X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/bd0f5a1932829ca44c0fef2fe7d825fda76e41eb..be020d1546b97ad42873b3cdc04b0787bf0eb905:/test/controllers/api/old_relations_controller_test.rb?ds=sidebyside

diff --git a/test/controllers/api/old_relations_controller_test.rb b/test/controllers/api/old_relations_controller_test.rb
index 137a1bb33..b5600ad37 100644
--- a/test/controllers/api/old_relations_controller_test.rb
+++ b/test/controllers/api/old_relations_controller_test.rb
@@ -114,17 +114,21 @@ module Api
     ##
     # test that redacted relations aren't visible, regardless of
     # authorisation except as moderator...
-    def test_show_redacted
+    def test_show_redacted_unauthorised
       relation = create(:relation, :with_history, :version => 2)
-      relation_v1 = relation.old_relations.find_by(:version => 1)
-      relation_v1.redact!(create(:redaction))
+      relation.old_relations.find_by(:version => 1).redact!(create(:redaction))
+
+      get api_relation_version_path(relation, 1)
 
-      get api_relation_version_path(relation_v1.relation_id, relation_v1.version)
       assert_response :forbidden, "Redacted relation shouldn't be visible via the version API."
+    end
+
+    def test_show_redacted_normal_user
+      relation = create(:relation, :with_history, :version => 2)
+      relation.old_relations.find_by(:version => 1).redact!(create(:redaction))
+
+      get api_relation_version_path(relation, 1), :headers => bearer_authorization_header
 
-      # not even to a logged-in user
-      auth_header = bearer_authorization_header
-      get api_relation_version_path(relation_v1.relation_id, relation_v1.version), :headers => auth_header
       assert_response :forbidden, "Redacted relation shouldn't be visible via the version API, even when logged in."
     end