From 552d69ad96fec7ebfca46a97c50355678e114223 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 14 Nov 2022 08:07:14 +0100 Subject: Fix error when invalid domain name is submitted (#19474) Fix #19175 --- .../api/v1/admin/domain_allows_controller_spec.rb | 44 ++++++++++++++-------- 1 file changed, 28 insertions(+), 16 deletions(-) (limited to 'spec/controllers') diff --git a/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb b/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb index 26a391a60..8100363f6 100644 --- a/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb +++ b/spec/controllers/api/v1/admin/domain_allows_controller_spec.rb @@ -94,25 +94,37 @@ RSpec.describe Api::V1::Admin::DomainAllowsController, type: :controller do describe 'POST #create' do let!(:domain_allow) { Fabricate(:domain_allow, domain: 'example.com') } - before do - post :create, params: { domain: 'foo.bar.com' } - end - - it_behaves_like 'forbidden for wrong scope', 'write:statuses' - it_behaves_like 'forbidden for wrong role', '' - it_behaves_like 'forbidden for wrong role', 'Moderator' - - it 'returns http success' do - expect(response).to have_http_status(200) + context do + before do + post :create, params: { domain: 'foo.bar.com' } + end + + it_behaves_like 'forbidden for wrong scope', 'write:statuses' + it_behaves_like 'forbidden for wrong role', '' + it_behaves_like 'forbidden for wrong role', 'Moderator' + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'returns expected domain name' do + json = body_as_json + expect(json[:domain]).to eq 'foo.bar.com' + end + + it 'creates a domain block' do + expect(DomainAllow.find_by(domain: 'foo.bar.com')).to_not be_nil + end end - it 'returns expected domain name' do - json = body_as_json - expect(json[:domain]).to eq 'foo.bar.com' - end + context 'with invalid domain name' do + before do + post :create, params: { domain: 'foo bar' } + end - it 'creates a domain block' do - expect(DomainAllow.find_by(domain: 'foo.bar.com')).to_not be_nil + it 'returns http unprocessable entity' do + expect(response).to have_http_status(422) + end end end end -- cgit From b59ce0a60ff4f90bb16a8c3338ad37218af052b8 Mon Sep 17 00:00:00 2001 From: trwnh Date: Mon, 14 Nov 2022 01:34:07 -0600 Subject: Move V2 Filter methods under /api/v2 prefix (#20622) * Move V2 Filter methods under /api/v2 prefix * move over the tests too --- .../api/v1/filters/keywords_controller.rb | 50 -------- .../api/v1/filters/statuses_controller.rb | 44 ------- .../api/v2/filters/keywords_controller.rb | 50 ++++++++ .../api/v2/filters/statuses_controller.rb | 44 +++++++ app/javascript/mastodon/actions/filters.js | 2 +- config/routes.rb | 20 +-- .../api/v1/filters/keywords_controller_spec.rb | 142 --------------------- .../api/v1/filters/statuses_controller_spec.rb | 116 ----------------- .../api/v2/filters/keywords_controller_spec.rb | 142 +++++++++++++++++++++ .../api/v2/filters/statuses_controller_spec.rb | 116 +++++++++++++++++ 10 files changed, 363 insertions(+), 363 deletions(-) delete mode 100644 app/controllers/api/v1/filters/keywords_controller.rb delete mode 100644 app/controllers/api/v1/filters/statuses_controller.rb create mode 100644 app/controllers/api/v2/filters/keywords_controller.rb create mode 100644 app/controllers/api/v2/filters/statuses_controller.rb delete mode 100644 spec/controllers/api/v1/filters/keywords_controller_spec.rb delete mode 100644 spec/controllers/api/v1/filters/statuses_controller_spec.rb create mode 100644 spec/controllers/api/v2/filters/keywords_controller_spec.rb create mode 100644 spec/controllers/api/v2/filters/statuses_controller_spec.rb (limited to 'spec/controllers') diff --git a/app/controllers/api/v1/filters/keywords_controller.rb b/app/controllers/api/v1/filters/keywords_controller.rb deleted file mode 100644 index d3718a137..000000000 --- a/app/controllers/api/v1/filters/keywords_controller.rb +++ /dev/null @@ -1,50 +0,0 @@ -# frozen_string_literal: true - -class Api::V1::Filters::KeywordsController < Api::BaseController - before_action -> { doorkeeper_authorize! :read, :'read:filters' }, only: [:index, :show] - before_action -> { doorkeeper_authorize! :write, :'write:filters' }, except: [:index, :show] - before_action :require_user! - - before_action :set_keywords, only: :index - before_action :set_keyword, only: [:show, :update, :destroy] - - def index - render json: @keywords, each_serializer: REST::FilterKeywordSerializer - end - - def create - @keyword = current_account.custom_filters.find(params[:filter_id]).keywords.create!(resource_params) - - render json: @keyword, serializer: REST::FilterKeywordSerializer - end - - def show - render json: @keyword, serializer: REST::FilterKeywordSerializer - end - - def update - @keyword.update!(resource_params) - - render json: @keyword, serializer: REST::FilterKeywordSerializer - end - - def destroy - @keyword.destroy! - render_empty - end - - private - - def set_keywords - filter = current_account.custom_filters.includes(:keywords).find(params[:filter_id]) - @keywords = filter.keywords - end - - def set_keyword - @keyword = CustomFilterKeyword.includes(:custom_filter).where(custom_filter: { account: current_account }).find(params[:id]) - end - - def resource_params - params.permit(:keyword, :whole_word) - end -end diff --git a/app/controllers/api/v1/filters/statuses_controller.rb b/app/controllers/api/v1/filters/statuses_controller.rb deleted file mode 100644 index b6bed306f..000000000 --- a/app/controllers/api/v1/filters/statuses_controller.rb +++ /dev/null @@ -1,44 +0,0 @@ -# frozen_string_literal: true - -class Api::V1::Filters::StatusesController < Api::BaseController - before_action -> { doorkeeper_authorize! :read, :'read:filters' }, only: [:index, :show] - before_action -> { doorkeeper_authorize! :write, :'write:filters' }, except: [:index, :show] - before_action :require_user! - - before_action :set_status_filters, only: :index - before_action :set_status_filter, only: [:show, :destroy] - - def index - render json: @status_filters, each_serializer: REST::FilterStatusSerializer - end - - def create - @status_filter = current_account.custom_filters.find(params[:filter_id]).statuses.create!(resource_params) - - render json: @status_filter, serializer: REST::FilterStatusSerializer - end - - def show - render json: @status_filter, serializer: REST::FilterStatusSerializer - end - - def destroy - @status_filter.destroy! - render_empty - end - - private - - def set_status_filters - filter = current_account.custom_filters.includes(:statuses).find(params[:filter_id]) - @status_filters = filter.statuses - end - - def set_status_filter - @status_filter = CustomFilterStatus.includes(:custom_filter).where(custom_filter: { account: current_account }).find(params[:id]) - end - - def resource_params - params.permit(:status_id) - end -end diff --git a/app/controllers/api/v2/filters/keywords_controller.rb b/app/controllers/api/v2/filters/keywords_controller.rb new file mode 100644 index 000000000..c63e1d986 --- /dev/null +++ b/app/controllers/api/v2/filters/keywords_controller.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +class Api::V2::Filters::KeywordsController < Api::BaseController + before_action -> { doorkeeper_authorize! :read, :'read:filters' }, only: [:index, :show] + before_action -> { doorkeeper_authorize! :write, :'write:filters' }, except: [:index, :show] + before_action :require_user! + + before_action :set_keywords, only: :index + before_action :set_keyword, only: [:show, :update, :destroy] + + def index + render json: @keywords, each_serializer: REST::FilterKeywordSerializer + end + + def create + @keyword = current_account.custom_filters.find(params[:filter_id]).keywords.create!(resource_params) + + render json: @keyword, serializer: REST::FilterKeywordSerializer + end + + def show + render json: @keyword, serializer: REST::FilterKeywordSerializer + end + + def update + @keyword.update!(resource_params) + + render json: @keyword, serializer: REST::FilterKeywordSerializer + end + + def destroy + @keyword.destroy! + render_empty + end + + private + + def set_keywords + filter = current_account.custom_filters.includes(:keywords).find(params[:filter_id]) + @keywords = filter.keywords + end + + def set_keyword + @keyword = CustomFilterKeyword.includes(:custom_filter).where(custom_filter: { account: current_account }).find(params[:id]) + end + + def resource_params + params.permit(:keyword, :whole_word) + end +end diff --git a/app/controllers/api/v2/filters/statuses_controller.rb b/app/controllers/api/v2/filters/statuses_controller.rb new file mode 100644 index 000000000..755c14cff --- /dev/null +++ b/app/controllers/api/v2/filters/statuses_controller.