about summary refs log tree commit diff
path: root/spec
diff options
context:
space:
mode:
Diffstat (limited to 'spec')
-rw-r--r--spec/controllers/admin/accounts_controller_spec.rb52
-rw-r--r--spec/controllers/admin/reports_controller_spec.rb84
-rw-r--r--spec/controllers/admin/silences_controller_spec.rb33
-rw-r--r--spec/controllers/admin/suspensions_controller_spec.rb39
-rw-r--r--spec/fabricators/account_warning_fabricator.rb5
-rw-r--r--spec/fabricators/account_warning_preset_fabricator.rb3
-rw-r--r--spec/mailers/admin_mailer_spec.rb22
-rw-r--r--spec/mailers/previews/user_mailer_preview.rb5
-rw-r--r--spec/models/account_warning_preset_spec.rb5
-rw-r--r--spec/models/account_warning_spec.rb5
-rw-r--r--spec/models/admin/account_action_spec.rb4
-rw-r--r--spec/models/custom_emoji_filter_spec.rb70
-rw-r--r--spec/policies/backup_policy_spec.rb45
-rw-r--r--spec/policies/custom_emoji_policy_spec.rb38
-rw-r--r--spec/policies/domain_block_policy_spec.rb24
-rw-r--r--spec/policies/email_domain_block_policy_spec.rb24
-rw-r--r--spec/policies/instance_policy_spec.rb24
-rw-r--r--spec/policies/invite_policy_spec.rb94
-rw-r--r--spec/policies/relay_policy_spec.rb24
-rw-r--r--spec/policies/report_note_policy_spec.rb48
-rw-r--r--spec/policies/report_policy_spec.rb24
-rw-r--r--spec/policies/settings_policy_spec.rb24
-rw-r--r--spec/policies/subscription_policy_spec.rb24
-rw-r--r--spec/policies/tag_policy_spec.rb24
-rw-r--r--spec/policies/user_policy_spec.rb167
-rw-r--r--spec/presenters/instance_presenter_spec.rb33
26 files changed, 760 insertions, 184 deletions
diff --git a/spec/controllers/admin/accounts_controller_spec.rb b/spec/controllers/admin/accounts_controller_spec.rb
index dbcad3c2d..a348ab3d7 100644
--- a/spec/controllers/admin/accounts_controller_spec.rb
+++ b/spec/controllers/admin/accounts_controller_spec.rb
@@ -191,58 +191,6 @@ RSpec.describe Admin::AccountsController, type: :controller do
     end
   end
 
-  describe 'POST #disable' do
-    subject { post :disable, params: { id: account.id } }
-
-    let(:current_user) { Fabricate(:user, admin: current_user_admin) }
-    let(:account) { Fabricate(:account, user: user) }
-    let(:user) { Fabricate(:user, disabled: false, admin: target_user_admin) }
-
-    context 'when user is admin' do
-      let(:current_user_admin) { true }
-
-      context 'when target user is admin' do
-        let(:target_user_admin) { true }
-
-        it 'fails to disable account' do
-          is_expected.to have_http_status :forbidden
-          expect(user.reload).not_to be_disabled
-        end
-      end
-
-      context 'when target user is not admin' do
-        let(:target_user_admin) { false }
-
-        it 'succeeds in disabling account' do
-          is_expected.to redirect_to admin_account_path(account.id)
-          expect(user.reload).to be_disabled
-        end
-      end
-    end
-
-    context 'when user is not admin' do
-      let(:current_user_admin) { false }
-
-      context 'when target user is admin' do
-        let(:target_user_admin) { true }
-
-        it 'fails to disable account' do
-          is_expected.to have_http_status :forbidden
-          expect(user.reload).not_to be_disabled
-        end
-      end
-
-      context 'when target user is not admin' do
-        let(:target_user_admin) { false }
-
-        it 'fails to disable account' do
-          is_expected.to have_http_status :forbidden
-          expect(user.reload).not_to be_disabled
-        end
-      end
-    end
-  end
-
   describe 'POST #redownload' do
     subject { post :redownload, params: { id: account.id } }
 
diff --git a/spec/controllers/admin/reports_controller_spec.rb b/spec/controllers/admin/reports_controller_spec.rb
index bcc789c57..b428299ee 100644
--- a/spec/controllers/admin/reports_controller_spec.rb
+++ b/spec/controllers/admin/reports_controller_spec.rb
@@ -46,73 +46,37 @@ describe Admin::ReportsController do
