Merge remote-tracking branch 'upstream/pull/5477'

[rails.git] / test / abilities / api_abilities_test.rb

diff --git a/test/abilities/api_abilities_test.rb b/test/abilities/api_abilities_test.rb
index 7734ce996f7f095dffc871c2b01d80cfc9aa3ce8..a68704f1ae7f1698d525f33118b54fcd8728eb47 100644 (file)
--- a/test/abilities/api_abilities_test.rb
+++ b/test/abilities/api_abilities_test.rb
@@ -9,11 +9,11 @@ class GuestApiAbilityTest < ApiAbilityTest
   test "note permissions for a guest" do
     ability = ApiAbility.new nil
 
-    [:index, :create, :comment, :feed, :show, :search].each do |action|
+    [:index, :create, :feed, :show, :search].each do |action|
       assert ability.can?(action, Note), "should be able to #{action} Notes"
     end
 
-    [:close, :reopen, :destroy].each do |action|
+    [:comment, :close, :reopen, :destroy].each do |action|
       assert ability.cannot?(action, Note), "should not be able to #{action} Notes"
     end
   end
@@ -21,7 +21,8 @@ end
 
 class UserApiAbilityTest < ApiAbilityTest
   test "Note permissions" do
-    ability = ApiAbility.new create(:user)
+    token = create(:oauth_access_token, :scopes => %w[write_notes])
+    ability = ApiAbility.new token
 
     [:index, :create, :comment, :feed, :show, :search, :close, :reopen].each do |action|
       assert ability.can?(action, Note), "should be able to #{action} Notes"
@@ -35,7 +36,8 @@ end
 
 class ModeratorApiAbilityTest < ApiAbilityTest
   test "Note permissions" do
-    ability = ApiAbility.new create(:moderator_user)
+    token = create(:oauth_access_token, :scopes => %w[write_notes], :resource_owner_id => create(:moderator_user).id)
+    ability = ApiAbility.new token
 
     [:index, :create, :comment, :feed, :show, :search, :close, :reopen, :destroy].each do |action|
       assert ability.can?(action, Note), "should be able to #{action} Notes"