Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Add status destroy authorization to policy (#3453)

Browse source 
* Add status destroy authorization to policy

* Create explicit unreblog status authorization
This commit is contained in:
Jack Jennings 2017-05-30 13:56:31 -07:00 committed by Eugen Rochko
parent 3576fa0d59
commit 33f669a5f8
6 changed files with 78 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

20
spec/policies/status_policy_spec.rb
View file

@ -4,7 +4,9 @@ require 'pundit/rspec'
RSpec.describe StatusPolicy, type: :model do
subject { described_class }
let(:admin) { Fabricate(:user, admin: true) }
let(:alice) { Fabricate(:account, username: 'alice') }
let(:bob) { Fabricate(:account, username: 'bob') }
let(:status) { Fabricate(:status, account: alice) }
permissions :show?, :reblog? do
@ -86,4 +88,22 @@ RSpec.describe StatusPolicy, type: :model do
expect(subject).to_not permit(viewer, status)
end
end
permissions :destroy?, :unreblog? do
it 'grants access when account is deleter' do
expect(subject).to permit(status.account, status)
end
it 'grants access when account is admin' do
expect(subject).to permit(admin.account, status)
end
it 'denies access when account is not deleter' do
expect(subject).to_not permit(bob, status)
end
it 'denies access when no deleter' do
expect(subject).to_not permit(nil, status)
end
end
end