     end
   end
 
-  describe 'PUT #update' do
-    describe 'with an unknown outcome' do
-      it 'rejects the change' do
-        report = Fabricate(:report)
-        put :update, params: { id: report, outcome: 'unknown' }
-
-        expect(response).to have_http_status(404)
-      end
-    end
-
-    describe 'with an outcome of `resolve`' do
-      it 'resolves the report' do
-        report = Fabricate(:report)
-
-        put :update, params: { id: report, outcome: 'resolve' }
-        expect(response).to redirect_to(admin_reports_path)
-        report.reload
-        expect(report.action_taken_by_account).to eq user.account
-        expect(report.action_taken).to eq true
-      end
-    end
-
-    describe 'with an outsome of `silence`' do
-      it 'silences the reported account' do
-        report = Fabricate(:report)
-
-        put :update, params: { id: report, outcome: 'silence' }
-        expect(response).to redirect_to(admin_reports_path)
-        report.reload
-        expect(report.action_taken_by_account).to eq user.account
-        expect(report.action_taken).to eq true
-        expect(report.target_account).to be_silenced
-      end
-    end
-
-    describe 'with an outsome of `reopen`' do
-      it 'reopens the report' do
-        report = Fabricate(:report)
+  describe 'POST #reopen' do
+    it 'reopens the report' do
+      report = Fabricate(:report)
 
-        put :update, params: { id: report, outcome: 'reopen' }
-        expect(response).to redirect_to(admin_report_path(report))
-        report.reload
-        expect(report.action_taken_by_account).to eq nil
-        expect(report.action_taken).to eq false
-      end
+      put :reopen, params: { id: report }
+      expect(response).to redirect_to(admin_report_path(report))
+      report.reload
+      expect(report.action_taken_by_account).to eq nil
+      expect(report.action_taken).to eq false
     end
+  end
 
-    describe 'with an outsome of `assign_to_self`' do
-      it 'reopens the report' do
-        report = Fabricate(:report)
+  describe 'POST #assign_to_self' do
+    it 'reopens the report' do
+      report = Fabricate(:report)
 
-        put :update, params: { id: report, outcome: 'assign_to_self' }
-        expect(response).to redirect_to(admin_report_path(report))
-        report.reload
-        expect(report.assigned_account).to eq user.account
-      end
+      put :assign_to_self, params: { id: report }
+      expect(response).to redirect_to(admin_report_path(report))
+      report.reload
+      expect(report.assigned_account).to eq user.account
     end
+  end
 
-    describe 'with an outsome of `unassign`' do
-      it 'reopens the report' do
-        report = Fabricate(:report)
+  describe 'POST #unassign' do
+    it 'reopens the report' do
+      report = Fabricate(:report)
 
-        put :update, params: { id: report, outcome: 'unassign' }
-        expect(response).to redirect_to(admin_report_path(report))
-        report.reload
-        expect(report.assigned_account).to eq nil
-      end
+      put :unassign, params: { id: report }
+      expect(response).to redirect_to(admin_report_path(report))
+      report.reload
+      expect(report.assigned_account).to eq nil
     end
   end
 end
diff --git a/spec/controllers/admin/silences_controller_spec.rb b/spec/controllers/admin/silences_controller_spec.rb
deleted file mode 100644
index 78560eb39..000000000
--- a/spec/controllers/admin/silences_controller_spec.rb
+++ /dev/null
@@ -1,33 +0,0 @@
-require 'rails_helper'
-
-describe Admin::SilencesController do
-  render_views
-
-  before do
-    sign_in Fabricate(:user, admin: true), scope: :user
-  end
-
-  describe 'POST #create' do
-    it 'redirects to admin accounts page' do
-      account = Fabricate(:account, silenced: false)
-
-      post :create, params: { account_id: account.id }
-
-      account.reload
