Commit 9cac7c95 authored by kaniini's avatar kaniini
Browse files

test: add testcase proving lists system does not leak non-public posts

parent 40ea07cd
......@@ -368,6 +368,30 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
assert id == to_string(
test "list timeline does not leak non-public statuses for unfollowed users", %{conn: conn} do
user = insert(:user)
other_user = insert(:user)
{:ok, activity_one} = TwitterAPI.create_status(other_user, %{"status" => "Marisa is cute."})
{:ok, activity_two} =
TwitterAPI.create_status(other_user, %{
"status" => "Marisa is cute.",
"visibility" => "private"
{:ok, list} = Pleroma.List.create("name", user)
{:ok, list} = Pleroma.List.follow(list, other_user)
conn =
|> assign(:user, user)
|> get("/api/v1/timelines/list/#{}")
assert [%{"id" => id}] = json_response(conn, 200)
assert id == to_string(
describe "notifications" do
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment