/comments.atom: fix restricted posts being leaked.

Fix thumbnail URLs of loli/shota/banned posts being leaked in /comments.atom. Restricted posts are now entirely hidden in /comments.atom. Example: https://danbooru.donmai.us/comments.atom?search[post_id]=2.
2020-07-05 15:53:47 -05:00
parent d9b7879a4c
commit f0a573e1e5
3 changed files with 17 additions and 3 deletions
--- a/test/functional/comments_controller_test.rb
+++ b/test/functional/comments_controller_test.rb
@@ -93,9 +93,21 @@ class CommentsControllerTest < ActionDispatch::IntegrationTest
        assert_response :success
      end

-      should "render for atom feeds" do
-        get comments_path(format: "atom")
-        assert_response :success
+      context "for atom feeds" do
+        should "render" do
+          @comment = as(@user) { create(:comment, post: @post) }
+          get comments_path(format: "atom")
+          assert_response :success
+        end
+
+        should "not show comments on restricted posts" do
+          @post.update!(is_banned: true)
+          @comment = as(@user) { create(:comment, post: @post) }
+
+          get comments_path(format: "atom")
+          assert_response :success
+          assert_equal(0, response.parsed_body.css("entry").size)
+        end
      end
    end