OpenCloud
/
mastodon
mirror of https://github.com/tootsuite/mastodon
1
1
Fork 0
Code Issues Releases Wiki Activity

Policies specs (#23924)

pull/23951/head
Matt Jankowski 2023-03-04 10:57:22 -05:00 committed by GitHub
parent 6a57c42316
commit 00eb2269b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 393 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
spec/policies/account_policy_spec.rb
View File

@ -116,4 +116,44 @@ RSpec.describe AccountPolicy do
end end
end end
end end
permissions :review? do
context 'admin' do
it 'permits' do
expect(subject).to permit(admin)
end
end
context 'not admin' do
it 'denies' do
expect(subject).to_not permit(john)
end
end
end
permissions :destroy? do
context 'admin' do
context 'with a temporarily suspended account' do
before { allow(alice).to receive(:suspended_temporarily?).and_return(true) }
it 'permits' do
expect(subject).to permit(admin, alice)
end
end
context 'with a not temporarily suspended account' do
before { allow(alice).to receive(:suspended_temporarily?).and_return(false) }
it 'denies' do
expect(subject).to_not permit(admin, alice)
end
end
end
context 'not admin' do
it 'denies' do
expect(subject).to_not permit(john, alice)
end
end
end
end end

24
spec/policies/account_warning_preset_policy_spec.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe AccountWarningPresetPolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
permissions :index?, :create?, :update?, :destroy? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
end

51
spec/policies/admin/status_policy_spec.rb Normal file
View File

@ -0,0 +1,51 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe Admin::StatusPolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
let(:status) { Fabricate(:status) }
permissions :index?, :update?, :review?, :destroy? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
permissions :show? do
context 'with an admin' do
context 'with a public visible status' do
before { allow(status).to receive(:public_visibility?).and_return(true) }
it 'permits' do
expect(policy).to permit(admin, status)
end
end
context 'with a not public visible status' do
before { allow(status).to receive(:public_visibility?).and_return(false) }
it 'denies' do
expect(policy).to_not permit(admin, status)
end
end
end
context 'with a non admin' do
it 'denies' do
expect(policy).to_not permit(john, status)
end
end
end
end

24
spec/policies/announcement_policy_spec.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe AnnouncementPolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
permissions :index?, :create?, :update?, :destroy? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
end

51
spec/policies/appeal_policy_spec.rb Normal file
View File

@ -0,0 +1,51 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe AppealPolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
let(:appeal) { Fabricate(:appeal) }
permissions :index? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
permissions :reject? do
context 'with an admin' do
context 'with a pending appeal' do
before { allow(appeal).to receive(:pending?).and_return(true) }
it 'permits' do
expect(policy).to permit(admin, appeal)
end
end
context 'with a not pending appeal' do
before { allow(appeal).to receive(:pending?).and_return(false) }
it 'denies' do
expect(policy).to_not permit(admin, appeal)
end
end
end
context 'with a non admin' do
it 'denies' do
expect(policy).to_not permit(john, appeal)
end
end
end
end

24
spec/policies/canonical_email_block_policy_spec.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe CanonicalEmailBlockPolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
permissions :index?, :show?, :test?, :create?, :destroy? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
end

24
spec/policies/delivery_policy_spec.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe DeliveryPolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
permissions :clear_delivery_errors?, :restart_delivery?, :stop_delivery? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
end

2
spec/policies/email_domain_block_policy_spec.rb
View File

@ -8,7 +8,7 @@ RSpec.describe EmailDomainBlockPolicy do
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) } let(:john) { Fabricate(:account) }
permissions :index?, :create?, :destroy? do permissions :index?, :show?, :create?, :destroy? do
context 'admin' do context 'admin' do
it 'permits' do it 'permits' do
expect(subject).to permit(admin, EmailDomainBlock) expect(subject).to permit(admin, EmailDomainBlock)

24
spec/policies/follow_recommendation_policy_spec.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe FollowRecommendationPolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
permissions :show?, :suppress?, :unsuppress? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
end

24
spec/policies/ip_block_policy_spec.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe IpBlockPolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
permissions :index?, :show?, :create?, :update?, :destroy? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
end

24
spec/policies/preview_card_policy_spec.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe PreviewCardPolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
permissions :index?, :review? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
end

24
spec/policies/preview_card_provider_policy_spec.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe PreviewCardProviderPolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
permissions :index?, :review? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
end

24
spec/policies/rule_policy_spec.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe RulePolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
permissions :index?, :create?, :update?, :destroy? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
end

2
spec/policies/settings_policy_spec.rb
View File

@ -8,7 +8,7 @@ RSpec.describe SettingsPolicy do
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) } let(:john) { Fabricate(:account) }
permissions :update?, :show? do permissions :update?, :show?, :destroy? do
context 'admin?' do context 'admin?' do
it 'permits' do it 'permits' do
expect(subject).to permit(admin, Settings) expect(subject).to permit(admin, Settings)

8
spec/policies/status_policy_spec.rb
View File

@ -39,6 +39,14 @@ RSpec.describe StatusPolicy, type: :model do
expect(subject).to permit(alice, status) expect(subject).to permit(alice, status)
end end
it 'grants access when direct and non-owner viewer is mentioned and mentions are loaded' do
status.visibility = :direct
status.mentions = [Fabricate(:mention, account: bob)]
status.mentions.load
expect(subject).to permit(bob, status)
end
it 'denies access when direct and viewer is not mentioned' do it 'denies access when direct and viewer is not mentioned' do
viewer = Fabricate(:account) viewer = Fabricate(:account)
status.visibility = :direct status.visibility = :direct

2
spec/policies/tag_policy_spec.rb
View File

@ -8,7 +8,7 @@ RSpec.describe TagPolicy do
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account } let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) } let(:john) { Fabricate(:account) }
permissions :index?, :show?, :update? do permissions :index?, :show?, :update?, :review? do
context 'staff?' do context 'staff?' do
it 'permits' do it 'permits' do
expect(subject).to permit(admin, Tag) expect(subject).to permit(admin, Tag)

24
spec/policies/webhook_policy_spec.rb Normal file
View File

@ -0,0 +1,24 @@
# frozen_string_literal: true
require 'rails_helper'
require 'pundit/rspec'
describe WebhookPolicy do
let(:policy) { described_class }
let(:admin) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
let(:john) { Fabricate(:account) }
permissions :index?, :create?, :show?, :update?, :enable?, :disable?, :rotate_secret?, :destroy? do
context 'with an admin' do
it 'permits' do
expect(policy).to permit(admin, Tag)
end
end
context 'with a non-admin' do
it 'denies' do
expect(policy).to_not permit(john, Tag)
end
end
end
end