X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/93e49daee21b64f0af0ba7fa3035904843a028ea..126a987aa8b2d95b90b0970fba7d4e6df1cfaac0:/test/abilities/api_capability_test.rb diff --git a/test/abilities/api_capability_test.rb b/test/abilities/api_capability_test.rb index dccde5758..5e8396c67 100644 --- a/test/abilities/api_capability_test.rb +++ b/test/abilities/api_capability_test.rb @@ -2,21 +2,9 @@ require "test_helper" -class ApiCapabilityTest < ActiveSupport::TestCase - private - - def tokens(*toks) - AccessToken.new do |token| - toks.each do |t| - token.public_send("#{t}=", true) - end - end - end -end - -class ChangesetCommentApiCapabilityTest < ApiCapabilityTest +class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase test "as a normal user with permissionless token" do - token = create(:access_token) + token = create(:oauth_access_token) capability = ApiCapability.new token [:create, :destroy, :restore].each do |action| @@ -24,8 +12,8 @@ class ChangesetCommentApiCapabilityTest < ApiCapabilityTest end end - test "as a normal user with allow_write_api token" do - token = create(:access_token, :allow_write_api => true) + test "as a normal user with write_api token" do + token = create(:oauth_access_token, :scopes => %w[write_api]) capability = ApiCapability.new token [:destroy, :restore].each do |action| @@ -38,7 +26,7 @@ class ChangesetCommentApiCapabilityTest < ApiCapabilityTest end test "as a moderator with permissionless token" do - token = create(:access_token, :user => create(:moderator_user)) + token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id) capability = ApiCapability.new token [:create, :destroy, :restore].each do |action| @@ -46,8 +34,8 @@ class ChangesetCommentApiCapabilityTest < ApiCapabilityTest end end - test "as a moderator with allow_write_api token" do - token = create(:access_token, :user => create(:moderator_user), :allow_write_api => true) + test "as a moderator with write_api token" do + token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id, :scopes => %w[write_api]) capability = ApiCapability.new token [:create, :destroy, :restore].each do |action| @@ -56,9 +44,9 @@ class ChangesetCommentApiCapabilityTest < ApiCapabilityTest end end -class NoteApiCapabilityTest < ApiCapabilityTest +class NoteApiCapabilityTest < ActiveSupport::TestCase test "as a normal user with permissionless token" do - token = create(:access_token) + token = create(:oauth_access_token) capability = ApiCapability.new token [:create, :comment, :close, :reopen, :destroy].each do |action| @@ -66,8 +54,8 @@ class NoteApiCapabilityTest < ApiCapabilityTest end end - test "as a normal user with allow_write_notes token" do - token = create(:access_token, :allow_write_notes => true) + test "as a normal user with write_notes token" do + token = create(:oauth_access_token, :scopes => %w[write_notes]) capability = ApiCapability.new token [:destroy].each do |action| @@ -80,7 +68,7 @@ class NoteApiCapabilityTest < ApiCapabilityTest end test "as a moderator with permissionless token" do - token = create(:access_token, :user => create(:moderator_user)) + token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id) capability = ApiCapability.new token [:destroy].each do |action| @@ -88,8 +76,8 @@ class NoteApiCapabilityTest < ApiCapabilityTest end end - test "as a moderator with allow_write_notes token" do - token = create(:access_token, :user => create(:moderator_user), :allow_write_notes => true) + test "as a moderator with write_notes token" do + token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id, :scopes => %w[write_notes]) capability = ApiCapability.new token [:destroy].each do |action| @@ -98,22 +86,18 @@ class NoteApiCapabilityTest < ApiCapabilityTest end end -class UserApiCapabilityTest < ApiCapabilityTest +class UserApiCapabilityTest < ActiveSupport::TestCase test "user preferences" do - # a user with no tokens - capability = ApiCapability.new nil - [:index, :show, :update_all, :update, :destroy].each do |act| - assert capability.cannot? act, UserPreference - end - # A user with empty tokens - capability = ApiCapability.new tokens + token = create(:oauth_access_token) + capability = ApiCapability.new token [:index, :show, :update_all, :update, :destroy].each do |act| assert capability.cannot? act, UserPreference end - capability = ApiCapability.new tokens(:allow_read_prefs) + token = create(:oauth_access_token, :scopes => %w[read_prefs]) + capability = ApiCapability.new token [:update_all, :update, :destroy].each do |act| assert capability.cannot? act, UserPreference @@ -123,7 +107,9 @@ class UserApiCapabilityTest < ApiCapabilityTest assert capability.can? act, UserPreference end - capability = ApiCapability.new tokens(:allow_write_prefs) + token = create(:oauth_access_token, :scopes => %w[write_prefs]) + capability = ApiCapability.new token + [:index, :show].each do |act| assert capability.cannot? act, UserPreference end