diff options
author | Jack Jennings <jack@standard-library.com> | 2017-05-29 09:22:22 -0700 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-05-29 18:22:22 +0200 |
commit | 3a2003ba863252f305fb32098bcd3f095b10e2ff (patch) | |
tree | 6ff5f4a1cf6c9d042baca1441409afb9ac46775d /spec | |
parent | 9a81be0d3715eb846d940794f8b34cbbe4ba67a5 (diff) |
Extract authorization policy for viewing statuses (#3150)
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/media_controller_spec.rb | 2 | ||||
-rw-r--r-- | spec/models/status_spec.rb | 60 | ||||
-rw-r--r-- | spec/policies/status_policy_spec.rb | 70 |
3 files changed, 71 insertions, 61 deletions
diff --git a/spec/controllers/media_controller_spec.rb b/spec/controllers/media_controller_spec.rb index 2541df734..5b03899e4 100644 --- a/spec/controllers/media_controller_spec.rb +++ b/spec/controllers/media_controller_spec.rb @@ -30,7 +30,7 @@ describe MediaController do it 'raises when not permitted to view' do status = Fabricate(:status) media_attachment = Fabricate(:media_attachment, status: status) - allow_any_instance_of(Status).to receive(:permitted?).and_return(false) + allow_any_instance_of(MediaController).to receive(:authorize).and_raise(ActiveRecord::RecordNotFound) get :show, params: { id: media_attachment.to_param } expect(response).to have_http_status(:missing) diff --git a/spec/models/status_spec.rb b/spec/models/status_spec.rb index d3a66134b..ec07e6156 100644 --- a/spec/models/status_spec.rb +++ b/spec/models/status_spec.rb @@ -119,66 +119,6 @@ RSpec.describe Status, type: :model do end end - describe '#permitted?' do - it 'returns true when direct and account is viewer' do - subject.visibility = :direct - expect(subject.permitted?(subject.account)).to be true - end - - it 'returns true when direct and viewer is mentioned' do - subject.visibility = :direct - subject.mentions = [Fabricate(:mention, account: alice)] - - expect(subject.permitted?(alice)).to be true - end - - it 'returns false when direct and viewer is not mentioned' do - viewer = Fabricate(:account) - subject.visibility = :direct - - expect(subject.permitted?(viewer)).to be false - end - - it 'returns true when private and account is viewer' do - subject.visibility = :direct - expect(subject.permitted?(subject.account)).to be true - end - - it 'returns true when private and account is following viewer' do - follow = Fabricate(:follow) - subject.visibility = :private - subject.account = follow.target_account - - expect(subject.permitted?(follow.account)).to be true - end - - it 'returns true when private and viewer is mentioned' do - subject.visibility = :private - subject.mentions = [Fabricate(:mention, account: alice)] - - expect(subject.permitted?(alice)).to be true - end - - it 'returns false when private and viewer is not mentioned or followed' do - viewer = Fabricate(:account) - subject.visibility = :private - - expect(subject.permitted?(viewer)).to be false - end - - it 'returns true when no viewer' do - expect(subject.permitted?).to be true - end - - it 'returns false when viewer is blocked' do - block = Fabricate(:block) - subject.visibility = :private - subject.account = block.target_account - - expect(subject.permitted?(block.account)).to be false - end - end - describe '#ancestors' do let!(:alice) { Fabricate(:account, username: 'alice') } let!(:bob) { Fabricate(:account, username: 'bob', domain: 'example.com') } diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb new file mode 100644 index 000000000..ee7060b98 --- /dev/null +++ b/spec/policies/status_policy_spec.rb @@ -0,0 +1,70 @@ +require 'rails_helper' +require 'pundit/rspec' + +RSpec.describe StatusPolicy, type: :model do + subject { described_class } + + let(:alice) { Fabricate(:account, username: 'alice') } + let(:status) { Fabricate(:status, account: alice) } + + permissions :show? do + it 'grants access when direct and account is viewer' do + status.visibility = :direct + expect(subject).to permit(status.account, status) + end + + it 'grants access when direct and viewer is mentioned' do + status.visibility = :direct + status.mentions = [Fabricate(:mention, account: alice)] + + expect(subject).to permit(alice, status) + end + + it 'denies access when direct and viewer is not mentioned' do + viewer = Fabricate(:account) + status.visibility = :direct + + expect(subject).to_not permit(viewer, status) + end + + it 'grants access when private and account is viewer' do + status.visibility = :direct + + expect(subject).to permit(status.account, status) + end + + it 'grants access when private and account is following viewer' do + follow = Fabricate(:follow) + status.visibility = :private + status.account = follow.target_account + + expect(subject).to permit(follow.account, status) + end + + it 'grants access when private and viewer is mentioned' do + status.visibility = :private + status.mentions = [Fabricate(:mention, account: alice)] + + expect(subject).to permit(alice, status) + end + + it 'denies access when private and viewer is not mentioned or followed' do + viewer = Fabricate(:account) + status.visibility = :private + + expect(subject).to_not permit(viewer, status) + end + + it 'grants access when no viewer' do + expect(subject).to permit(nil, status) + end + + it 'denies access when viewer is blocked' do + block = Fabricate(:block) + status.visibility = :private + status.account = block.target_account + + expect(subject).to_not permit(block.account, status) + end + end +end |