Fix not being able to unfavorite toots one has lost access to (#15192)

Fixes #15191
main
ThibG 2020-11-21 06:18:09 +01:00 committed by GitHub
parent 8b8004a962
commit c43f4cd3bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 2 deletions

View File

@ -5,7 +5,7 @@ class Api::V1::Statuses::FavouritesController < Api::BaseController
before_action -> { doorkeeper_authorize! :write, :'write:favourites' }
before_action :require_user!
before_action :set_status
before_action :set_status, only: [:create]
def create
FavouriteService.new.call(current_account, @status)
@ -13,8 +13,19 @@ class Api::V1::Statuses::FavouritesController < Api::BaseController
end
def destroy
UnfavouriteWorker.perform_async(current_account.id, @status.id)
fav = current_account.favourites.find_by(status_id: params[:status_id])
if fav
@status = fav.status
UnfavouriteWorker.perform_async(current_account.id, @status.id)
else
@status = Status.find(params[:status_id])
authorize @status, :show?
end
render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, favourites_map: { @status.id => false })
rescue Mastodon::NotPermittedError
not_found
end
private

View File

@ -82,6 +82,31 @@ describe Api::V1::Statuses::FavouritesController do
end
end
context 'with public status when blocked by its author' do
let(:status) { Fabricate(:status) }
before do
FavouriteService.new.call(user.account, status)
status.account.block!(user.account)
post :destroy, params: { status_id: status.id }
end
it 'returns http success' do
expect(response).to have_http_status(200)
end
it 'updates the favourite attribute' do
expect(user.account.favourited?(status)).to be false
end
it 'returns json with updated attributes' do
hash_body = body_as_json
expect(hash_body[:id]).to eq status.id.to_s
expect(hash_body[:favourited]).to be false
end
end
context 'with private status that was not favourited' do
let(:status) { Fabricate(:status, visibility: :private) }