diff options
| author | rinpatch <rinpatch@sdf.org> | 2019-12-08 11:23:31 +0000 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2019-12-08 11:23:31 +0000 |
| commit | 29a3f70cba7bed31e6777832c4d2dc5c326b70c1 (patch) | |
| tree | 08882be8111f79012af716f6d5fa78feccb187cb /test/web/mastodon_api/controllers/account_controller_test.exs | |
| parent | 6cb31edd76fd42a0e33bc365d982cd02e3578d6c (diff) | |
| parent | e8cee4d9a0ea13db8d087e42eb17939bb8b11f0b (diff) | |
| download | pleroma-29a3f70cba7bed31e6777832c4d2dc5c326b70c1.tar.gz pleroma-29a3f70cba7bed31e6777832c4d2dc5c326b70c1.zip | |
Merge branch 'bugfix/1463-blocking-in-user-tls' into 'develop'
ActivityPub: For user timelines, respects blocks.
Closes #1463
See merge request pleroma/pleroma!2041
Diffstat (limited to 'test/web/mastodon_api/controllers/account_controller_test.exs')
| -rw-r--r-- | test/web/mastodon_api/controllers/account_controller_test.exs | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index 444693404..fa08ae4df 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -144,6 +144,50 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do end describe "user timelines" do + test "respects blocks", %{conn: conn} do + user_one = insert(:user) + user_two = insert(:user) + user_three = insert(:user) + + User.block(user_one, user_two) + + {:ok, activity} = CommonAPI.post(user_two, %{"status" => "User one sux0rz"}) + {:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three) + + resp = + conn + |> get("/api/v1/accounts/#{user_two.id}/statuses") + + assert [%{"id" => id}] = json_response(resp, 200) + assert id == activity.id + + # Even a blocked user will deliver the full user timeline, there would be + # no point in looking at a blocked users timeline otherwise + resp = + conn + |> assign(:user, user_one) + |> get("/api/v1/accounts/#{user_two.id}/statuses") + + assert [%{"id" => id}] = json_response(resp, 200) + assert id == activity.id + + resp = + conn + |> get("/api/v1/accounts/#{user_three.id}/statuses") + + assert [%{"id" => id}] = json_response(resp, 200) + assert id == repeat.id + + # When viewing a third user's timeline, the blocked users will NOT be + # shown. + resp = + conn + |> assign(:user, user_one) + |> get("/api/v1/accounts/#{user_three.id}/statuses") + + assert [] = json_response(resp, 200) + end + test "gets a users statuses", %{conn: conn} do user_one = insert(:user) user_two = insert(:user) |