X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;ds=sidebyside;f=test%2Fweb%2Fadmin_api%2Fcontrollers%2Fchat_controller_test.exs;h=bd4c9c9d15d0a30f5e3474c41b9b9cac99a17d5a;hb=66e00ace7c0708f2f9361bc6e1008ccea08cb6ef;hp=bca9d440d764dfdffa2024b3b38d3f1645a6e6ef;hpb=67726453f85eb5bb51bf82e7decf23a4f1d184af;p=akkoma

diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs
index bca9d440d..bd4c9c9d1 100644
--- a/test/web/admin_api/controllers/chat_controller_test.exs
+++ b/test/web/admin_api/controllers/chat_controller_test.exs
@@ -15,7 +15,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
   alias Pleroma.Repo
   alias Pleroma.Web.CommonAPI
 
-  setup do
+  defp admin_setup do
     admin = insert(:user, is_admin: true)
     token = insert(:oauth_admin_token, user: admin)
 
@@ -28,6 +28,8 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
   end
 
   describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do
+    setup do: admin_setup()
+
     test "it deletes a message from the chat", %{conn: conn, admin: admin} do
       user = insert(:user)
       recipient = insert(:user)
@@ -38,8 +40,10 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
       object = Object.normalize(message, false)
 
       chat = Chat.get(user.id, recipient.ap_id)
+      recipient_chat = Chat.get(recipient.id, user.ap_id)
 
       cm_ref = MessageReference.for_chat_and_object(chat, object)
+      recipient_cm_ref = MessageReference.for_chat_and_object(recipient_chat, object)
 
       result =
         conn
@@ -54,11 +58,14 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
 
       assert result["id"] == cm_ref.id
       refute MessageReference.get_by_id(cm_ref.id)
+      refute MessageReference.get_by_id(recipient_cm_ref.id)
       assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id)
     end
   end
 
   describe "GET /api/pleroma/admin/chats/:id/messages" do
+    setup do: admin_setup()
+
     test "it paginates", %{conn: conn} do
       user = insert(:user)
       recipient = insert(:user)
@@ -111,6 +118,8 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
   end
 
   describe "GET /api/pleroma/admin/chats/:id" do
+    setup do: admin_setup()
+
     test "it returns a chat", %{conn: conn} do
       user = insert(:user)
       other_user = insert(:user)
@@ -123,6 +132,88 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
         |> json_response_and_validate_schema(200)
 
       assert result["id"] == to_string(chat.id)
+      assert %{} = result["sender"]
+      assert %{} = result["receiver"]
+      refute result["account"]
+    end
+  end
+
+  describe "unauthorized chat moderation" do
+    setup do
+      user = insert(:user)
+      recipient = insert(:user)
+
+      {:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo")
+      object = Object.normalize(message, false)
+      chat = Chat.get(user.id, recipient.ap_id)
+      cm_ref = MessageReference.for_chat_and_object(chat, object)
+
+      %{conn: conn} = oauth_access(["read:chats", "write:chats"])
+      %{conn: conn, chat: chat, cm_ref: cm_ref}
+    end
+
+    test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{
+      conn: conn,
+      chat: chat,
+      cm_ref: cm_ref
+    } do
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}")
+      |> json_response(403)
+
+      assert MessageReference.get_by_id(cm_ref.id) == cm_ref
+    end
+
+    test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do
+      conn
+      |> get("/api/pleroma/admin/chats/#{chat.id}/messages")
+      |> json_response(403)
+    end
+
+    test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do
+      conn
+      |> get("/api/pleroma/admin/chats/#{chat.id}")
+      |> json_response(403)
+    end
+  end
+
+  describe "unauthenticated chat moderation" do
+    setup do
+      user = insert(:user)
+      recipient = insert(:user)
+
+      {:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo")
+      object = Object.normalize(message, false)
+      chat = Chat.get(user.id, recipient.ap_id)
+      cm_ref = MessageReference.for_chat_and_object(chat, object)
+
+      %{conn: build_conn(), chat: chat, cm_ref: cm_ref}
+    end
+
+    test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{
+      conn: conn,
+      chat: chat,
+      cm_ref: cm_ref
+    } do
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}")
+      |> json_response(403)
+
+      assert MessageReference.get_by_id(cm_ref.id) == cm_ref
+    end
+
+    test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do
+      conn
+      |> get("/api/pleroma/admin/chats/#{chat.id}/messages")
+      |> json_response(403)
+    end
+
+    test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do
+      conn
+      |> get("/api/pleroma/admin/chats/#{chat.id}")
+      |> json_response(403)
     end
   end
 end