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +class Api::V2::Filters::StatusesController < Api::BaseController + before_action -> { doorkeeper_authorize! :read, :'read:filters' }, only: [:index, :show] + before_action -> { doorkeeper_authorize! :write, :'write:filters' }, except: [:index, :show] + before_action :require_user! + + before_action :set_status_filters, only: :index + before_action :set_status_filter, only: [:show, :destroy] + + def index + render json: @status_filters, each_serializer: REST::FilterStatusSerializer + end + + def create + @status_filter = current_account.custom_filters.find(params[:filter_id]).statuses.create!(resource_params) + + render json: @status_filter, serializer: REST::FilterStatusSerializer + end + + def show + render json: @status_filter, serializer: REST::FilterStatusSerializer + end + + def destroy + @status_filter.destroy! + render_empty + end + + private + + def set_status_filters + filter = current_account.custom_filters.includes(:statuses).find(params[:filter_id]) + @status_filters = filter.statuses + end + + def set_status_filter + @status_filter = CustomFilterStatus.includes(:custom_filter).where(custom_filter: { account: current_account }).find(params[:id]) + end + + def resource_params + params.permit(:status_id) + end +end diff --git a/app/javascript/mastodon/actions/filters.js b/app/javascript/mastodon/actions/filters.js index 76326802e..e9c609fc8 100644 --- a/app/javascript/mastodon/actions/filters.js +++ b/app/javascript/mastodon/actions/filters.js @@ -43,7 +43,7 @@ export const fetchFilters = () => (dispatch, getState) => { export const createFilterStatus = (params, onSuccess, onFail) => (dispatch, getState) => { dispatch(createFilterStatusRequest()); - api(getState).post(`/api/v1/filters/${params.filter_id}/statuses`, params).then(response => { + api(getState).post(`/api/v2/filters/${params.filter_id}/statuses`, params).then(response => { dispatch(createFilterStatusSuccess(response.data)); if (onSuccess) onSuccess(); }).catch(error => { diff --git a/config/routes.rb b/config/routes.rb index d8af292bf..f095ff655 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -493,18 +493,10 @@ Rails.application.routes.draw do resources :bookmarks, only: [:index] resources :reports, only: [:create] resources :trends, only: [:index], controller: 'trends/tags' - resources :filters, only: [:index, :create, :show, :update, :destroy] do - resources :keywords, only: [:index, :create], controller: 'filters/keywords' - resources :statuses, only: [:index, :create], controller: 'filters/statuses' - end + resources :filters, only: [:index, :create, :show, :update, :destroy] resources :endorsements, only: [:index] resources :markers, only: [:index, :create] - namespace :filters do - resources :keywords, only: [:show, :update, :destroy] - resources :statuses, only: [:show, :destroy] - end - namespace :apps do get :verify_credentials, to: 'credentials#show' end @@ -660,8 +652,16 @@ Rails.application.routes.draw do resources :media, only: [:create] resources :suggestions, only: [:index] - resources :filters, only: [:index, :create, :show, :update, :destroy] resource :instance, only: [:show] + resources :filters, only: [:index, :create, :show, :update, :destroy] do + resources :keywords, only: [:index, :create], controller: 'filters/keywords' + resources :statuses, only: [:index, :create], controller: 'filters/statuses' + end + + namespace :filters do + resources :keywords, only: [:show, :update, :destroy] + resources :statuses, only: [:show, :destroy] + end namespace :admin do resources :accounts, only: [:index] diff --git a/spec/controllers/api/v1/filters/keywords_controller_spec.rb b/spec/controllers/api/v1/filters/keywords_controller_spec.rb deleted file mode 100644 index aecb4e41c..000000000 --- a/spec/controllers/api/v1/filters/keywords_controller_spec.rb +++ /dev/null @@ -1,142 +0,0 @@ -require 'rails_helper' - -RSpec.describe Api::V1::Filters::KeywordsController, type: :controller do - render_views - - let(:user) { Fabricate(:user) } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } - let(:filter) { Fabricate(:custom_filter, account: user.account) } - let(:other_user) { Fabricate(:user) } - let(:other_filter) { Fabricate(:custom_filter, account: other_user.account) } - - before do - allow(controller).to receive(:doorkeeper_token) { token } - end - - describe 'GET #index' do - let(:scopes) { 'read:filters' } - let!