Add test to disallow remote users from fetching local-only toots

This commit is contained in:
Thibaut Girka 2018-07-31 14:57:41 +02:00 committed by ThibG
parent 9d09c7cc68
commit 9f2945ef80

View File

@ -77,6 +77,12 @@ RSpec.describe StatusPolicy, type: :model do
expect(subject).to_not permit(nil, status) expect(subject).to_not permit(nil, status)
end end
it 'denies access when local-only and the viewer is from another domain' do
viewer = Fabricate(:account, domain: 'remote-domain')
allow(status).to receive(:local_only?) { true }
expect(subject).to_not permit(viewer, status)
end
end end
permissions :reblog? do permissions :reblog? do