]> git.openstreetmap.org Git - rails.git/commitdiff
Test api user traces failing without necessary scope
authorAnton Khorev <tony29@yandex.ru>
Sat, 21 Dec 2024 02:19:12 +0000 (05:19 +0300)
committerAnton Khorev <tony29@yandex.ru>
Fri, 27 Dec 2024 02:44:40 +0000 (05:44 +0300)
test/controllers/api/users/traces_controller_test.rb

index 9fdd4927149c11e59c31e788da186a742df1d11d..2f464056f428aa187d11e655d928059386fb2b34 100644 (file)
@@ -20,12 +20,9 @@ module Api
         trace2 = create(:trace, :user => user) do |trace|
           create(:tracetag, :trace => trace, :tag => "Birmingham")
         end
-        # check that nothing is returned when not logged in
-        get api_user_traces_path
-        assert_response :unauthorized
 
         # check that we get a response when logged in
-        auth_header = bearer_authorization_header user
+        auth_header = bearer_authorization_header user, :scopes => %w[read_gpx]
         get api_user_traces_path, :headers => auth_header
         assert_response :success
         assert_equal "application/xml", response.media_type
@@ -38,6 +35,19 @@ module Api
           assert_select "tag", "Birmingham"
         end
       end
+
+      def test_index_anonymous
+        get api_user_traces_path
+        assert_response :unauthorized
+      end
+
+      def test_index_no_scope
+        user = create(:user)
+        bad_auth = bearer_authorization_header user, :scopes => %w[]
+
+        get api_user_traces_path, :headers => bad_auth
+        assert_response :forbidden
+      end
     end
   end
 end