tarrien/Mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into glitch-soc/merge-upstream

Browse Source
This commit is contained in:
Thibaut Girka
2018-12-19 12:58:49 +01:00
parent 655da1be20 af56efdec5
commit add74816a5
12 changed files with 343 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
spec/policies/account_moderation_note_policy_spec.rb Normal file
View File

@@ -0,0 +1,52 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
RSpec.describe AccountModerationNotePolicy do
let(:subject) { described_class }
let(:admin) { Fabricate(:user, admin: true).account }
let(:john) { Fabricate(:user).account }
permissions :create? do
context 'staff' do
it 'grants to create' do
expect(subject).to permit(admin, AccountModerationNotePolicy)
end
end
context 'not staff' do
it 'denies to create' do
expect(subject).to_not permit(john, AccountModerationNotePolicy)
end
end
end
permissions :destroy? do
let(:account_moderation_note) do
Fabricate(:account_moderation_note,
account: john,
target_account: Fabricate(:account))
end
context 'admin' do
it 'grants to destroy' do
expect(subject).to permit(admin, AccountModerationNotePolicy)
end
end
context 'owner' do
it 'grants to destroy' do
expect(subject).to permit(john, account_moderation_note)
end
end
context 'neither admin nor owner' do
let(:kevin) { Fabricate(:user).account }
it 'denies to destroy' do
expect(subject).to_not permit(kevin, account_moderation_note)
end
end
end
end

86
spec/policies/account_policy_spec.rb Normal file
View File

@@ -0,0 +1,86 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
RSpec.describe AccountPolicy do
let(:subject) { described_class }
let(:admin) { Fabricate(:user, admin: true).account }
let(:john) { Fabricate(:user).account }
permissions :index?, :show?, :unsuspend?, :unsilence?, :remove_avatar?, :remove_header? do
context 'staff' do
it 'permits' do
expect(subject).to permit(admin)
end
end
context 'not staff' do
it 'denies' do
expect(subject).to_not permit(john)
end
end
end
permissions :redownload?, :subscribe?, :unsubscribe? do
context 'admin' do
it 'permits' do
expect(subject).to permit(admin)
end
end
context 'not admin' do
it 'denies' do
expect(subject).to_not permit(john)
end
end
end
permissions :suspend?, :silence? do
let(:staff) { Fabricate(:user, admin: true).account }
context 'staff' do
context 'record is staff' do
it 'denies' do
expect(subject).to_not permit(admin, staff)
end
end
context 'record is not staff' do
it 'permits' do
expect(subject).to permit(admin, john)
end
end
end
context 'not staff' do
it 'denies' do
expect(subject).to_not permit(john, Account)
end
end
end
permissions :memorialize? do
let(:other_admin) { Fabricate(:user, admin: true).account }
context 'admin' do
context 'record is admin' do
it 'denies' do
expect(subject).to_not permit(admin, other_admin)
end
end
context 'record is not admin' do
it 'permits' do
expect(subject).to permit(admin, john)
end
end
end
context 'not admin' do
it 'denies' do
expect(subject).to_not permit(john, Account)
end
end
end
end

28
spec/policies/status_policy_spec.rb
View File

@@ -1,3 +1,5 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
@@ -118,4 +120,30 @@ RSpec.describe StatusPolicy, type: :model do
expect(subject).to_not permit(nil, status)
end
end
permissions :favourite? do
it 'grants access when viewer is not blocked' do
follow = Fabricate(:follow)
status.account = follow.target_account
expect(subject).to permit(follow.account, status)
end
it 'denies when viewer is blocked' do
block = Fabricate(:block)
status.account = block.target_account
expect(subject).to_not permit(block.account, status)
end
end
permissions :index?, :update? do
it 'grants access if staff' do
expect(subject).to permit(admin.account)
end
it 'denies access unless staff' do
expect(subject).to_not permit(alice)
end
end
end