about summary refs log tree commit diff
path: root/spec
diff options
context:
space:
mode:
authorJack Jennings <jack@standard-library.com>2017-05-29 09:22:22 -0700
committerEugen Rochko <eugen@zeonfederated.com>2017-05-29 18:22:22 +0200
commit3a2003ba863252f305fb32098bcd3f095b10e2ff (patch)
tree6ff5f4a1cf6c9d042baca1441409afb9ac46775d /spec
parent9a81be0d3715eb846d940794f8b34cbbe4ba67a5 (diff)
Extract authorization policy for viewing statuses (#3150)
Diffstat (limited to 'spec')
-rw-r--r--spec/controllers/media_controller_spec.rb2
-rw-r--r--spec/models/status_spec.rb60
-rw-r--r--spec/policies/status_policy_spec.rb70
3 files changed, 71 insertions, 61 deletions
diff --git a/spec/controllers/media_controller_spec.rb b/spec/controllers/media_controller_spec.rb
index 2541df734..5b03899e4 100644
--- a/spec/controllers/media_controller_spec.rb
+++ b/spec/controllers/media_controller_spec.rb
@@ -30,7 +30,7 @@ describe MediaController do
     it 'raises when not permitted to view' do
       status = Fabricate(:status)
       media_attachment = Fabricate(:media_attachment, status: status)
-      allow_any_instance_of(Status).to receive(:permitted?).and_return(false)
+      allow_any_instance_of(MediaController).to receive(:authorize).and_raise(ActiveRecord::RecordNotFound)
       get :show, params: { id: media_attachment.to_param }
 
       expect(response).to have_http_status(:missing)
diff --git a/spec/models/status_spec.rb b/spec/models/status_spec.rb
index d3a66134b..ec07e6156 100644
--- a/spec/models/status_spec.rb
+++ b/spec/models/status_spec.rb
@@ -119,66 +119,6 @@ RSpec.describe Status, type: :model do
     end
   end
 
-  describe '#permitted?' do
-    it 'returns true when direct and account is viewer' do
-      subject.visibility = :direct
-      expect(subject.permitted?(subject.account)).to be true
-    end
-
-    it 'returns true when direct and viewer is mentioned' do
-      subject.visibility = :direct
-      subject.mentions = [Fabricate(:mention, account: alice)]
-
-      expect(subject.permitted?(alice)).to be true
-    end
-
-    it 'returns false when direct and viewer is not mentioned' do
-      viewer = Fabricate(:account)
-      subject.visibility = :direct
-
-      expect(subject.permitted?(viewer)).to be false
-    end
-
-    it 'returns true when private and account is viewer' do
-      subject.visibility = :direct
-      expect(subject.permitted?(subject.account)).to be true
-    end
-
-    it 'returns true when private and account is following viewer' do
-      follow = Fabricate(:follow)
-      subject.visibility = :private
-      subject.account = follow.target_account
-
-      expect(subject.permitted?(follow.account)).to be true
-    end
-
-    it 'returns true when private and viewer is mentioned' do
-      subject.visibility = :private
-      subject.mentions = [Fabricate(:mention, account: alice)]
-
-      expect(subject.permitted?(alice)).to be true
-    end
-
-    it 'returns false when private and viewer is not mentioned or followed' do
-      viewer = Fabricate(:account)
-      subject.visibility = :private
-
-      expect(subject.permitted?(viewer)).to be false
-    end
-
-    it 'returns true when no viewer' do
-      expect(subject.permitted?).to be true
-    end
-
-    it 'returns false when viewer is blocked' do
-      block = Fabricate(:block)
-      subject.visibility = :private
-      subject.account = block.target_account
-
-      expect(subject.permitted?(block.account)).to be false
-    end
-  end
-
   describe '#ancestors' do
     let!(:alice)  { Fabricate(:account, username: 'alice') }
     let!(:bob)    { Fabricate(:account, username: 'bob', domain: 'example.com') }
diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb
new file mode 100644
index 000000000..ee7060b98
--- /dev/null
+++ b/spec/policies/status_policy_spec.rb
@@ -0,0 +1,70 @@
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe StatusPolicy, type: :model do
+  subject { described_class }
+
+  let(:alice) { Fabricate(:account, username: 'alice') }
+  let(:status) { Fabricate(:status, account: alice) }
+
+  permissions :show? do
+    it 'grants access when direct and account is viewer' do
+      status.visibility = :direct
+      expect(subject).to permit(status.account, status)
+    end
+
+    it 'grants access when direct and viewer is mentioned' do
+      status.visibility = :direct
+      status.mentions = [Fabricate(:mention, account: alice)]
+
+      expect(subject).to permit(alice, status)
+    end
+
+    it 'denies access when direct and viewer is not mentioned' do
+      viewer = Fabricate(:account)
+      status.visibility = :direct
+
+      expect(subject).to_not permit(viewer, status)
+    end
+
+    it 'grants access when private and account is viewer' do
+      status.visibility = :direct
+
+      expect(subject).to permit(status.account, status)
+    end
+
+    it 'grants access when private and account is following viewer' do
+      follow = Fabricate(:follow)
+      status.visibility = :private
+      status.account = follow.target_account
+
+      expect(subject).to permit(follow.account, status)
+    end
+
+    it 'grants access when private and viewer is mentioned' do
+      status.visibility = :private
+      status.mentions = [Fabricate(:mention, account: alice)]
+
+      expect(subject).to permit(alice, status)
+    end
+
+    it 'denies access when private and viewer is not mentioned or followed' do
+      viewer = Fabricate(:account)
+      status.visibility = :private
+
+      expect(subject).to_not permit(viewer, status)
+    end
+
+    it 'grants access when no viewer' do
+      expect(subject).to permit(nil, status)
+    end
+
+    it 'denies access when viewer is blocked' do
+      block = Fabricate(:block)
+      status.visibility = :private
+      status.account = block.target_account
+
+      expect(subject).to_not permit(block.account, status)
+    end
+  end
+end