Test that anonymous users cannot see local-only posts

Ref: fix-local-public

1 files changed, 5 insertions, 8 deletions

diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
index 6d8d5f05e..d3ba9fced 100644
--- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
@@ -1923,7 +1923,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
 
     test "other users can read local-only posts" do
       user = insert(:user)
-      %{user: reader, conn: conn} = oauth_access(["read:statuses"])
+      %{user: _reader, conn: conn} = oauth_access(["read:statuses"])
 
       {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
 
@@ -1935,18 +1935,15 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       assert received["id"] == activity.id
     end
 
-    test "other users can see local-only posts" do
+    test "anonymous users cannot see local-only posts" do
       user = insert(:user)
-      %{user: _reader, conn: conn} = oauth_access(["read:statuses"])
 
       {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
 
-      received =
-        conn
+      _received =
+        build_conn()
         |> get("/api/v1/statuses/#{activity.id}")
-        |> json_response_and_validate_schema(:ok)
-
-      assert received["id"] == activity.id
+        |> json_response_and_validate_schema(:not_found)
     end
   end