end
end
+ describe "GET /api/pleroma/admin/users/:nickname/chats unauthorized" do
+ setup do
+ user = insert(:user)
+ insert(:chat, user: user)
+ %{conn: conn} = oauth_access(["read:chats"])
+ %{conn: conn, user: user}
+ end
+
+ test "returns 403", %{conn: conn, user: user} do
+ conn
+ |> get("/api/pleroma/admin/users/#{user.nickname}/chats")
+ |> json_response(403)
+ end
+ end
+
+ describe "GET /api/pleroma/admin/users/:nickname/chats unauthenticated" do
+ setup do
+ user = insert(:user)
+ insert(:chat, user: user)
+ %{conn: build_conn(), user: user}
+ end
+
+ test "returns 403", %{conn: conn, user: user} do
+ conn
+ |> get("/api/pleroma/admin/users/#{user.nickname}/chats")
+ |> json_response(403)
+ end
+ end
+
describe "GET /api/pleroma/admin/moderation_log" do
setup do
moderator = insert(:user, is_moderator: true)
alias Pleroma.Repo
alias Pleroma.Web.CommonAPI
- setup do
+ defp admin_setup do
admin = insert(:user, is_admin: true)
token = insert(:oauth_admin_token, user: admin)
end
describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do
+ setup do: admin_setup()
+
test "it deletes a message from the chat", %{conn: conn, admin: admin} do
user = insert(:user)
recipient = insert(:user)
end
describe "GET /api/pleroma/admin/chats/:id/messages" do
+ setup do: admin_setup()
+
test "it paginates", %{conn: conn} do
user = insert(:user)
recipient = insert(:user)
end
describe "GET /api/pleroma/admin/chats/:id" do
+ setup do: admin_setup()
+
test "it returns a chat", %{conn: conn} do
user = insert(:user)
other_user = insert(:user)
refute result["account"]
end
end
+
+ describe "unauthorized chat moderation" do
+ setup do
+ user = insert(:user)
+ recipient = insert(:user)
+
+ {:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo")
+ object = Object.normalize(message, false)
+ chat = Chat.get(user.id, recipient.ap_id)
+ cm_ref = MessageReference.for_chat_and_object(chat, object)
+
+ %{conn: conn} = oauth_access(["read:chats", "write:chats"])
+ %{conn: conn, chat: chat, cm_ref: cm_ref}
+ end
+
+ test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do
+ conn
+ |> put_req_header("content-type", "application/json")
+ |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}")
+ |> json_response(403)
+
+ assert MessageReference.get_by_id(cm_ref.id) == cm_ref
+ end
+
+ test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do
+ conn
+ |> get("/api/pleroma/admin/chats/#{chat.id}/messages")
+ |> json_response(403)
+ end
+
+ test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do
+ conn
+ |> get("/api/pleroma/admin/chats/#{chat.id}")
+ |> json_response(403)
+ end
+ end
+
+ describe "unauthenticated chat moderation" do
+ setup do
+ user = insert(:user)
+ recipient = insert(:user)
+
+ {:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo")
+ object = Object.normalize(message, false)
+ chat = Chat.get(user.id, recipient.ap_id)
+ cm_ref = MessageReference.for_chat_and_object(chat, object)
+
+ %{conn: build_conn(), chat: chat, cm_ref: cm_ref}
+ end
+
+ test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do
+ conn
+ |> put_req_header("content-type", "application/json")
+ |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}")
+ |> json_response(403)
+
+ assert MessageReference.get_by_id(cm_ref.id) == cm_ref
+ end
+
+ test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do
+ conn
+ |> get("/api/pleroma/admin/chats/#{chat.id}/messages")
+ |> json_response(403)
+ end
+
+ test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do
+ conn
+ |> get("/api/pleroma/admin/chats/#{chat.id}")
+ |> json_response(403)
+ end
+ end
+
end
projects / akkoma / commitdiff