From 479fc5fff8355e552c5d2297d83f4ca7456d4f03 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Mon, 27 Dec 2021 10:39:59 -0600
Subject: [PATCH] EnsureStaffPrivilegedPlug: add tests

---
 .../ensure_staff_privileged_plug_test.exs     | 60 +++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs

diff --git a/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs b/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs
new file mode 100644
index 000000000..74f4ae504
--- /dev/null
+++ b/test/pleroma/web/plugs/ensure_staff_privileged_plug_test.exs
@@ -0,0 +1,60 @@
+# Pleroma: A lightweight social networking server
+# Copyright Â© 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plugs.EnsureStaffPrivilegedPlugTest do
+  use Pleroma.Web.ConnCase, async: true
+
+  alias Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug
+  import Pleroma.Factory
+
+  test "accepts a user that is an admin" do
+    user = insert(:user, is_admin: true)
+
+    conn = assign(build_conn(), :user, user)
+
+    ret_conn = EnsureStaffPrivilegedPlug.call(conn, %{})
+
+    assert conn == ret_conn
+  end
+
+  test "accepts a user that is a moderator when :privileged_staff is enabled" do
+    clear_config([:instance, :privileged_staff], true)
+    user = insert(:user, is_moderator: true)
+
+    conn = assign(build_conn(), :user, user)
+
+    ret_conn = EnsureStaffPrivilegedPlug.call(conn, %{})
+
+    assert conn == ret_conn
+  end
+
+  test "denies a user that is a moderator when :privileged_staff is disabled" do
+    clear_config([:instance, :privileged_staff], false)
+    user = insert(:user, is_moderator: true)
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> EnsureStaffPrivilegedPlug.call(%{})
+
+    assert conn.status == 403
+  end
+
+  test "denies a user that isn't a staff member" do
+    user = insert(:user)
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> EnsureStaffPrivilegedPlug.call(%{})
+
+    assert conn.status == 403
+  end
+
+  test "denies when a user isn't set" do
+    conn = EnsureStaffPrivilegedPlug.call(build_conn(), %{})
+
+    assert conn.status == 403
+  end
+end
-- 
2.49.0