diff --git a/spec/controllers/statuses_controller_spec.rb b/spec/controllers/statuses_controller_spec.rb index 121e4aa6c6..e14a7f6916 100644 --- a/spec/controllers/statuses_controller_spec.rb +++ b/spec/controllers/statuses_controller_spec.rb @@ -527,213 +527,4 @@ RSpec.describe StatusesController do end end end - - describe 'GET #activity' do - let(:account) { Fabricate(:account) } - let(:status) { Fabricate(:status, account: account) } - - context 'when account is permanently suspended' do - before do - account.suspend! - account.deletion_request.destroy - - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http gone' do - expect(response).to have_http_status(410) - end - end - - context 'when account is temporarily suspended' do - before do - account.suspend! - - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http forbidden' do - expect(response).to have_http_status(403) - end - end - - context 'when status is public' do - before do - status.update(visibility: :public) - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - end - - context 'when status is private' do - before do - status.update(visibility: :private) - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http not_found' do - expect(response).to have_http_status(404) - end - end - - context 'when status is direct' do - before do - status.update(visibility: :direct) - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http not_found' do - expect(response).to have_http_status(404) - end - end - - context 'when signed-in' do - let(:user) { Fabricate(:user) } - - before do - sign_in(user) - end - - context 'when status is public' do - before do - status.update(visibility: :public) - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - end - - context 'when status is private' do - before do - status.update(visibility: :private) - end - - context 'when user is authorized to see it' do - before do - user.account.follow!(account) - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http success' do - expect(response).to have_http_status(200) - end - end - - context 'when user is not authorized to see it' do - before do - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http not_found' do - expect(response).to have_http_status(404) - end - end - end - - context 'when status is direct' do - before do - status.update(visibility: :direct) - end - - context 'when user is authorized to see it' do - before do - Fabricate(:mention, account: user.account, status: status) - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http success' do - expect(response).to have_http_status(200) - end - end - - context 'when user is not authorized to see it' do - before do - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http not_found' do - expect(response).to have_http_status(404) - end - end - end - end - - context 'with signature' do - let(:remote_account) { Fabricate(:account, domain: 'example.com') } - - before do - allow(controller).to receive(:signed_request_actor).and_return(remote_account) - end - - context 'when status is public' do - before do - status.update(visibility: :public) - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - end - - context 'when status is private' do - before do - status.update(visibility: :private) - end - - context 'when user is authorized to see it' do - before do - remote_account.follow!(account) - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http success' do - expect(response).to have_http_status(200) - end - end - - context 'when user is not authorized to see it' do - before do - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http not_found' do - expect(response).to have_http_status(404) - end - end - end - - context 'when status is direct' do - before do - status.update(visibility: :direct) - end - - context 'when user is authorized to see it' do - before do - Fabricate(:mention, account: remote_account, status: status) - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http success' do - expect(response).to have_http_status(200) - end - end - - context 'when user is not authorized to see it' do - before do - get :activity, params: { account_username: account.username, id: status.id } - end - - it 'returns http not_found' do - expect(response).to have_http_status(404) - end - end - end - end - end end diff --git a/spec/requests/statuses/activity_spec.rb b/spec/requests/statuses/activity_spec.rb new file mode 100644 index 0000000000..20837a63a6 --- /dev/null +++ b/spec/requests/statuses/activity_spec.rb @@ -0,0 +1,218 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe 'Status Activity' do + describe 'GET /users/:account_username/statuses/:id/activity' do + let(:account) { Fabricate(:account) } + let(:status) { Fabricate(:status, account: account) } + + context 'when signed out' do + subject { get activity_account_status_path(account.username, status) } + + context 'when account is permanently suspended' do + before do + account.suspend! + account.deletion_request.destroy + end + + it 'returns http gone' do + subject + + expect(response) + .to have_http_status(410) + end + end + + context 'when account is temporarily suspended' do + before { account.suspend! } + + it 'returns http forbidden' do + subject + + expect(response) + .to have_http_status(403) + end + end + + context 'when status is public' do + before { status.update(visibility: :public) } + + it 'returns http success' do + subject + + expect(response) + .to have_http_status(:success) + expect(response.content_type) + .to start_with('application/activity+json') + end + end + + context 'when status is private' do + before { status.update(visibility: :private) } + + it 'returns http not_found' do + subject + + expect(response) + .to have_http_status(404) + end + end + + context 'when status is direct' do + before { status.update(visibility: :direct) } + + it 'returns http not_found' do + subject + + expect(response) + .to have_http_status(404) + end + end + end + + context 'when signed in' do + subject { get activity_account_status_path(account.username, status) } + + let(:user) { Fabricate(:user) } + + before { sign_in(user) } + + context 'when status is public' do + before { status.update(visibility: :public) } + + it 'returns http success' do + subject + + expect(response) + .to have_http_status(:success) + expect(response.content_type) + .to start_with('application/activity+json') + end + end + + context 'when status is private' do + before { status.update(visibility: :private) } + + context 'when user is authorized to see it' do + before { user.account.follow!(account) } + + it 'returns http success' do + subject + + expect(response) + .to have_http_status(200) + expect(response.content_type) + .to start_with('application/activity+json') + end + end + + context 'when user is not authorized to see it' do + it 'returns http not_found' do + subject + + expect(response) + .to have_http_status(404) + end + end + end + + context 'when status is direct' do + before { status.update(visibility: :direct) } + + context 'when user is authorized to see it' do + before { Fabricate(:mention, account: user.account, status: status) } + + it 'returns http success' do + subject + + expect(response) + .to have_http_status(200) + expect(response.content_type) + .to start_with('application/activity+json') + end + end + + context 'when user is not authorized to see it' do + it 'returns http not_found' do + subject + + expect(response) + .to have_http_status(404) + end + end + end + end + + context 'with signature' do + subject { get activity_account_status_path(account.username, status), headers: nil, sign_with: remote_account } + + let(:remote_account) { Fabricate(:account, domain: 'example.com') } + + context 'when status is public' do + before { status.update(visibility: :public) } + + it 'returns http success' do + subject + + expect(response) + .to have_http_status(:success) + expect(response.content_type) + .to start_with('application/activity+json') + end + end + + context 'when status is private' do + before { status.update(visibility: :private) } + + context 'when user is authorized to see it' do + before { remote_account.follow!(account) } + + it 'returns http success' do + subject + + expect(response) + .to have_http_status(200) + expect(response.content_type) + .to start_with('application/activity+json') + end + end + + context 'when user is not authorized to see it' do + it 'returns http not_found' do + subject + + expect(response) + .to have_http_status(404) + end + end + end + + context 'when status is direct' do + before { status.update(visibility: :direct) } + + context 'when user is authorized to see it' do + before { Fabricate(:mention, account: remote_account, status: status) } + + it 'returns http success' do + subject + + expect(response) + .to have_http_status(200) + expect(response.content_type) + .to start_with('application/activity+json') + end + end + + context 'when user is not authorized to see it' do + it 'returns http not_found' do + subject + + expect(response) + .to have_http_status(404) + end + end + end + end + end +end