erik/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2024-08-20 21:08:15 -07:00
Code Issues Projects Releases Wiki Activity

Add spec to ensure Account Serializer doesn't expose the permissions associated with a role

Browse source
This commit is contained in:
Emelia Smith 2024-07-27 17:26:48 +02:00
parent 3d08ea81a9
commit becc24a3b1
No known key found for this signature in database
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
spec/serializers/rest/account_serializer_spec.rb
View file

@ -25,6 +25,10 @@ describe REST::AccountSerializer do
it 'returns the expected role' do it 'returns the expected role' do
expect(subject['roles'].first).to include({ 'name' => 'Role' }) expect(subject['roles'].first).to include({ 'name' => 'Role' })
end end
it 'does not expose the roles permissions' do
expect(subject['roles'].first).to_not include({ 'permissions' => role.computed_permissions.to_s })
end
end end
context 'when the account has a non-highlighted role' do context 'when the account has a non-highlighted role' do