trace2 = create(:trace, :user => user) do |trace|
create(:tracetag, :trace => trace, :tag => "Birmingham")
end
- # check that nothing is returned when not logged in
- get api_user_traces_path
- assert_response :unauthorized
# check that we get a response when logged in
- auth_header = bearer_authorization_header user
+ auth_header = bearer_authorization_header user, :scopes => %w[read_gpx]
get api_user_traces_path, :headers => auth_header
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "tag", "Birmingham"
end
end
+
+ def test_index_anonymous
+ get api_user_traces_path
+ assert_response :unauthorized
+ end
+
+ def test_index_no_scope
+ user = create(:user)
+ bad_auth = bearer_authorization_header user, :scopes => %w[]
+
+ get api_user_traces_path, :headers => bad_auth
+ assert_response :forbidden
+ end
end
end
end