mirror of
https://framagit.org/tykayn/mastodon.git
synced 2023-08-25 08:33:12 +02:00
Add test to disallow remote users from fetching local-only toots
This commit is contained in:
parent
9d09c7cc68
commit
9f2945ef80
@ -77,6 +77,12 @@ RSpec.describe StatusPolicy, type: :model do
|
|||||||
|
|
||||||
expect(subject).to_not permit(nil, status)
|
expect(subject).to_not permit(nil, status)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'denies access when local-only and the viewer is from another domain' do
|
||||||
|
viewer = Fabricate(:account, domain: 'remote-domain')
|
||||||
|
allow(status).to receive(:local_only?) { true }
|
||||||
|
expect(subject).to_not permit(viewer, status)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
permissions :reblog? do
|
permissions :reblog? do
|
||||||
|
Loading…
Reference in New Issue
Block a user