(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: filter) } - - it 'returns http success' do - get :index, params: { filter_id: filter.id } - expect(response).to have_http_status(200) - end - - context "when trying to access another's user filters" do - it 'returns http not found' do - get :index, params: { filter_id: other_filter.id } - expect(response).to have_http_status(404) - end - end - end - - describe 'POST #create' do - let(:scopes) { 'write:filters' } - let(:filter_id) { filter.id } - - before do - post :create, params: { filter_id: filter_id, keyword: 'magic', whole_word: false } - end - - it 'returns http success' do - expect(response).to have_http_status(200) - end - - it 'returns a keyword' do - json = body_as_json - expect(json[:keyword]).to eq 'magic' - expect(json[:whole_word]).to eq false - end - - it 'creates a keyword' do - filter = user.account.custom_filters.first - expect(filter).to_not be_nil - expect(filter.keywords.pluck(:keyword)).to eq ['magic'] - end - - context "when trying to add to another another's user filters" do - let(:filter_id) { other_filter.id } - - it 'returns http not found' do - expect(response).to have_http_status(404) - end - end - end - - describe 'GET #show' do - let(:scopes) { 'read:filters' } - let(:keyword) { Fabricate(:custom_filter_keyword, keyword: 'foo', whole_word: false, custom_filter: filter) } - - before do - get :show, params: { id: keyword.id } - end - - it 'returns http success' do - expect(response).to have_http_status(200) - end - - it 'returns expected data' do - json = body_as_json - expect(json[:keyword]).to eq 'foo' - expect(json[:whole_word]).to eq false - end - - context "when trying to access another user's filter keyword" do - let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: other_filter) } - - it 'returns http not found' do - expect(response).to have_http_status(404) - end - end - end - - describe 'PUT #update' do - let(:scopes) { 'write:filters' } - let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: filter) } - - before do - get :update, params: { id: keyword.id, keyword: 'updated' } - end - - it 'returns http success' do - expect(response).to have_http_status(200) - end - - it 'updates the keyword' do - expect(keyword.reload.keyword).to eq 'updated' - end - - context "when trying to update another user's filter keyword" do - let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: other_filter) } - - it 'returns http not found' do - expect(response).to have_http_status(404) - end - end - end - - describe 'DELETE #destroy' do - let(:scopes) { 'write:filters' } - let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: filter) } - - before do - delete :destroy, params: { id: keyword.id } - end - - it 'returns http success' do - expect(response).to have_http_status(200) - end - - it 'removes the filter' do - expect { keyword.reload }.to raise_error ActiveRecord::RecordNotFound - end - - context "when trying to update another user's filter keyword" do - let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: other_filter) } - - it 'returns http not found' do - expect(response).to have_http_status(404) - end - end - end -end diff --git a/spec/controllers/api/v1/filters/statuses_controller_spec.rb b/spec/controllers/api/v1/filters/statuses_controller_spec.rb deleted file mode 100644 index 3b2399dd8..000000000 --- a/spec/controllers/api/v1/filters/statuses_controller_spec.rb +++ /dev/null @@ -1,116 +0,0 @@ -require 'rails_helper' - -RSpec.describe Api::V1::Filters::StatusesController, type: :controller do - render_views - - let(:user) { Fabricate(:user) } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } - let(:filter) { Fabricate(:custom_filter, account: user.account) } - let(:other_user) { Fabricate(:user) } - let(:other_filter) { Fabricate(:custom_filter, account: other_user.account) } - - before do - allow(controller).to receive(:doorkeeper_token) { token } - end - - describe 'GET #index' do - let(:scopes) { 'read:filters' } - let!(:status_filter) { Fabricate(:custom_filter_status, custom_filter: filter) } - - it 'returns http success' do - get :index, params: { filter_id: filter.id } - expect(response).to have_http_status(200) - end - - context "when trying to access another's user filters" do - it 'returns http not found' do - get :index, params: { filter_id: other_filter.id } - expect(response).to have_http_status(404) - end - end - end - - describe 'POST #create' do - let(:scopes) { 'write:filters' } - let(:filter_id) { filter.id } - let!