Rewrite changeset download show test

[rails.git] / test / controllers / api / users / traces_controller_test.rb

diff --git a/test/controllers/api/users/traces_controller_test.rb b/test/controllers/api/users/traces_controller_test.rb
index 9fdd4927149c11e59c31e788da186a742df1d11d..2f464056f428aa187d11e655d928059386fb2b34 100644 (file)
--- a/test/controllers/api/users/traces_controller_test.rb
+++ b/test/controllers/api/users/traces_controller_test.rb
@@ -20,12 +20,9 @@ module Api
         trace2 = create(:trace, :user => user) do |trace|
           create(:tracetag, :trace => trace, :tag => "Birmingham")
         end
         trace2 = create(:trace, :user => user) do |trace|
           create(:tracetag, :trace => trace, :tag => "Birmingham")
         end

-        # check that nothing is returned when not logged in
-        get api_user_traces_path
-        assert_response :unauthorized

 
         # check that we get a response when logged in
 
         # check that we get a response when logged in

-        auth_header = bearer_authorization_header user
+        auth_header = bearer_authorization_header user, :scopes => %w[read_gpx]

         get api_user_traces_path, :headers => auth_header
         assert_response :success
         assert_equal "application/xml", response.media_type
         get api_user_traces_path, :headers => auth_header
         assert_response :success
         assert_equal "application/xml", response.media_type


@@ -38,6 +35,19 @@ module Api
           assert_select "tag", "Birmingham"
         end
       end
           assert_select "tag", "Birmingham"
         end
       end

+
+      def test_index_anonymous
+        get api_user_traces_path
+        assert_response :unauthorized
+      end
+
+      def test_index_no_scope
+        user = create(:user)
+        bad_auth = bearer_authorization_header user, :scopes => %w[]
+
+        get api_user_traces_path, :headers => bad_auth
+        assert_response :forbidden
+      end

     end
   end
 end
     end
   end
 end