about summary refs log tree commit diff
path: root/spec
diff options
context:
space:
mode:
Diffstat (limited to 'spec')
-rw-r--r--spec/policies/account_moderation_note_policy_spec.rb52
-rw-r--r--spec/policies/account_policy_spec.rb86
-rw-r--r--spec/policies/status_policy_spec.rb28
3 files changed, 166 insertions, 0 deletions
diff --git a/spec/policies/account_moderation_note_policy_spec.rb b/spec/policies/account_moderation_note_policy_spec.rb
new file mode 100644
index 000000000..bb7af94e4
--- /dev/null
+++ b/spec/policies/account_moderation_note_policy_spec.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe AccountModerationNotePolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :create? do
+    context 'staff' do
+      it 'grants to create' do
+        expect(subject).to permit(admin, AccountModerationNotePolicy)
+      end
+    end
+
+    context 'not staff' do
+      it 'denies to create' do
+        expect(subject).to_not permit(john, AccountModerationNotePolicy)
+      end
+    end
+  end
+
+  permissions :destroy? do
+    let(:account_moderation_note) do
+      Fabricate(:account_moderation_note,
+                account: john,
+                target_account: Fabricate(:account))
+    end
+
+    context 'admin' do
+      it 'grants to destroy' do
+        expect(subject).to permit(admin, AccountModerationNotePolicy)
+      end
+    end
+
+    context 'owner' do
+      it 'grants to destroy' do
+        expect(subject).to permit(john, account_moderation_note)
+      end
+    end
+
+    context 'neither admin nor owner' do
+      let(:kevin) { Fabricate(:user).account }
+
+      it 'denies to destroy' do
+        expect(subject).to_not permit(kevin, account_moderation_note)
+      end
+    end
+  end
+end
diff --git a/spec/policies/account_policy_spec.rb b/spec/policies/account_policy_spec.rb
new file mode 100644
index 000000000..6648b0888
--- /dev/null
+++ b/spec/policies/account_policy_spec.rb
@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe AccountPolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :index?, :show?, :unsuspend?, :unsilence?, :remove_avatar?, :remove_header? do
+    context 'staff' do
+      it 'permits' do
+        expect(subject).to permit(admin)
+      end
+    end
+
+    context 'not staff' do
+      it 'denies' do
+        expect(subject).to_not permit(john)
+      end
+    end
+  end
+
+  permissions :redownload?, :subscribe?, :unsubscribe? do
+    context 'admin' do
+      it 'permits' do
+        expect(subject).to permit(admin)
+      end
+    end
+
+    context 'not admin' do
+      it 'denies' do
+        expect(subject).to_not permit(john)
+      end
+    end
+  end
+
+  permissions :suspend?, :silence? do
+    let(:staff) { Fabricate(:user, admin: true).account }
+
+    context 'staff' do
+      context 'record is staff' do
+        it 'denies' do
+          expect(subject).to_not permit(admin, staff)
+        end
+      end
+
+      context 'record is not staff' do
+        it 'permits' do
+          expect(subject).to permit(admin, john)
+        end
+      end
+    end
+
+    context 'not staff' do
+      it 'denies' do
+        expect(subject).to_not permit(john, Account)
+      end
+    end
+  end
+
+  permissions :memorialize? do
+    let(:other_admin) { Fabricate(:user, admin: true).account }
+
+    context 'admin' do
+      context 'record is admin' do
+        it 'denies' do
+          expect(subject).to_not permit(admin, other_admin)
+        end
+      end
+
+      context 'record is not admin' do
+        it 'permits' do
+          expect(subject).to permit(admin, john)
+        end
+      end
+    end
+
+    context 'not admin' do
+      it 'denies' do
+        expect(subject).to_not permit(john, Account)
+      end
+    end
+  end
+end
diff --git a/spec/policies/status_policy_spec.rb b/spec/policies/status_policy_spec.rb
index 837fa9cee..8bce29cad 100644
--- a/spec/policies/status_policy_spec.rb
+++ b/spec/policies/status_policy_spec.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rails_helper'
 require 'pundit/rspec'
 
@@ -118,4 +120,30 @@ RSpec.describe StatusPolicy, type: :model do
       expect(subject).to_not permit(nil, status)
     end
   end
+
+  permissions :favourite? do
+    it 'grants access when viewer is not blocked' do
+      follow         = Fabricate(:follow)
+      status.account = follow.target_account
+
+      expect(subject).to permit(follow.account, status)
+    end
+
+    it 'denies when viewer is blocked' do
+      block          = Fabricate(:block)
+      status.account = block.target_account
+
+      expect(subject).to_not permit(block.account, status)
+    end
+  end
+
+  permissions :index?, :update? do
+    it 'grants access if staff' do
+      expect(subject).to permit(admin.account)
+    end
+
+    it 'denies access unless staff' do
+      expect(subject).to_not permit(alice)
+    end
+  end
 end