]> git.openstreetmap.org Git - rails.git/blob - test/controllers/api/permissions_controller_test.rb
Prevent CSRF bypass with login form
[rails.git] / test / controllers / api / permissions_controller_test.rb
1 require "test_helper"
2
3 module Api
4   class PermissionsControllerTest < ActionDispatch::IntegrationTest
5     ##
6     # test all routes which lead to this controller
7     def test_routes
8       assert_routing(
9         { :path => "/api/0.6/permissions", :method => :get },
10         { :controller => "api/permissions", :action => "show" }
11       )
12     end
13
14     def test_permissions_anonymous
15       get permissions_path
16       assert_response :success
17       assert_select "osm > permissions", :count => 1 do
18         assert_select "permission", :count => 0
19       end
20     end
21
22     def test_permissions_basic_auth
23       auth_header = basic_authorization_header create(:user).email, "test"
24       get permissions_path, :headers => auth_header
25       assert_response :success
26       assert_select "osm > permissions", :count => 1 do
27         assert_select "permission", :count => ClientApplication.all_permissions.size
28         ClientApplication.all_permissions.each do |p|
29           assert_select "permission[name='#{p}']", :count => 1
30         end
31       end
32     end
33
34     def test_permissions_oauth
35       token = create(:access_token,
36                      :allow_read_prefs => true,
37                      :allow_write_api => true,
38                      :allow_read_gpx => false)
39       signed_get permissions_path, :oauth => { :token => token }
40       assert_response :success
41       assert_select "osm > permissions", :count => 1 do
42         assert_select "permission", :count => 2
43         assert_select "permission[name='allow_read_prefs']", :count => 1
44         assert_select "permission[name='allow_write_api']", :count => 1
45         assert_select "permission[name='allow_read_gpx']", :count => 0
46       end
47     end
48   end
49 end