aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilliam Pitcock <nenolod@dereferenced.org>2018-08-29 08:50:23 +0000
committerWilliam Pitcock <nenolod@dereferenced.org>2018-08-29 08:50:23 +0000
commit9cac7c957c678802f08374e2d203be531b4af6d5 (patch)
tree6bb4d7977a3e7d99edd256cdfaff3ed2905ceed7
parent40ea07cd2fff2477055499edbb439df18c4c1aef (diff)
downloadpleroma-9cac7c957c678802f08374e2d203be531b4af6d5.tar.gz
test: add testcase proving lists system does not leak non-public posts
Diffstat
-rw-r--r--test/web/mastodon_api/mastodon_api_controller_test.exs24
1 files changed, 24 insertions, 0 deletions
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 9e33c1d04..d4ff16c68 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -368,6 +368,30 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
assert id == to_string(activity_two.id)
end
+
+ test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do
+ user = insert(:user)
+ other_user = insert(:user)
+ {:ok, activity_one} = TwitterAPI.create_status(other_user, %{"status" => "Marisa is cute."})
+
+ {:ok, activity_two} =
+ TwitterAPI.create_status(other_user, %{
+ "status" => "Marisa is cute.",
+ "visibility" => "private"
+ })
+
+ {:ok, list} = Pleroma.List.create("name", user)
+ {:ok, list} = Pleroma.List.follow(list, other_user)
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> get("/api/v1/timelines/list/#{list.id}")
+
+ assert [%{"id" => id}] = json_response(conn, 200)
+
+ assert id == to_string(activity_one.id)
+ end
end
describe "notifications" do
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-25 13:20:30 +0000