-      expect(account.silenced?).to eq true
-      expect(response).to redirect_to(admin_accounts_path)
-    end
-  end
-
-  describe 'DELETE #destroy' do
-    it 'redirects to admin accounts page' do
-      account = Fabricate(:account, silenced: true)
-
-      delete :destroy, params: { account_id: account.id }
-
-      account.reload
-      expect(account.silenced?).to eq false
-      expect(response).to redirect_to(admin_accounts_path)
-    end
-  end
-end
diff --git a/spec/controllers/admin/suspensions_controller_spec.rb b/spec/controllers/admin/suspensions_controller_spec.rb
deleted file mode 100644
index 1bc33e490..000000000
--- a/spec/controllers/admin/suspensions_controller_spec.rb
+++ /dev/null
@@ -1,39 +0,0 @@
-require 'rails_helper'
-
-describe Admin::SuspensionsController do
-  render_views
-
-  before do
-    sign_in Fabricate(:user, admin: true), scope: :user
-  end
-
-  describe 'GET #new' do
-    it 'returns 200' do
-      get :new, params: { account_id: Fabricate(:account).id, report_id: Fabricate(:report).id }
-      expect(response).to have_http_status(200)
-    end
-  end
-
-  describe 'POST #create' do
-    it 'redirects to admin accounts page' do
-      account = Fabricate(:account, suspended: false)
-      expect(Admin::SuspensionWorker).to receive(:perform_async).with(account.id)
-
-      post :create, params: { account_id: account.id, form_admin_suspension_confirmation: { acct: account.acct } }
-
-      expect(response).to redirect_to(admin_accounts_path)
-    end
-  end
-
-  describe 'DELETE #destroy' do
-    it 'redirects to admin accounts page' do
-      account = Fabricate(:account, suspended: true)
-
-      delete :destroy, params: { account_id: account.id }
-
-      account.reload
-      expect(account.suspended?).to eq false
-      expect(response).to redirect_to(admin_accounts_path)
-    end
-  end
-end
diff --git a/spec/fabricators/account_warning_fabricator.rb b/spec/fabricators/account_warning_fabricator.rb
new file mode 100644
index 000000000..db161d446
--- /dev/null
+++ b/spec/fabricators/account_warning_fabricator.rb
@@ -0,0 +1,5 @@
+Fabricator(:account_warning) do
+  account        nil
+  target_account nil
+  text           "MyText"
+end
diff --git a/spec/fabricators/account_warning_preset_fabricator.rb b/spec/fabricators/account_warning_preset_fabricator.rb
new file mode 100644
index 000000000..6c0b87e7c
--- /dev/null
+++ b/spec/fabricators/account_warning_preset_fabricator.rb
@@ -0,0 +1,3 @@
+Fabricator(:account_warning_preset) do
+  text "MyText"
+end
diff --git a/spec/mailers/admin_mailer_spec.rb b/spec/mailers/admin_mailer_spec.rb
new file mode 100644
index 000000000..4a8ef7b5e
--- /dev/null
+++ b/spec/mailers/admin_mailer_spec.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe AdminMailer, type: :mailer do
+  describe '.new_report' do
+    let(:sender)    { Fabricate(:account, username: 'John', user: Fabricate(:user)) }
+    let(:recipient) { Fabricate(:account, username: 'Mike', user: Fabricate(:user, locale: :en)) }
+    let(:report)    { Fabricate(:report, account: sender, target_account: recipient) }
+    let(:mail)      { described_class.new_report(recipient, report) }
+
+    it 'renders the headers' do
+      expect(mail.subject).to eq("New report for cb6e6126.ngrok.io (##{report.id})")
+      expect(mail.to).to eq [recipient.user_email]
+      expect(mail.from).to eq ['notifications@localhost']
+    end
+
+    it 'renders the body' do
+      expect(mail.body.encoded).to eq("Mike,\r\n\r\nJohn has reported Mike\r\n\r\nView: https://cb6e6126.ngrok.io/admin/reports/#{report.id}\r\n")
+    end
+  end
+end
diff --git a/spec/mailers/previews/user_mailer_preview.rb b/spec/mailers/previews/user_mailer_preview.rb
index d9cdb9264..53c836494 100644
--- a/spec/mailers/previews/user_mailer_preview.rb
+++ b/spec/mailers/previews/user_mailer_preview.rb
