+ assert_allowed token, [:allow_read_prefs]
+
+ signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
+ assert_response :success
+
+ signed_get "/api/0.6/gpx/2", :consumer => client, :token => token
+ assert_response :forbidden
+
+ post "/oauth/revoke", :token => token.token
+ assert_redirected_to oauth_clients_url(token.user.display_name)
+ token = OauthToken.find_by_token(token.token)
+ assert_not_nil token.invalidated_at
+
+ signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
+ assert_response :unauthorized