Prevent posting toots with media attachments from someone else (#9921)
This commit is contained in:
parent
9519d55332
commit
e2a5be6e9a
|
@ -93,7 +93,7 @@ class PostStatusService < BaseService
|
||||||
|
|
||||||
raise Mastodon::ValidationError, I18n.t('media_attachments.validations.too_many') if @options[:media_ids].size > 4
|
raise Mastodon::ValidationError, I18n.t('media_attachments.validations.too_many') if @options[:media_ids].size > 4
|
||||||
|
|
||||||
@media = MediaAttachment.where(status_id: nil).where(id: @options[:media_ids].take(4).map(&:to_i))
|
@media = @account.media_attachments.where(status_id: nil).where(id: @options[:media_ids].take(4).map(&:to_i))
|
||||||
|
|
||||||
raise Mastodon::ValidationError, I18n.t('media_attachments.validations.images_and_video') if @media.size > 1 && @media.find(&:video?)
|
raise Mastodon::ValidationError, I18n.t('media_attachments.validations.images_and_video') if @media.size > 1 && @media.find(&:video?)
|
||||||
end
|
end
|
||||||
|
|
|
@ -167,7 +167,7 @@ RSpec.describe PostStatusService, type: :service do
|
||||||
|
|
||||||
it 'attaches the given media to the created status' do
|
it 'attaches the given media to the created status' do
|
||||||
account = Fabricate(:account)
|
account = Fabricate(:account)
|
||||||
media = Fabricate(:media_attachment)
|
media = Fabricate(:media_attachment, account: account)
|
||||||
|
|
||||||
status = subject.call(
|
status = subject.call(
|
||||||
account,
|
account,
|
||||||
|
@ -178,6 +178,19 @@ RSpec.describe PostStatusService, type: :service do
|
||||||
expect(media.reload.status).to eq status
|
expect(media.reload.status).to eq status
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'does not attach media from another account to the created status' do
|
||||||
|
account = Fabricate(:account)
|
||||||
|
media = Fabricate(:media_attachment, account: Fabricate(:account))
|
||||||
|
|
||||||
|
status = subject.call(
|
||||||
|
account,
|
||||||
|
text: "test status update",
|
||||||
|
media_ids: [media.id],
|
||||||
|
)
|
||||||
|
|
||||||
|
expect(media.reload.status).to eq nil
|
||||||
|
end
|
||||||
|
|
||||||
it 'does not allow attaching more than 4 files' do
|
it 'does not allow attaching more than 4 files' do
|
||||||
account = Fabricate(:account)
|
account = Fabricate(:account)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue