Test that anonymous users cannot see local-only posts

Ref: fix-local-public
This commit is contained in:
Tusooa Zhu 2022-05-04 22:58:17 -04:00
parent c48be59f58
commit 38af42968d
No known key found for this signature in database
GPG Key ID: 7B467EDE43A08224

View File

@ -1923,7 +1923,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
test "other users can read local-only posts" do test "other users can read local-only posts" do
user = insert(:user) user = insert(:user)
%{user: reader, conn: conn} = oauth_access(["read:statuses"]) %{user: _reader, conn: conn} = oauth_access(["read:statuses"])
{:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"}) {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
@ -1935,18 +1935,15 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
assert received["id"] == activity.id assert received["id"] == activity.id
end end
test "other users can see local-only posts" do test "anonymous users cannot see local-only posts" do
user = insert(:user) user = insert(:user)
%{user: _reader, conn: conn} = oauth_access(["read:statuses"])
{:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"}) {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
received = _received =
conn build_conn()
|> get("/api/v1/statuses/#{activity.id}") |> get("/api/v1/statuses/#{activity.id}")
|> json_response_and_validate_schema(:ok) |> json_response_and_validate_schema(:not_found)
assert received["id"] == activity.id
end end
end end