retracting on a non existant post does not raise a permissions error.

2010-11-04 12:43:26 -07:00 · 2010-11-04 12:43:26 -07:00 · b33aa9a0fb
commit b33aa9a0fb
parent 82c82b8ccc
2 changed files with 27 additions and 10 deletions
--- a/app/models/retraction.rb
+++ b/app/models/retraction.rb
@ -30,17 +30,19 @@ class Retraction

  def perform receiving_user_id
    Rails.logger.debug "Performing retraction for #{post_id}"
-    unless Post.first(:diaspora_handle => person.diaspora_handle, :id => post_id) 
-      raise "#{person.inspect} is trying to retract a post they do not own"
-    end
+    if Post.find_by_id(post_id) 
+      unless Post.first(:diaspora_handle => person.diaspora_handle, :id => post_id) 
+        raise "#{person.inspect} is trying to retract a post they do not own"
+      end

-    begin
-      Rails.logger.debug("Retracting #{self.type} id: #{self.post_id}")
-      target = self.type.constantize.first(:id => self.post_id)
-      target.unsocket_from_uid receiving_user_id if target.respond_to? :unsocket_from_uid
-      target.destroy
-    rescue NameError
-      Rails.logger.info("Retraction for unknown type recieved.")
+      begin
+        Rails.logger.debug("Retracting #{self.type} id: #{self.post_id}")
+        target = self.type.constantize.first(:id => self.post_id)
+        target.unsocket_from_uid receiving_user_id if target.respond_to? :unsocket_from_uid
+        target.delete
+      rescue NameError
+        Rails.logger.info("Retraction for unknown type recieved.")
+      end
    end
  end
 end
--- a/spec/models/user/attack_vectors_spec.rb
+++ b/spec/models/user/attack_vectors_spec.rb
@ -106,6 +106,21 @@ describe "attack vectors" do
      user.reload.raw_visible_posts.count.should be 1
    end

+    it 'should disregard retractions for a non-existant posts' do
+      original_message = user2.post :status_message, :message => 'store this!', :to => aspect2.id
+      id = original_message.reload.id
+
+      ret = Retraction.new
+      ret.post_id = original_message.id
+      ret.diaspora_handle = user3.person.diaspora_handle
+      ret.type = original_message.class.to_s
+
+      original_message.delete
+
+      StatusMessage.count.should be 0
+      proc{ user.receive_salmon(user3.salmon(ret).xml_for(user.person)) }.should_not raise_error
+    end
+
    it 'should not receive retractions where the retractor and the salmon author do not match' do
      original_message = user2.post :status_message, :message => 'store this!', :to => aspect2.id
      user.receive_salmon(user2.salmon(original_message).xml_for(user.person))