CommonAPI: Refactor visibility, forbid public to private replies.

author: lain <lain@soykaf.club> 2019-05-15 16:30:08 +0200
committer: lain <lain@soykaf.club> 2019-05-15 16:30:08 +0200
commit: cbb3451023f557ece773bab20f79ac130f786d01 (patch)
tree: 1de6243216b216e6fbd32a1f0365d5e98dc4b497 /test/web/common_api
parent: 153c15cdb27a0498d00924b34764aeeab8dcbfc6 (diff)
download: pleroma-cbb3451023f557ece773bab20f79ac130f786d01.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs
index a5b07c446..8d4f401ee 100644
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -87,6 +87,28 @@ defmodule Pleroma.Web.CommonAPITest do
 
       assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
     end
+
+    test "it does not allow replies to direct messages that are not direct messages themselves" do
+      user = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
+
+      assert {:ok, _} =
+               CommonAPI.post(user, %{
+                 "status" => "suya..",
+                 "visibility" => "direct",
+                 "in_reply_to_status_id" => activity.id
+               })
+
+      Enum.each(["public", "private", "unlisted"], fn visibility ->
+        assert {:error, {:private_to_public, _}} =
+                 CommonAPI.post(user, %{
+                   "status" => "suya..",
+                   "visibility" => visibility,
+                   "in_reply_to_status_id" => activity.id
+                 })
+      end)
+    end
   end
 
   describe "reactions" do
author	lain <lain@soykaf.club>	2019-05-15 16:30:08 +0200
committer	lain <lain@soykaf.club>	2019-05-15 16:30:08 +0200
commit	cbb3451023f557ece773bab20f79ac130f786d01 (patch)
tree	1de6243216b216e6fbd32a1f0365d5e98dc4b497 /test/web/common_api
parent	153c15cdb27a0498d00924b34764aeeab8dcbfc6 (diff)
download	pleroma-cbb3451023f557ece773bab20f79ac130f786d01.tar.gz