@@ -39,4 +39,9 @@ class UserMailerPreview < ActionMailer::Preview
   def backup_ready
     UserMailer.backup_ready(User.first, Backup.first)
   end
+
+  # Preview this email at http://localhost:3000/rails/mailers/user_mailer/warning
+  def warning
+    UserMailer.warning(User.first, AccountWarning.new(text: '', action: :silence))
+  end
 end
diff --git a/spec/models/account_warning_preset_spec.rb b/spec/models/account_warning_preset_spec.rb
new file mode 100644
index 000000000..a859a305f
--- /dev/null
+++ b/spec/models/account_warning_preset_spec.rb
@@ -0,0 +1,5 @@
+require 'rails_helper'
+
+RSpec.describe AccountWarningPreset, type: :model do
+  pending "add some examples to (or delete) #{__FILE__}"
+end
diff --git a/spec/models/account_warning_spec.rb b/spec/models/account_warning_spec.rb
new file mode 100644
index 000000000..5286f9177
--- /dev/null
+++ b/spec/models/account_warning_spec.rb
@@ -0,0 +1,5 @@
+require 'rails_helper'
+
+RSpec.describe AccountWarning, type: :model do
+  pending "add some examples to (or delete) #{__FILE__}"
+end
diff --git a/spec/models/admin/account_action_spec.rb b/spec/models/admin/account_action_spec.rb
new file mode 100644
index 000000000..8c55cf4dd
--- /dev/null
+++ b/spec/models/admin/account_action_spec.rb
@@ -0,0 +1,4 @@
+require 'rails_helper'
+
+RSpec.describe Admin::AccountAction, type: :model do
+end
diff --git a/spec/models/custom_emoji_filter_spec.rb b/spec/models/custom_emoji_filter_spec.rb
new file mode 100644
index 000000000..d859f5c5f
--- /dev/null
+++ b/spec/models/custom_emoji_filter_spec.rb
@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe CustomEmojiFilter do
+  describe '#results' do
+    let!(:custom_emoji_0) { Fabricate(:custom_emoji, domain: 'a') }
+    let!(:custom_emoji_1) { Fabricate(:custom_emoji, domain: 'b') }
+    let!(:custom_emoji_2) { Fabricate(:custom_emoji, domain: nil, shortcode: 'hoge') }
+
+    subject { described_class.new(params).results }
+
+    context 'params have values' do
+      context 'local' do
+        let(:params) { { local: true } }
+
+        it 'returns ActiveRecord::Relation' do
+          expect(subject).to be_kind_of(ActiveRecord::Relation)
+          expect(subject).to match_array([custom_emoji_2])
+        end
+      end
+
+      context 'remote' do
+        let(:params) { { remote: true } }
+
+        it 'returns ActiveRecord::Relation' do
+          expect(subject).to be_kind_of(ActiveRecord::Relation)
+          expect(subject).to match_array([custom_emoji_0, custom_emoji_1])
+        end
+      end
+
+      context 'by_domain' do
+        let(:params) { { by_domain: 'a' } }
+
+        it 'returns ActiveRecord::Relation' do
+          expect(subject).to be_kind_of(ActiveRecord::Relation)
+          expect(subject).to match_array([custom_emoji_0])
+        end
+      end
+
+      context 'shortcode' do
+        let(:params) { { shortcode: 'hoge' } }
+
+        it 'returns ActiveRecord::Relation' do
+          expect(subject).to be_kind_of(ActiveRecord::Relation)
+          expect(subject).to match_array([custom_emoji_2])
+        end
+      end
+
+      context 'else' do
+        let(:params) { { else: 'else' } }
+
+        it 'raises RuntimeError' do
+          expect do
+            subject
+          end.to raise_error(RuntimeError, /Unknown filter: else/)
+        end
+      end
+    end
+
+    context 'params without value' do
+      let(:params) { { hoge: nil } }
+
+      it 'returns ActiveRecord::Relation' do
+        expect(subject).to be_kind_of(ActiveRecord::Relation)
+        expect(subject).to match_array([custom_emoji_0, custom_emoji_1, custom_emoji_2])
+      end
+    end
+  end
+end
diff --git a/spec/policies/backup_policy_spec.rb b/spec/policies/backup_policy_spec.rb
new file mode 100644
index 000000000..80407e12f
--- /dev/null
+++ b/spec/policies/backup_policy_spec.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe BackupPolicy do
