From cbb3451023f557ece773bab20f79ac130f786d01 Mon Sep 17 00:00:00 2001
From: lain <lain@soykaf.club>
Date: Wed, 15 May 2019 16:30:08 +0200
Subject: CommonAPI: Refactor visibility, forbid public to private replies.

---
 test/web/common_api/common_api_test.exs | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'test/web/common_api/common_api_test.exs')

diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs
index a5b07c446..8d4f401ee 100644
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -87,6 +87,28 @@ defmodule Pleroma.Web.CommonAPITest do
 
       assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
     end
+
+    test "it does not allow replies to direct messages that are not direct messages themselves" do
+      user = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
+
+      assert {:ok, _} =
+               CommonAPI.post(user, %{
+                 "status" => "suya..",
+                 "visibility" => "direct",
+                 "in_reply_to_status_id" => activity.id
+               })
+
+      Enum.each(["public", "private", "unlisted"], fn visibility ->
+        assert {:error, {:private_to_public, _}} =
+                 CommonAPI.post(user, %{
+                   "status" => "suya..",
+                   "visibility" => visibility,
+                   "in_reply_to_status_id" => activity.id
+                 })
+      end)
+    end
   end
 
   describe "reactions" do
-- 
cgit v1.2.3