X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/550c4a3a45814fde5c809334c85f1ebc47659a82..1ca2c2837ef0e637d145c22ccf346deb9fdfd035:/test/abilities/api_abilities_test.rb

diff --git a/test/abilities/api_abilities_test.rb b/test/abilities/api_abilities_test.rb
index 7734ce996..a68704f1a 100644
--- a/test/abilities/api_abilities_test.rb
+++ b/test/abilities/api_abilities_test.rb
@@ -9,11 +9,11 @@ class GuestApiAbilityTest < ApiAbilityTest
   test "note permissions for a guest" do
     ability = ApiAbility.new nil
 
-    [:index, :create, :comment, :feed, :show, :search].each do |action|
+    [:index, :create, :feed, :show, :search].each do |action|
       assert ability.can?(action, Note), "should be able to #{action} Notes"
     end
 
-    [:close, :reopen, :destroy].each do |action|
+    [:comment, :close, :reopen, :destroy].each do |action|
       assert ability.cannot?(action, Note), "should not be able to #{action} Notes"
     end
   end
@@ -21,7 +21,8 @@ end
 
 class UserApiAbilityTest < ApiAbilityTest
   test "Note permissions" do
-    ability = ApiAbility.new create(:user)
+    token = create(:oauth_access_token, :scopes => %w[write_notes])
+    ability = ApiAbility.new token
 
     [:index, :create, :comment, :feed, :show, :search, :close, :reopen].each do |action|
       assert ability.can?(action, Note), "should be able to #{action} Notes"
@@ -35,7 +36,8 @@ end
 
 class ModeratorApiAbilityTest < ApiAbilityTest
   test "Note permissions" do
-    ability = ApiAbility.new create(:moderator_user)
+    token = create(:oauth_access_token, :scopes => %w[write_notes], :resource_owner_id => create(:moderator_user).id)
+    ability = ApiAbility.new token
 
     [:index, :create, :comment, :feed, :show, :search, :close, :reopen, :destroy].each do |action|
       assert ability.can?(action, Note), "should be able to #{action} Notes"