retracting on a non existant post does not raise a permissions error.
This commit is contained in:
danielvincent
parent
82c82b8ccc
commit
b33aa9a0fb
2 changed files with 27 additions and 10 deletions
|
|
@ -30,17 +30,19 @@ class Retraction
|
||||||
|
|
||||||
def perform receiving_user_id
|
def perform receiving_user_id
|
||||||
Rails.logger.debug "Performing retraction for #{post_id}"
|
Rails.logger.debug "Performing retraction for #{post_id}"
|
||||||
unless Post.first(:diaspora_handle => person.diaspora_handle, :id => post_id)
|
if Post.find_by_id(post_id)
|
||||||
raise "#{person.inspect} is trying to retract a post they do not own"
|
unless Post.first(:diaspora_handle => person.diaspora_handle, :id => post_id)
|
||||||
end
|
raise "#{person.inspect} is trying to retract a post they do not own"
|
||||||
|
end
|
||||||
|
|
||||||
begin
|
begin
|
||||||
Rails.logger.debug("Retracting #{self.type} id: #{self.post_id}")
|
Rails.logger.debug("Retracting #{self.type} id: #{self.post_id}")
|
||||||
target = self.type.constantize.first(:id => self.post_id)
|
target = self.type.constantize.first(:id => self.post_id)
|
||||||
target.unsocket_from_uid receiving_user_id if target.respond_to? :unsocket_from_uid
|
target.unsocket_from_uid receiving_user_id if target.respond_to? :unsocket_from_uid
|
||||||
target.destroy
|
target.delete
|
||||||
rescue NameError
|
rescue NameError
|
||||||
Rails.logger.info("Retraction for unknown type recieved.")
|
Rails.logger.info("Retraction for unknown type recieved.")
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -106,6 +106,21 @@ describe "attack vectors" do
|
||||||
user.reload.raw_visible_posts.count.should be 1
|
user.reload.raw_visible_posts.count.should be 1
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'should disregard retractions for a non-existant posts' do
|
||||||
|
original_message = user2.post :status_message, :message => 'store this!', :to => aspect2.id
|
||||||
|
id = original_message.reload.id
|
||||||
|
|
||||||
|
ret = Retraction.new
|
||||||
|
ret.post_id = original_message.id
|
||||||
|
ret.diaspora_handle = user3.person.diaspora_handle
|
||||||
|
ret.type = original_message.class.to_s
|
||||||
|
|
||||||
|
original_message.delete
|
||||||
|
|
||||||
|
StatusMessage.count.should be 0
|
||||||
|
proc{ user.receive_salmon(user3.salmon(ret).xml_for(user.person)) }.should_not raise_error
|
||||||
|
end
|
||||||
|
|
||||||
it 'should not receive retractions where the retractor and the salmon author do not match' do
|
it 'should not receive retractions where the retractor and the salmon author do not match' do
|
||||||
original_message = user2.post :status_message, :message => 'store this!', :to => aspect2.id
|
original_message = user2.post :status_message, :message => 'store this!', :to => aspect2.id
|
||||||
user.receive_salmon(user2.salmon(original_message).xml_for(user.person))
|
user.receive_salmon(user2.salmon(original_message).xml_for(user.person))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue