From f5d54ff6f8bf31935e298d67ee0179bebc9d90b0 Mon Sep 17 00:00:00 2001
From: zhitomirskiyi <ilya@joindiaspora.com>
Date: Thu, 28 Oct 2010 17:02:55 -0700
Subject: [PATCH] another silly malicious friend spec

---
 spec/models/user/attack_vectors_spec.rb | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/spec/models/user/attack_vectors_spec.rb b/spec/models/user/attack_vectors_spec.rb
index db5c613a21..f4ba9a1040 100644
--- a/spec/models/user/attack_vectors_spec.rb
+++ b/spec/models/user/attack_vectors_spec.rb
@@ -79,5 +79,21 @@ describe "attack vectors" do
       user2.reload
       user2.profile.first_name.should == first_name
     end
+
+    it 'can send retractions on post you do not own' do
+      pending
+      original_message = user2.post :status_message, :message => 'store this!', :to => aspect2.id
+      user.receive_salmon(user2.salmon(original_message).xml_for(user.person))
+      user.raw_visible_posts.count.should be 1
+
+      ret = Retraction.new
+      ret.post_id = original_message.id
+      ret.person_id = user3.person.id
+      ret.type = original_message.class.to_s
+
+      user.receive_salmon(user3.salmon(ret).xml_for(user.person))
+      StatusMessage.count.should be 1
+      user.reload.raw_visible_posts.count.should be 1
+    end
   end
 end
-- 
GitLab