gitea/nas
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 17
nas/spec/policies/status_policy_spec.rb
KMY(雪あすか) a88349af55
Add: #8 サークル投稿の転送 (#294) 
* Add: `conversations`テーブルに`ancestor_status`プロパティ

* Fix test

* Fix test more

* Add: `limited_visibility`に`Reply`を追加、`context`のURI

* Add: 外部からの`context`受信処理

* Fix test

* Add: 公開範囲「返信」

* Fix test

* Fix: 返信に返信以外の公開範囲を設定できない問題

* Add: ローカル投稿時にメンション追加・他サーバーへの転送

* Fix test

* Fix test

* Test: ローカルスレッドへの返信投稿の転送

* Test: 未知のアカウントからのメンション

* Add: 編集・削除の連合に対応

* Remove: 重複テスト

* Fix: 改善

* Add: 編集削除の転送処理・返信なのにsilentなメンションでの通知

* Fix: リプライが第三者に届かない問題

* Add: `always_sign_unsafe`

* Add: Subject

* Remove space

* Fix: 他人のスレッドの送信先一覧を非表示

* Fix: おかしいコード
2023-11-30 09:29:24 +09:00

271 lines
8 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
RSpec.describe StatusPolicy, type: :model do
subject { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
let(:alice) { Fabricate(:account, username: 'alice') }
let(:bob) { Fabricate(:account, username: 'bob') }
let(:status) { Fabricate(:status, account: alice) }
context 'with the permissions of show? and reblog?' do
permissions :show?, :reblog? do
it 'grants access when no viewer' do
expect(subject).to permit(nil, status)
end
it 'denies access when viewer is blocked' do
block = Fabricate(:block)
status.visibility = :private
status.account = block.target_account
expect(subject).to_not permit(block.account, status)
end
end
end
context 'with the permission of show?' do
permissions :show? do
it 'grants access when direct and account is viewer' do
status.visibility = :direct
expect(subject).to permit(status.account, status)
end
it 'grants access when direct and viewer is mentioned' do
status.visibility = :direct
status.mentions = [Fabricate(:mention, account: alice)]
expect(subject).to permit(alice, status)
end
it 'grants access when direct and non-owner viewer is mentioned and mentions are loaded' do
status.visibility = :direct
status.mentions = [Fabricate(:mention, account: bob)]
status.mentions.load
expect(subject).to permit(bob, status)
end
it 'denies access when direct and viewer is not mentioned' do
viewer = Fabricate(:account)
status.visibility = :direct
expect(subject).to_not permit(viewer, status)
end
it 'grants access when limited and account is viewer' do
status.visibility = :limited
expect(subject).to permit(status.account, status)
end
it 'grants access when limited and viewer is mentioned' do
status.visibility = :limited
status.mentions = [Fabricate(:mention, account: alice)]
expect(subject).to permit(alice, status)
end
it 'grants access when limited and non-owner viewer is mentioned and mentions are loaded' do
status.visibility = :limited
status.mentions = [Fabricate(:mention, account: bob)]
status.mentions.load
expect(subject).to permit(bob, status)
end
it 'denies access when limited and viewer is not mentioned' do
viewer = Fabricate(:account)
status.visibility = :limited
expect(subject).to_not permit(viewer, status)
end
it 'grants access when private and account is viewer' do
status.visibility = :private
expect(subject).to permit(status.account, status)
end
it 'grants access when private and account is following viewer' do
follow = Fabricate(:follow)
status.visibility = :private
status.account = follow.target_account
expect(subject).to permit(follow.account, status)
end
it 'grants access when private and viewer is mentioned' do
status.visibility = :private
status.mentions = [Fabricate(:mention, account: alice)]
expect(subject).to permit(alice, status)
end
it 'denies access when private and viewer is not mentioned or followed' do
viewer = Fabricate(:account)
status.visibility = :private
expect(subject).to_not permit(viewer, status)
end
end
end
context 'with the permission of show_mentioned_users?' do
permissions :show_mentioned_users? do
it 'grants access when public and account is viewer' do
status.visibility = :public
expect(subject).to permit(status.account, status)
end
it 'grants access when public and account is not viewer' do
status.visibility = :public
expect(subject).to_not permit(bob, status)
end
it 'grants access when limited and no conversation ancestor_status and account is viewer' do
status.visibility = :limited
status.conversation = Fabricate(:conversation)
expect(subject).to permit(status.account, status)
end
it 'grants access when limited and my conversation and account is viewer' do
status.visibility = :limited
status.conversation = Fabricate(:conversation, ancestor_status: status)
expect(subject).to permit(status.account, status)
end
it 'grants access when limited and another conversation and account is viewer' do
status.visibility = :limited
status.conversation = Fabricate(:conversation, ancestor_status: Fabricate(:status, account: bob))
expect(subject).to_not permit(status.account, status)
end
it 'grants access when limited and viewer is mentioned' do
status.visibility = :limited
status.mentions = [Fabricate(:mention, account: bob)]
expect(subject).to_not permit(bob, status)
end
it 'grants access when limited and non-owner viewer is mentioned and mentions are loaded' do
status.visibility = :limited
status.mentions = [Fabricate(:mention, account: bob)]
status.mentions.load
expect(subject).to_not permit(bob, status)
end
end
end
context 'with the permission of reblog?' do
permissions :reblog? do
it 'denies access when private' do
viewer = Fabricate(:account)
status.visibility = :private
expect(subject).to_not permit(viewer, status)
end
it 'denies access when direct' do
viewer = Fabricate(:account)
status.visibility = :direct
expect(subject).to_not permit(viewer, status)
end
end
end
context 'with the permissions of destroy? and unreblog?' do
permissions :destroy?, :unreblog? do
it 'grants access when account is deleter' do
expect(subject).to permit(status.account, status)
end
it 'denies access when account is not deleter' do
expect(subject).to_not permit(bob, status)
end
it 'denies access when no deleter' do
expect(subject).to_not permit(nil, status)
end
end
end
context 'with the permission of favourite?' do
permissions :favourite? do
it 'grants access when viewer is not blocked' do
follow = Fabricate(:follow)
status.account = follow.target_account
expect(subject).to permit(follow.account, status)
end
it 'denies when viewer is blocked' do
block = Fabricate(:block)
status.account = block.target_account
expect(subject).to_not permit(block.account, status)
end
end
end
context 'with the permission of emoji_reaction?' do
permissions :emoji_reaction? do
it 'grants access when viewer is not blocked' do
follow = Fabricate(:follow)
status.account = follow.target_account
expect(subject).to permit(follow.account, status)
end
it 'denies when viewer is blocked' do
block = Fabricate(:block)
status.account = block.target_account
expect(subject).to_not permit(block.account, status)
end
end
end
context 'with the permission of quote?' do
permissions :quote? do
it 'grants access when viewer is not blocked' do
follow = Fabricate(:follow)
status.account = follow.target_account
expect(subject).to permit(follow.account, status)
end
it 'denies when viewer is blocked' do
block = Fabricate(:block)
status.account = block.target_account
expect(subject).to_not permit(block.account, status)
end
it 'denies when private visibility' do
status.visibility = :private
expect(subject).to_not permit(Fabricate(:account), status)
end
end
end
context 'with the permission of update?' do
permissions :update? do
it 'grants access if owner' do
expect(subject).to permit(status.account, status)
end
end
end
end
Reference in a new issue View git blame Copy permalink