]> git.openstreetmap.org Git - rails.git/blobdiff - test/controllers/api/notes_controller_test.rb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge remote-tracking branch 'upstream/pull/5544'
[rails.git] / test / controllers / api / notes_controller_test.rb
diff --git a/test/controllers/api/notes_controller_test.rb b/test/controllers/api/notes_controller_test.rb
index 5f69e6a2ac025e9eadf11a85795d040c349202c6..17ceb1b9e5b8b58b96ba2d66d22fe310978716c7 100644 (file)
--- a/test/controllers/api/notes_controller_test.rb
+++ b/test/controllers/api/notes_controller_test.rb
@@ -230,6 +230,17 @@ module Api
       assert_equal note, subscription.note
     end
 
+    def test_create_no_scope_fail
+      user = create(:user)
+      auth_header = bearer_authorization_header user, :scopes => %w[read_prefs]
+
+      assert_no_difference "Note.count" do
+        post api_notes_path(:lat => -1.0, :lon => -1.0, :text => "This is a description", :format => "json"), :headers => auth_header
+
+        assert_response :forbidden
+      end
+    end
+
     def test_comment_success
       open_note_with_comment = create(:note_with_comments)
       user = create(:user)
The OpenStreetMap web site