+ setup do: oauth_access(["read:statuses"])
+
+ test "respects blocks", %{user: user_one, conn: conn} do
+ user_two = insert(:user)
+ user_three = insert(:user)
+
+ User.block(user_one, user_two)
+
+ {:ok, activity} = CommonAPI.post(user_two, %{"status" => "User one sux0rz"})
+ {:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three)
+
+ resp = get(conn, "/api/v1/accounts/#{user_two.id}/statuses")
+
+ assert [%{"id" => id}] = json_response(resp, 200)
+ assert id == activity.id
+
+ # Even a blocked user will deliver the full user timeline, there would be
+ # no point in looking at a blocked users timeline otherwise
+ resp = get(conn, "/api/v1/accounts/#{user_two.id}/statuses")
+
+ assert [%{"id" => id}] = json_response(resp, 200)
+ assert id == activity.id
+
+ # Third user's timeline includes the repeat when viewed by unauthenticated user
+ resp = get(build_conn(), "/api/v1/accounts/#{user_three.id}/statuses")
+ assert [%{"id" => id}] = json_response(resp, 200)
+ assert id == repeat.id
+
+ # When viewing a third user's timeline, the blocked users' statuses will NOT be shown
+ resp = get(conn, "/api/v1/accounts/#{user_three.id}/statuses")
+
+ assert [] = json_response(resp, 200)
+ end
+
+ test "gets users statuses", %{conn: conn} do