(:status) { Fabricate(:status) } - - before do - post :create, params: { filter_id: filter_id, status_id: status.id } - end - - it 'returns http success' do - expect(response).to have_http_status(200) - end - - it 'returns a status filter' do - json = body_as_json - expect(json[:status_id]).to eq status.id.to_s - end - - it 'creates a status filter' do - filter = user.account.custom_filters.first - expect(filter).to_not be_nil - expect(filter.statuses.pluck(:status_id)).to eq [status.id] - end - - context "when trying to add to another another's user filters" do - let(:filter_id) { other_filter.id } - - it 'returns http not found' do - expect(response).to have_http_status(404) - end - end - end - - describe 'GET #show' do - let(:scopes) { 'read:filters' } - let!(:status_filter) { Fabricate(:custom_filter_status, custom_filter: filter) } - - before do - get :show, params: { id: status_filter.id } - end - - it 'returns http success' do - expect(response).to have_http_status(200) - end - - it 'returns expected data' do - json = body_as_json - expect(json[:status_id]).to eq status_filter.status_id.to_s - end - - context "when trying to access another user's filter keyword" do - let(:status_filter) { Fabricate(:custom_filter_status, custom_filter: other_filter) } - - it 'returns http not found' do - expect(response).to have_http_status(404) - end - end - end - - describe 'DELETE #destroy' do - let(:scopes) { 'write:filters' } - let(:status_filter) { Fabricate(:custom_filter_status, custom_filter: filter) } - - before do - delete :destroy, params: { id: status_filter.id } - end - - it 'returns http success' do - expect(response).to have_http_status(200) - end - - it 'removes the filter' do - expect { status_filter.reload }.to raise_error ActiveRecord::RecordNotFound - end - - context "when trying to update another user's filter keyword" do - let(:status_filter) { Fabricate(:custom_filter_status, custom_filter: other_filter) } - - it 'returns http not found' do - expect(response).to have_http_status(404) - end - end - end -end diff --git a/spec/controllers/api/v2/filters/keywords_controller_spec.rb b/spec/controllers/api/v2/filters/keywords_controller_spec.rb new file mode 100644 index 000000000..1201a4ca2 --- /dev/null +++ b/spec/controllers/api/v2/filters/keywords_controller_spec.rb @@ -0,0 +1,142 @@ +require 'rails_helper' + +RSpec.describe Api::V2::Filters::KeywordsController, type: :controller do + render_views + + let(:user) { Fabricate(:user) } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } + let(:filter) { Fabricate(:custom_filter, account: user.account) } + let(:other_user) { Fabricate(:user) } + let(:other_filter) { Fabricate(:custom_filter, account: other_user.account) } + + before do + allow(controller).to receive(:doorkeeper_token) { token } + end + + describe 'GET #index' do + let(:scopes) { 'read:filters' } + let!(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: filter) } + + it 'returns http success' do + get :index, params: { filter_id: filter.id } + expect(response).to have_http_status(200) + end + + context "when trying to access another's user filters" do + it 'returns http not found' do + get :index, params: { filter_id: other_filter.id } + expect(response).to have_http_status(404) + end + end + end + + describe 'POST #create' do + let(:scopes) { 'write:filters' } + let(:filter_id) { filter.id } + + before do + post :create, params: { filter_id: filter_id, keyword: 'magic', whole_word: false } + end + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'returns a keyword' do + json = body_as_json + expect(json[:keyword]).to eq 'magic' + expect(json[:whole_word]).to eq false + end + + it 'creates a keyword' do + filter = user.account.custom_filters.first + expect(filter).to_not be_nil + expect(filter.keywords.pluck(:keyword)).to eq ['magic'] + end + + context "when trying to add to another another's user filters" do + let(:filter_id) { other_filter.id } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + end + + describe 'GET #show' do + let(:scopes) { 'read:filters' } + let(:keyword) { Fabricate(:custom_filter_keyword, keyword: 'foo', whole_word: false, custom_filter: filter) } + + before do + get :show, params: { id: keyword.id } + end + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'returns expected data' do + json = body_as_json + expect(json[:keyword]).to eq 'foo' + expect(json[:whole_word]).to eq false + end + + context "when trying to access another user's filter keyword" do + let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: other_filter) } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + end + + describe 'PUT #update' do + let(:scopes) { 'write:filters' } + let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: filter) } + + before do + get :update, params: { id: keyword.id, keyword: 'updated' } + end + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'updates the keyword' do + expect(keyword.reload.keyword).to eq 'updated' + end + + context "when trying to update another user's filter keyword" do + let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: other_filter) } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + end + + describe 'DELETE #destroy' do + let(:scopes) { 'write:filters' } + let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: filter) } + + before do + delete :destroy, params: { id: keyword.id } + end + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'removes the filter' do + expect { keyword.reload }.to raise_error ActiveRecord::RecordNotFound + end + + context "when trying to update another user's filter keyword" do + let(:keyword) { Fabricate(:custom_filter_keyword, custom_filter: other_filter) } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + end +end diff --git a/spec/controllers/api/v2/filters/statuses_controller_spec.rb b/spec/controllers/api/v2/filters/statuses_controller_spec.rb new file mode 100644 index 000000000..9740c1eb3 --- /dev/null +++ b/spec/controllers/api/v2/filters/statuses_controller_spec.rb @@ -0,0 +1,116 @@ +require 'rails_helper' + +RSpec.describe Api::V2::Filters::StatusesController, type: :controller do + render_views + + let(:user) { Fabricate(:user) } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } + let(:filter) { Fabricate(:custom_filter, account: user.account) } + let(:other_user) { Fabricate(:user) } + let(:other_filter) { Fabricate(:custom_filter, account: other_user.account) } + + before do + allow(controller).to receive(:doorkeeper_token) { token } + end + + describe 'GET #index' do + let(:scopes) { 'read:filters' } + let!(:status_filter) { Fabricate(:custom_filter_status, custom_filter: filter) } + + it 'returns http success' do + get :index, params: { filter_id: filter.id } + expect(response).to have_http_status(200) + end + + context "when trying to access another's user filters" do + it 'returns http not found' do + get :index, params: { filter_id: other_filter.id } + expect(response).to have_http_status(404) + end + end + end + + describe 'POST #create' do + let(:scopes) { 'write:filters' } + let(:filter_id) { filter.id } + let!(:status) { Fabricate(:status) } + + before do + post :create, params: { filter_id: filter_id, status_id: status.id } + end + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'returns a status filter' do + json = body_as_json + expect(json[:status_id]).to eq status.id.to_s + end + + it 'creates a status filter' do + filter = user.account.custom_filters.first + expect(filter).to_not be_nil + expect(filter.statuses.pluck(:status_id)).to eq [status.id] + end + + context "when trying to add to another another's user filters" do + let(:filter_id) { other_filter.id } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + end + + describe 'GET #show' do + let(:scopes) { 'read:filters' } + let!(:status_filter) { Fabricate(:custom_filter_status, custom_filter: filter) } + + before do + get :show, params: { id: status_filter.id } + end + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'returns expected data' do + json = body_as_json + expect(json[:status_id]).to eq status_filter.status_id.to_s + end + + context "when trying to access another user's filter keyword" do + let(:status_filter) { Fabricate(:custom_filter_status, custom_filter: other_filter) } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + end + + describe 'DELETE #destroy' do + let(:scopes) { 'write:filters' } + let(:status_filter) { Fabricate(:custom_filter_status, custom_filter: filter) } + + before do + delete :destroy, params: { id: status_filter.id } + end + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'removes the filter' do + expect { status_filter.reload }.to raise_error ActiveRecord::RecordNotFound + end + + context "when trying to update another user's filter keyword" do + let(:status_filter) { Fabricate(:custom_filter_status, custom_filter: other_filter) } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end + end + end +end -- cgit