Fabricate(:status, account: alice) }
+
+  permissions :show? do
+    it 'grants access when direct and account is viewer' do
+      status.visibility = :direct
+      expect(subject).to permit(status.account, status)
+    end
+
+    it 'grants access when direct and viewer is mentioned' do
+      status.visibility = :direct
+      status.mentions = [Fabricate(:mention, account: alice)]
+
+      expect(subject).to permit(alice, status)
+    end
+
+    it 'denies access when direct and viewer is not mentioned' do
+      viewer = Fabricate(:account)
+      status.visibility = :direct
+
+      expect(subject).to_not permit(viewer, status)
+    end
+
+    it 'grants access when private and account is viewer' do
+      status.visibility = :direct
+
+      expect(subject).to permit(status.account, status)
+    end
+
+    it 'grants access when private and account is following viewer' do
+      follow = Fabricate(:follow)
+      status.visibility = :private
+      status.account = follow.target_account
+
+      expect(subject).to permit(follow.account, status)
+    end
+
+    it 'grants access when private and viewer is mentioned' do
+      status.visibility = :private
+      status.mentions = [Fabricate(:mention, account: alice)]
+
+      expect(subject).to permit(alice, status)
+    end
+
+    it 'denies access when private and viewer is not mentioned or followed' do
+      viewer = Fabricate(:account)
+      status.visibility = :private
+
+      expect(subject).to_not permit(viewer, status)
+    end
+
+    it 'grants access when no viewer' do
+      expect(subject).to permit(nil, status)
+    end
+
+    it 'denies access when viewer is blocked' do
+      block = Fabricate(:block)
+      status.visibility = :private
+      status.account = block.target_account
+
+      expect(subject).to_not permit(block.account, status)
+    end
+  end
+end