+  let(:subject) { described_class }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :create? do
+    context 'not user_signed_in?' do
+      it 'denies' do
+        expect(subject).to_not permit(nil, Backup)
+      end
+    end
+
+    context 'user_signed_in?' do
+      context 'no backups' do
+        it 'permits' do
+          expect(subject).to permit(john, Backup)
+        end
+      end
+
+      context 'backups are too old' do
+        it 'permits' do
+          travel(-8.days) do
+            Fabricate(:backup, user: john.user)
+          end
+
+          expect(subject).to permit(john, Backup)
+        end
+      end
+
+      context 'backups are newer' do
+        it 'denies' do
+          travel(-3.days) do
+            Fabricate(:backup, user: john.user)
+          end
+
+          expect(subject).to_not permit(john, Backup)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/policies/custom_emoji_policy_spec.rb b/spec/policies/custom_emoji_policy_spec.rb
new file mode 100644
index 000000000..8def88212
--- /dev/null
+++ b/spec/policies/custom_emoji_policy_spec.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe CustomEmojiPolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :index?, :enable?, :disable? do
+    context 'staff' do
+      it 'permits' do
+        expect(subject).to permit(admin, CustomEmoji)
+      end
+    end
+
+    context 'not staff' do
+      it 'denies' do
+        expect(subject).to_not permit(john, CustomEmoji)
+      end
+    end
+  end
+
+  permissions :create?, :update?, :copy?, :destroy? do
+    context 'admin' do
+      it 'permits' do
+        expect(subject).to permit(admin, CustomEmoji)
+      end
+    end
+
+    context 'not admin' do
+      it 'denies' do
+        expect(subject).to_not permit(john, CustomEmoji)
+      end
+    end
+  end
+end
diff --git a/spec/policies/domain_block_policy_spec.rb b/spec/policies/domain_block_policy_spec.rb
new file mode 100644
index 000000000..aea50ec0f
--- /dev/null
+++ b/spec/policies/domain_block_policy_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe DomainBlockPolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :index?, :show?, :create?, :destroy? do
+    context 'admin' do
+      it 'permits' do
+        expect(subject).to permit(admin, DomainBlock)
+      end
+    end
+
+    context 'not admin' do
+      it 'denies' do
+        expect(subject).to_not permit(john, DomainBlock)
+      end
+    end
+  end
+end
diff --git a/spec/policies/email_domain_block_policy_spec.rb b/spec/policies/email_domain_block_policy_spec.rb
new file mode 100644
index 000000000..a3e825e07
--- /dev/null
+++ b/spec/policies/email_domain_block_policy_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe EmailDomainBlockPolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :index?, :create?, :destroy? do
+    context 'admin' do
+      it 'permits' do
+        expect(subject).to permit(admin, EmailDomainBlock)
+      end
+    end
+
+    context 'not admin' do
+      it 'denies' do
+        expect(subject).to_not permit(john, EmailDomainBlock)
+      end
+    end
+  end
+end
diff --git a/spec/policies/instance_policy_spec.rb b/spec/policies/instance_policy_spec.rb
new file mode 100644
index 000000000..fbfddd72f
--- /dev/null
+++ b/spec/policies/instance_policy_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe InstancePolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :index?, :resubscribe? do
+    context 'admin' do
+      it 'permits' do
+        expect(subject).to permit(admin, Instance)
+      end
+    end
+
+    context 'not admin' do
+      it 'denies' do
+        expect(subject).to_not permit(john, Instance)
+      end
+    end
+  end
+end
diff --git a/spec/policies/invite_policy_spec.rb b/spec/policies/invite_policy_spec.rb
new file mode 100644
index 000000000..e391455be
--- /dev/null
+++ b/spec/policies/invite_policy_spec.rb
