From 38af42968d7731ca4923a5130244638749f43ee3 Mon Sep 17 00:00:00 2001
From: Tusooa Zhu <tusooa@kazv.moe>
Date: Wed, 4 May 2022 22:58:17 -0400
Subject: [PATCH] Test that anonymous users cannot see local-only posts

Ref: fix-local-public
---
 .../controllers/status_controller_test.exs          | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
index 6d8d5f05e..d3ba9fced 100644
--- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
@@ -1923,7 +1923,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
 
     test "other users can read local-only posts" do
       user = insert(:user)
-      %{user: reader, conn: conn} = oauth_access(["read:statuses"])
+      %{user: _reader, conn: conn} = oauth_access(["read:statuses"])
 
       {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
 
@@ -1935,18 +1935,15 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       assert received["id"] == activity.id
     end
 
-    test "other users can see local-only posts" do
+    test "anonymous users cannot see local-only posts" do
       user = insert(:user)
-      %{user: _reader, conn: conn} = oauth_access(["read:statuses"])
 
       {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU", visibility: "local"})
 
-      received =
-        conn
+      _received =
+        build_conn()
         |> get("/api/v1/statuses/#{activity.id}")
-        |> json_response_and_validate_schema(:ok)
-
-      assert received["id"] == activity.id
+        |> json_response_and_validate_schema(:not_found)
     end
   end