commit: 38af42968d7731ca4923a5130244638749f43ee3
parent c48be59f581fc6c3070a9d4cc889166b61981a6d
Author: Tusooa Zhu <tusooa@kazv.moe>
Date: Wed, 4 May 2022 22:58:17 -0400
Test that anonymous users cannot see local-only posts
Ref: fix-local-public
Diffstat:
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
@@ -1923,7 +1923,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
test "other users can read local-only posts" do
user = insert(:user)
- %{user: reader, conn: conn} = oauth_access(["read:statuses"])
+ %{user: _reader, conn: conn} = oauth_access(["read:statuses"])
{:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
@@ -1935,18 +1935,15 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
assert received["id"] == activity.id
end
- test "other users can see local-only posts" do
+ test "anonymous users cannot see local-only posts" do
user = insert(:user)
- %{user: _reader, conn: conn} = oauth_access(["read:statuses"])
{:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
- received =
- conn
+ _received =
+ build_conn()
|> get("/api/v1/statuses/#{activity.id}")
- |> json_response_and_validate_schema(:ok)
-
- assert received["id"] == activity.id
+ |> json_response_and_validate_schema(:not_found)
end
end