@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe InvitePolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :index? do
+    context 'staff?' do
+      it 'permits' do
+        expect(subject).to permit(admin, Invite)
+      end
+    end
+  end
+
+  permissions :create? do
+    context 'min_required_role?' do
+      it 'permits' do
+        allow_any_instance_of(described_class).to receive(:min_required_role?) { true }
+        expect(subject).to permit(john, Invite)
+      end
+    end
+
+    context 'not min_required_role?' do
+      it 'denies' do
+        allow_any_instance_of(described_class).to receive(:min_required_role?) { false }
+        expect(subject).to_not permit(john, Invite)
+      end
+    end
+  end
+
+  permissions :deactivate_all? do
+    context 'admin?' do
+      it 'permits' do
+        expect(subject).to permit(admin, Invite)
+      end
+    end
+
+    context 'not admin?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, Invite)
+      end
+    end
+  end
+
+  permissions :destroy? do
+    context 'owner?' do
+      it 'permits' do
+        expect(subject).to permit(john, Fabricate(:invite, user: john.user))
+      end
+    end
+
+    context 'not owner?' do
+      context 'Setting.min_invite_role == "admin"' do
+        before do
+          Setting.min_invite_role = 'admin'
+        end
+
+        context 'admin?' do
+          it 'permits' do
+            expect(subject).to permit(admin, Fabricate(:invite))
+          end
+        end
+
+        context 'not admin?' do
+          it 'denies' do
+            expect(subject).to_not permit(john, Fabricate(:invite))
+          end
+        end
+      end
+
+      context 'Setting.min_invite_role != "admin"' do
+        before do
+          Setting.min_invite_role = 'else'
+        end
+
+        context 'staff?' do
+          it 'permits' do
+            expect(subject).to permit(admin, Fabricate(:invite))
+          end
+        end
+
+        context 'not staff?' do
+          it 'denies' do
+            expect(subject).to_not permit(john, Fabricate(:invite))
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/spec/policies/relay_policy_spec.rb b/spec/policies/relay_policy_spec.rb
new file mode 100644
index 000000000..640f27d54
--- /dev/null
+++ b/spec/policies/relay_policy_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe RelayPolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :update? do
+    context 'admin?' do
+      it 'permits' do
+        expect(subject).to permit(admin, Relay)
+      end
+    end
+
+    context '!admin?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, Relay)
+      end
+    end
+  end
+end
diff --git a/spec/policies/report_note_policy_spec.rb b/spec/policies/report_note_policy_spec.rb
new file mode 100644
index 000000000..596d7d7a9
--- /dev/null
+++ b/spec/policies/report_note_policy_spec.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe ReportNotePolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :create? do
+    context 'staff?' do
+      it 'permits' do
+        expect(subject).to permit(admin, ReportNote)
+      end
+    end
+
+    context '!staff?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, ReportNote)
+      end
+    end
+  end
+
+  permissions :destroy? do
+    context 'admin?' do
+      it 'permit' do
+        expect(subject).to permit(admin, ReportNote)
+      end
+    end
+
+    context 'admin?' do
+      context 'owner?' do
+        it 'permit' do
+          report_note = Fabricate(:report_note, account: john)
+          expect(subject).to permit(john, report_note)
+        end
+      end
+
+      context '!owner?' do
+        it 'denies' do
+          report_note = Fabricate(:report_note)
+          expect(subject).to_not permit(john, report_note)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/policies/report_policy_spec.rb b/spec/policies/report_policy_spec.rb
