X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fweb%2Fmastodon_api%2Fcontrollers%2Fstatus_controller_test.exs;h=cd9ca4973e6b97f8c85cec22bc56f8e3565bb2aa;hb=b87b798ca1660224a3192c32b035c19b18e11587;hp=f36552041af93f2ab955277319d9448858da68b5;hpb=3c2c32b460c2d942d085725d14e77a96c4a01e4c;p=akkoma

diff --git a/test/web/mastodon_api/controllers/status_controller_test.exs b/test/web/mastodon_api/controllers/status_controller_test.exs
index f36552041..cd9ca4973 100644
--- a/test/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/web/mastodon_api/controllers/status_controller_test.exs
@@ -19,9 +19,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
 
   import Pleroma.Factory
 
-  clear_config([:instance, :federating])
-  clear_config([:instance, :allow_relay])
-  clear_config([:rich_media, :enabled])
+  setup do: clear_config([:instance, :federating])
+  setup do: clear_config([:instance, :allow_relay])
+  setup do: clear_config([:rich_media, :enabled])
 
   describe "posting statuses" do
     setup do: oauth_access(["write:statuses"])
@@ -476,6 +476,95 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
     assert id == to_string(activity.id)
   end
 
+  defp local_and_remote_activities do
+    local = insert(:note_activity)
+    remote = insert(:note_activity, local: false)
+    {:ok, local: local, remote: remote}
+  end
+
+  describe "status with restrict unauthenticated activities for local and remote" do
+    setup do: local_and_remote_activities()
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
+
+    test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
+      res_conn = get(conn, "/api/v1/statuses/#{local.id}")
+
+      assert json_response(res_conn, :not_found) == %{
+               "error" => "Record not found"
+             }
+
+      res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
+
+      assert json_response(res_conn, :not_found) == %{
+               "error" => "Record not found"
+             }
+    end
+
+    test "if user is authenticated", %{local: local, remote: remote} do
+      %{conn: conn} = oauth_access(["read"])
+      res_conn = get(conn, "/api/v1/statuses/#{local.id}")
+      assert %{"id" => _} = json_response(res_conn, 200)
+
+      res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
+      assert %{"id" => _} = json_response(res_conn, 200)
+    end
+  end
+
+  describe "status with restrict unauthenticated activities for local" do
+    setup do: local_and_remote_activities()
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
+
+    test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
+      res_conn = get(conn, "/api/v1/statuses/#{local.id}")
+
+      assert json_response(res_conn, :not_found) == %{
+               "error" => "Record not found"
+             }
+
+      res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
+      assert %{"id" => _} = json_response(res_conn, 200)
+    end
+
+    test "if user is authenticated", %{local: local, remote: remote} do
+      %{conn: conn} = oauth_access(["read"])
+      res_conn = get(conn, "/api/v1/statuses/#{local.id}")
+      assert %{"id" => _} = json_response(res_conn, 200)
+
+      res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
+      assert %{"id" => _} = json_response(res_conn, 200)
+    end
+  end
+
+  describe "status with restrict unauthenticated activities for remote" do
+    setup do: local_and_remote_activities()
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
+
+    test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
+      res_conn = get(conn, "/api/v1/statuses/#{local.id}")
+      assert %{"id" => _} = json_response(res_conn, 200)
+
+      res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
+
+      assert json_response(res_conn, :not_found) == %{
+               "error" => "Record not found"
+             }
+    end
+
+    test "if user is authenticated", %{local: local, remote: remote} do
+      %{conn: conn} = oauth_access(["read"])
+      res_conn = get(conn, "/api/v1/statuses/#{local.id}")
+      assert %{"id" => _} = json_response(res_conn, 200)
+
+      res_conn = get(conn, "/api/v1/statuses/#{remote.id}")
+      assert %{"id" => _} = json_response(res_conn, 200)
+    end
+  end
+
   test "getting a status that doesn't exist returns 404" do
     %{conn: conn} = oauth_access(["read:statuses"])
     activity = insert(:note_activity)
@@ -514,6 +603,70 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
     assert [%{"id" => ^id1}, %{"id" => ^id2}] = Enum.sort_by(json_response(conn, :ok), & &1["id"])
   end
 
+  describe "getting statuses by ids with restricted unauthenticated for local and remote" do
+    setup do: local_and_remote_activities()
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
+
+    test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
+      res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
+
+      assert json_response(res_conn, 200) == []
+    end
+
+    test "if user is authenticated", %{local: local, remote: remote} do
+      %{conn: conn} = oauth_access(["read"])
+
+      res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
+
+      assert length(json_response(res_conn, 200)) == 2
+    end
+  end
+
+  describe "getting statuses by ids with restricted unauthenticated for local" do
+    setup do: local_and_remote_activities()
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
+
+    test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
+      res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
+
+      remote_id = remote.id
+      assert [%{"id" => ^remote_id}] = json_response(res_conn, 200)
+    end
+
+    test "if user is authenticated", %{local: local, remote: remote} do
+      %{conn: conn} = oauth_access(["read"])
+
+      res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
+
+      assert length(json_response(res_conn, 200)) == 2
+    end
+  end
+
+  describe "getting statuses by ids with restricted unauthenticated for remote" do
+    setup do: local_and_remote_activities()
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
+
+    test "if user is unauthenticated", %{conn: conn, local: local, remote: remote} do
+      res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
+
+      local_id = local.id
+      assert [%{"id" => ^local_id}] = json_response(res_conn, 200)
+    end
+
+    test "if user is authenticated", %{local: local, remote: remote} do
+      %{conn: conn} = oauth_access(["read"])
+
+      res_conn = get(conn, "/api/v1/statuses", %{ids: [local.id, remote.id]})
+
+      assert length(json_response(res_conn, 200)) == 2
+    end
+  end
+
   describe "deleting a status" do
     test "when you created it" do
       %{user: author, conn: conn} = oauth_access(["write:statuses"])
@@ -743,9 +896,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       %{activity: activity}
     end
 
-    clear_config([:instance, :max_pinned_statuses]) do
-      Config.put([:instance, :max_pinned_statuses], 1)
-    end
+    setup do: clear_config([:instance, :max_pinned_statuses], 1)
 
     test "pin status", %{conn: conn, user: user, activity: activity} do
       id_str = to_string(activity.id)