X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/1a7d68ccbceb07e2da90fc0efa61ef448f5383fe..HEAD:/test/abilities/api_capability_test.rb diff --git a/test/abilities/api_capability_test.rb b/test/abilities/api_capability_test.rb index bcfcaf74e..58c8f7fe7 100644 --- a/test/abilities/api_capability_test.rb +++ b/test/abilities/api_capability_test.rb @@ -3,125 +3,127 @@ require "test_helper" class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase - test "as a normal user with permissionless token" do - token = create(:oauth_access_token) - capability = ApiCapability.new token + test "as a normal user without scopes" do + user = create(:user) + scopes = Set.new + ability = ApiAbility.new user, scopes [:create, :destroy, :restore].each do |action| - assert capability.cannot? action, ChangesetComment + assert ability.cannot? action, ChangesetComment end end - test "as a normal user with write_api token" do - token = create(:oauth_access_token, :scopes => %w[write_api]) - capability = ApiCapability.new token + test "as a normal user with write_changeset_comments scope" do + user = create(:user) + scopes = Set.new %w[write_changeset_comments] + ability = ApiAbility.new user, scopes [:destroy, :restore].each do |action| - assert capability.cannot? action, ChangesetComment + assert ability.cannot? action, ChangesetComment end [:create].each do |action| - assert capability.can? action, ChangesetComment + assert ability.can? action, ChangesetComment end end - test "as a moderator with permissionless token" do - token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id) - capability = ApiCapability.new token + test "as a moderator without scopes" do + user = create(:moderator_user) + scopes = Set.new + ability = ApiAbility.new user, scopes [:create, :destroy, :restore].each do |action| - assert capability.cannot? action, ChangesetComment + assert ability.cannot? action, ChangesetComment end end - test "as a moderator with write_api token" do - token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id, :scopes => %w[write_api]) - capability = ApiCapability.new token + test "as a moderator with write_changeset_comments scope" do + user = create(:moderator_user) + scopes = Set.new %w[write_changeset_comments] + ability = ApiAbility.new user, scopes [:create, :destroy, :restore].each do |action| - assert capability.can? action, ChangesetComment + assert ability.can? action, ChangesetComment end end end class NoteApiCapabilityTest < ActiveSupport::TestCase - test "as a normal user with permissionless token" do - token = create(:oauth_access_token) - capability = ApiCapability.new token + test "as a normal user without scopes" do + user = create(:user) + scopes = Set.new + ability = ApiAbility.new user, scopes [:create, :comment, :close, :reopen, :destroy].each do |action| - assert capability.cannot? action, Note + assert ability.cannot? action, Note end end - test "as a normal user with write_notes token" do - token = create(:oauth_access_token, :scopes => %w[write_notes]) - capability = ApiCapability.new token + test "as a normal user with write_notes scope" do + user = create(:user) + scopes = Set.new %w[write_notes] + ability = ApiAbility.new user, scopes [:destroy].each do |action| - assert capability.cannot? action, Note + assert ability.cannot? action, Note end [:create, :comment, :close, :reopen].each do |action| - assert capability.can? action, Note + assert ability.can? action, Note end end - test "as a moderator with permissionless token" do - token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id) - capability = ApiCapability.new token + test "as a moderator without scopes" do + user = create(:moderator_user) + scopes = Set.new + ability = ApiAbility.new user, scopes [:destroy].each do |action| - assert capability.cannot? action, Note + assert ability.cannot? action, Note end end - test "as a moderator with write_notes token" do - token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id, :scopes => %w[write_notes]) - capability = ApiCapability.new token + test "as a moderator with write_notes scope" do + user = create(:moderator_user) + scopes = Set.new %w[write_notes] + ability = ApiAbility.new user, scopes [:destroy].each do |action| - assert capability.can? action, Note + assert ability.can? action, Note end end end class UserApiCapabilityTest < ActiveSupport::TestCase test "user preferences" do - # a user with no tokens - capability = ApiCapability.new nil - [:index, :show, :update_all, :update, :destroy].each do |act| - assert capability.cannot? act, UserPreference - end - - # A user with empty tokens - token = create(:oauth_access_token) - capability = ApiCapability.new token + user = create(:user) + scopes = Set.new + ability = ApiAbility.new user, scopes [:index, :show, :update_all, :update, :destroy].each do |act| - assert capability.cannot? act, UserPreference + assert ability.cannot? act, UserPreference end - token = create(:oauth_access_token, :scopes => %w[read_prefs]) - capability = ApiCapability.new token + scopes = Set.new %w[read_prefs] + ability = ApiAbility.new user, scopes [:update_all, :update, :destroy].each do |act| - assert capability.cannot? act, UserPreference + assert ability.cannot? act, UserPreference end [:index, :show].each do |act| - assert capability.can? act, UserPreference + assert ability.can? act, UserPreference end - token = create(:oauth_access_token, :scopes => %w[write_prefs]) - capability = ApiCapability.new token + scopes = Set.new %w[write_prefs] + ability = ApiAbility.new user, scopes [:index, :show].each do |act| - assert capability.cannot? act, UserPreference + assert ability.cannot? act, UserPreference end [:update_all, :update, :destroy].each do |act| - assert capability.can? act, UserPreference + assert ability.can? act, UserPreference end end end