From 061feb63ed852acb5d70e2678c9e63425e6ca71b Mon Sep 17 00:00:00 2001 From: ThibG Date: Mon, 21 Jan 2019 20:03:04 +0100 Subject: Fix scheduled toot with media immediately creating a toot (#9894) * Add test for not persisting status when attaching media to scheduled toot * Prevent status used for validation from being persisted to the database Fixes #9893 Thanks to tateisu for the help investigating this. --- spec/services/post_status_service_spec.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'spec/services') diff --git a/spec/services/post_status_service_spec.rb b/spec/services/post_status_service_spec.rb index 3774fed6f..680cebbcf 100644 --- a/spec/services/post_status_service_spec.rb +++ b/spec/services/post_status_service_spec.rb @@ -36,6 +36,20 @@ RSpec.describe PostStatusService, type: :service do expect(status.params['text']).to eq 'Hi future!' end + it 'does not immediately create a status when scheduling a status' do + account = Fabricate(:account) + media = Fabricate(:media_attachment) + future = Time.now.utc + 2.hours + + status = subject.call(account, text: 'Hi future!', media_ids: [media.id], scheduled_at: future) + + expect(status).to be_a ScheduledStatus + expect(status.scheduled_at).to eq future + expect(status.params['text']).to eq 'Hi future!' + expect(media.reload.status).to be_nil + expect(Status.where(text: 'Hi future!').exists?).to be_falsey + end + it 'creates response to the original status of boost' do boosted_status = Fabricate(:status) in_reply_to_status = Fabricate(:status, reblog: boosted_status) -- cgit From e2a5be6e9a070792fa72711c812f75bc61990052 Mon Sep 17 00:00:00 2001 From: ThibG Date: Sat, 26 Jan 2019 23:59:39 +0100 Subject: Prevent posting toots with media attachments from someone else (#9921) --- app/services/post_status_service.rb | 2 +- spec/services/post_status_service_spec.rb | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) (limited to 'spec/services') diff --git a/app/services/post_status_service.rb b/app/services/post_status_service.rb index 1f5a3f4cf..9959bb1fb 100644 --- a/app/services/post_status_service.rb +++ b/app/services/post_status_service.rb @@ -93,7 +93,7 @@ class PostStatusService < BaseService raise Mastodon::ValidationError, I18n.t('media_attachments.validations.too_many') if @options[:media_ids].size > 4 - @media = MediaAttachment.where(status_id: nil).where(id: @options[:media_ids].take(4).map(&:to_i)) + @media = @account.media_attachments.where(status_id: nil).where(id: @options[:media_ids].take(4).map(&:to_i)) raise Mastodon::ValidationError, I18n.t('media_attachments.validations.images_and_video') if @media.size > 1 && @media.find(&:video?) end diff --git a/spec/services/post_status_service_spec.rb b/spec/services/post_status_service_spec.rb index 680cebbcf..facbe977f 100644 --- a/spec/services/post_status_service_spec.rb +++ b/spec/services/post_status_service_spec.rb @@ -167,7 +167,7 @@ RSpec.describe PostStatusService, type: :service do it 'attaches the given media to the created status' do account = Fabricate(:account) - media = Fabricate(:media_attachment) + media = Fabricate(:media_attachment, account: account) status = subject.call( account, @@ -178,6 +178,19 @@ RSpec.describe PostStatusService, type: :service do expect(media.reload.status).to eq status end + it 'does not attach media from another account to the created status' do + account = Fabricate(:account) + media = Fabricate(:media_attachment, account: Fabricate(:account)) + + status = subject.call( + account, + text: "test status update", + media_ids: [media.id], + ) + + expect(media.reload.status).to eq nil + end + it 'does not allow attaching more than 4 files' do account = Fabricate(:account) -- cgit