retracting on a non existant post does not raise a permissions error.

b33aa9a0 · danielvincent · 82c82b8c · b33aa9a0 · b33aa9a0
--- a/app/models/retraction.rb
+++ b/app/models/retraction.rb
@@ -30,17 +30,19 @@ class Retraction
  def perform receiving_user_id
    Rails.logger.debug "Performing retraction for #{post_id}"
-    unless Post.first(:diaspora_handle => person.diaspora_handle, :id => post_id) 
+    if Post.find_by_id(post_id) 
-      raise "#{person.inspect} is trying to retract a post they do not own"
+      unless Post.first(:diaspora_handle => person.diaspora_handle, :id => post_id) 
-    end
+        raise "#{person.inspect} is trying to retract a post they do not own"
+      end
-    begin
+      begin
-      Rails.logger.debug("Retracting #{self.type} id: #{self.post_id}")
+        Rails.logger.debug("Retracting #{self.type} id: #{self.post_id}")
-      target = self.type.constantize.first(:id => self.post_id)
+        target = self.type.constantize.first(:id => self.post_id)
-      target.unsocket_from_uid receiving_user_id if target.respond_to? :unsocket_from_uid
+        target.unsocket_from_uid receiving_user_id if target.respond_to? :unsocket_from_uid
-      target.destroy
+        target.delete
-    rescue NameError
+      rescue NameError
-      Rails.logger.info("Retraction for unknown type recieved.")
+        Rails.logger.info("Retraction for unknown type recieved.")
+      end
    end
  end
 end
--- a/spec/models/user/attack_vectors_spec.rb
+++ b/spec/models/user/attack_vectors_spec.rb
@@ -106,6 +106,21 @@ describe "attack vectors" do
      user.reload.raw_visible_posts.count.should be 1
    end
+    it 'should disregard retractions for a non-existant posts' do
+      original_message = user2.post :status_message, :message => 'store this!', :to => aspect2.id
+      id = original_message.reload.id
+      ret = Retraction.new
+      ret.post_id = original_message.id
+      ret.diaspora_handle = user3.person.diaspora_handle
+      ret.type = original_message.class.to_s
+      original_message.delete
+      StatusMessage.count.should be 0
+      proc{ user.receive_salmon(user3.salmon(ret).xml_for(user.person)) }.should_not raise_error
+    end
    it 'should not receive retractions where the retractor and the salmon author do not match' do
      original_message = user2.post :status_message, :message => 'store this!', :to => aspect2.id
      user.receive_salmon(user2.salmon(original_message).xml_for(user.person))