about summary refs log tree commit diff
path: root/spec/services
diff options
context:
space:
mode:
authorThibG <thib@sitedethib.com>2019-01-26 23:59:39 +0100
committerEugen Rochko <eugen@zeonfederated.com>2019-01-26 23:59:39 +0100
commite2a5be6e9a070792fa72711c812f75bc61990052 (patch)
tree33c09bbacbfd1499cb03f40d14ec974aff7ec42f /spec/services
parent9519d55332a1f22891e5ad8a1de1d2ba027bafc7 (diff)
Prevent posting toots with media attachments from someone else (#9921)
Diffstat (limited to 'spec/services')
-rw-r--r--spec/services/post_status_service_spec.rb15
1 files changed, 14 insertions, 1 deletions
diff --git a/spec/services/post_status_service_spec.rb b/spec/services/post_status_service_spec.rb
index 680cebbcf..facbe977f 100644
--- a/spec/services/post_status_service_spec.rb
+++ b/spec/services/post_status_service_spec.rb
@@ -167,7 +167,7 @@ RSpec.describe PostStatusService, type: :service do
 
   it 'attaches the given media to the created status' do
     account = Fabricate(:account)
-    media = Fabricate(:media_attachment)
+    media = Fabricate(:media_attachment, account: account)
 
     status = subject.call(
       account,
@@ -178,6 +178,19 @@ RSpec.describe PostStatusService, type: :service do
     expect(media.reload.status).to eq status
   end
 
+  it 'does not attach media from another account to the created status' do
+    account = Fabricate(:account)
+    media = Fabricate(:media_attachment, account: Fabricate(:account))
+
+    status = subject.call(
+      account,
+      text: "test status update",
+      media_ids: [media.id],
+    )
+
+    expect(media.reload.status).to eq nil
+  end
+
   it 'does not allow attaching more than 4 files' do
     account = Fabricate(:account)