X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/bd0f5a1932829ca44c0fef2fe7d825fda76e41eb..be020d1546b97ad42873b3cdc04b0787bf0eb905:/test/controllers/api/old_nodes_controller_test.rb

diff --git a/test/controllers/api/old_nodes_controller_test.rb b/test/controllers/api/old_nodes_controller_test.rb
index 27ed11aa4..7afa8c997 100644
--- a/test/controllers/api/old_nodes_controller_test.rb
+++ b/test/controllers/api/old_nodes_controller_test.rb
@@ -114,17 +114,21 @@ module Api
     ##
     # test that redacted nodes aren't visible, regardless of
     # authorisation except as moderator...
-    def test_show_redacted
+    def test_show_redacted_unauthorised
       node = create(:node, :with_history, :version => 2)
-      node_v1 = node.old_nodes.find_by(:version => 1)
-      node_v1.redact!(create(:redaction))
+      node.old_nodes.find_by(:version => 1).redact!(create(:redaction))
+
+      get api_node_version_path(node, 1)
 
-      get api_node_version_path(node_v1.node_id, node_v1.version)
       assert_response :forbidden, "Redacted node shouldn't be visible via the version API."
+    end
+
+    def test_show_redacted_normal_user
+      node = create(:node, :with_history, :version => 2)
+      node.old_nodes.find_by(:version => 1).redact!(create(:redaction))
+
+      get api_node_version_path(node, 1), :headers => bearer_authorization_header
 
-      # not even to a logged-in user
-      auth_header = bearer_authorization_header
-      get api_node_version_path(node_v1.node_id, node_v1.version), :headers => auth_header
       assert_response :forbidden, "Redacted node shouldn't be visible via the version API, even when logged in."
     end