summaryrefslogtreecommitdiff
path: root/test/pleroma/web/common_api_test.exs
diff options
context:
space:
mode:
Diffstat (limited to 'test/pleroma/web/common_api_test.exs')
-rw-r--r--test/pleroma/web/common_api_test.exs26
1 files changed, 14 insertions, 12 deletions
diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs
index 9d52bd93e..44355c26d 100644
--- a/test/pleroma/web/common_api_test.exs
+++ b/test/pleroma/web/common_api_test.exs
@@ -4,7 +4,7 @@
defmodule Pleroma.Web.CommonAPITest do
use Oban.Testing, repo: Pleroma.Repo
- use Pleroma.DataCase
+ use Pleroma.DataCase, async: false
alias Pleroma.Activity
alias Pleroma.Chat
@@ -331,7 +331,7 @@ defmodule Pleroma.Web.CommonAPITest do
refute Activity.get_by_id(post.id)
end
- test "it does not allow a user to delete their posts" do
+ test "it does not allow a user to delete posts from another user" do
user = insert(:user)
other_user = insert(:user)
@@ -341,7 +341,8 @@ defmodule Pleroma.Web.CommonAPITest do
assert Activity.get_by_id(post.id)
end
- test "it allows moderators to delete other user's posts" do
+ test "it allows privileged users to delete other user's posts" do
+ clear_config([:instance, :moderator_privileges], [:messages_delete])
user = insert(:user)
moderator = insert(:user, is_moderator: true)
@@ -353,19 +354,20 @@ defmodule Pleroma.Web.CommonAPITest do
refute Activity.get_by_id(post.id)
end
- test "it allows admins to delete other user's posts" do
+ test "it doesn't allow unprivileged mods or admins to delete other user's posts" do
+ clear_config([:instance, :admin_privileges], [])
+ clear_config([:instance, :moderator_privileges], [])
user = insert(:user)
- moderator = insert(:user, is_admin: true)
+ moderator = insert(:user, is_moderator: true, is_admin: true)
{:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
- assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
- assert delete.local
-
- refute Activity.get_by_id(post.id)
+ assert {:error, "Could not delete"} = CommonAPI.delete(post.id, moderator)
+ assert Activity.get_by_id(post.id)
end
- test "superusers deleting non-local posts won't federate the delete" do
+ test "privileged users deleting non-local posts won't federate the delete" do
+ clear_config([:instance, :admin_privileges], [:messages_delete])
# This is the user of the ingested activity
_user =
insert(:user,
@@ -374,7 +376,7 @@ defmodule Pleroma.Web.CommonAPITest do
last_refreshed_at: NaiveDateTime.utc_now()
)
- moderator = insert(:user, is_admin: true)
+ admin = insert(:user, is_admin: true)
data =
File.read!("test/fixtures/mastodon-post-activity.json")
@@ -384,7 +386,7 @@ defmodule Pleroma.Web.CommonAPITest do
with_mock Pleroma.Web.Federator,
publish: fn _ -> nil end do
- assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+ assert {:ok, delete} = CommonAPI.delete(post.id, admin)
assert delete.local
refute called(Pleroma.Web.Federator.publish(:_))
end
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-04 23:12:07 +0000