new file mode 100644
index 000000000..c9ae1e87a
--- /dev/null
+++ b/spec/policies/report_policy_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe ReportPolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :update?, :index?, :show? do
+    context 'staff?' do
+      it 'permits' do
+        expect(subject).to permit(admin, Report)
+      end
+    end
+
+    context '!staff?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, Report)
+      end
+    end
+  end
+end
diff --git a/spec/policies/settings_policy_spec.rb b/spec/policies/settings_policy_spec.rb
new file mode 100644
index 000000000..92f1f4869
--- /dev/null
+++ b/spec/policies/settings_policy_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe SettingsPolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :update?, :show? do
+    context 'admin?' do
+      it 'permits' do
+        expect(subject).to permit(admin, Settings)
+      end
+    end
+
+    context '!admin?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, Settings)
+      end
+    end
+  end
+end
diff --git a/spec/policies/subscription_policy_spec.rb b/spec/policies/subscription_policy_spec.rb
new file mode 100644
index 000000000..21d60c15f
--- /dev/null
+++ b/spec/policies/subscription_policy_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe SubscriptionPolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :index? do
+    context 'admin?' do
+      it 'permits' do
+        expect(subject).to permit(admin, Subscription)
+      end
+    end
+
+    context '!admin?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, Subscription)
+      end
+    end
+  end
+end
diff --git a/spec/policies/tag_policy_spec.rb b/spec/policies/tag_policy_spec.rb
new file mode 100644
index 000000000..c7afaa7c9
--- /dev/null
+++ b/spec/policies/tag_policy_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe TagPolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :index?, :hide?, :unhide? do
+    context 'staff?' do
+      it 'permits' do
+        expect(subject).to permit(admin, Tag)
+      end
+    end
+
+    context '!staff?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, Tag)
+      end
+    end
+  end
+end
diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb
new file mode 100644
index 000000000..e37904f04
--- /dev/null
+++ b/spec/policies/user_policy_spec.rb
@@ -0,0 +1,167 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'pundit/rspec'
+
+RSpec.describe UserPolicy do
+  let(:subject) { described_class }
+  let(:admin)   { Fabricate(:user, admin: true).account }
+  let(:john)    { Fabricate(:user).account }
+
+  permissions :reset_password?, :change_email? do
+    context 'staff?' do
+      context '!record.staff?' do
+        it 'permits' do
+          expect(subject).to permit(admin, john.user)
+        end
+      end
+
+      context 'record.staff?' do
+        it 'denies' do
+          expect(subject).to_not permit(admin, admin.user)
+        end
+      end
+    end
+
+    context '!staff?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, User)
+      end
+    end
+  end
+
+  permissions :disable_2fa? do
+    context 'admin?' do
+      context '!record.staff?' do
+        it 'permits' do
+          expect(subject).to permit(admin, john.user)
+        end
+      end
+
+      context 'record.staff?' do
+        it 'denies' do
+          expect(subject).to_not permit(admin, admin.user)
+        end
+      end
+    end
+
+    context '!admin?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, User)
+      end
+    end
+  end
+
+  permissions :confirm? do
+    context 'staff?' do
+      context '!record.confirmed?' do
+        it 'permits' do
+          john.user.update(confirmed_at: nil)
+          expect(subject).to permit(admin, john.user)
+        end
+      end
+
+      context 'record.confirmed?' do
+        it 'denies' do
+          john.user.confirm!
+          expect(subject).to_not permit(admin, john.user)
+        end
+      end
+    end
+
+    context '!staff?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, User)
+      end
+    end
+  end
+
+  permissions :enable? do
+    context 'staff?' do
+      it 'permits' do
+        expect(subject).to permit(admin, User)
+      end
+    end
+
+    context '!staff?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, User)
+      end
+    end
+  end
+
+  permissions :disable? do
+    context 'staff?' do
+      context '!record.admin?' do
+        it 'permits' do
+          expect(subject).to permit(admin, john.user)
+        end
+      end
+
+      context 'record.admin?' do
+        it 'denies' do
+          expect(subject).to_not permit(admin, admin.user)
+        end
+      end
+    end
+
+    context '!staff?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, User)
+      end
+    end
+  end
+
+  permissions :promote? do
+    context 'admin?' do
+      context 'promoteable?' do
+        it 'permits' do
+          expect(subject).to permit(admin, john.user)
+        end
+      end
+
+      context '!promoteable?' do
+        it 'denies' do
+          expect(subject).to_not permit(admin, admin.user)
+        end
+      end
+    end
+
+    context '!admin?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, User)
+      end
+    end
+  end
+
+  permissions :demote? do
+    context 'admin?' do
+      context '!record.admin?' do
+        context 'demoteable?' do
+          it 'permits' do
+            john.user.update(moderator: true)
+            expect(subject).to permit(admin, john.user)
+          end
+        end
+
+        context '!demoteable?' do
+          it 'denies' do
+            expect(subject).to_not permit(admin, john.user)
+          end
+        end
+      end
+
+      context 'record.admin?' do
+        it 'denies' do
+          expect(subject).to_not permit(admin, admin.user)
+        end
+      end
+    end
+
+    context '!admin?' do
+      it 'denies' do
+        expect(subject).to_not permit(john, User)
+      end
+    end
+  end
+end
diff --git a/spec/presenters/instance_presenter_spec.rb b/spec/presenters/instance_presenter_spec.rb
index 006403925..ccc558f71 100644
--- a/spec/presenters/instance_presenter_spec.rb
+++ b/spec/presenters/instance_presenter_spec.rb
@@ -111,4 +111,37 @@ describe InstancePresenter do
       expect(instance_presenter.domain_count).to eq(345)
     end
   end
+
+  describe '#version_number' do
+    it 'returns Mastodon::Version' do
+      expect(instance_presenter.version_number).to be(Mastodon::Version)
+    end
+  end
+
+  describe '#source_url' do
+    it 'returns "https://github.com/glitch-soc/mastodon"' do
+      expect(instance_presenter.source_url).to eq('https://github.com/glitch-soc/mastodon')
+    end
+  end
+
+  describe '#thumbnail' do
+    it 'returns SiteUpload' do
+      thumbnail = Fabricate(:site_upload, var: 'thumbnail')
+      expect(instance_presenter.thumbnail).to eq(thumbnail)
+    end
+  end
+
+  describe '#hero' do
+    it 'returns SiteUpload' do
+      hero = Fabricate(:site_upload, var: 'hero')
+      expect(instance_presenter.hero).to eq(hero)
+    end
+  end
+
+  describe '#mascot' do
+    it 'returns SiteUpload' do
+      mascot = Fabricate(:site_upload, var: 'mascot')
+      expect(instance_presenter.mascot).to eq(mascot)
+    end
+  end
 end