##
# test that redacted nodes aren't visible, regardless of
# authorisation except as moderator...
- def test_show_redacted
+ def test_show_redacted_unauthorised
node = create(:node, :with_history, :version => 2)
- node_v1 = node.old_nodes.find_by(:version => 1)
- node_v1.redact!(create(:redaction))
+ node.old_nodes.find_by(:version => 1).redact!(create(:redaction))
+
+ get api_node_version_path(node, 1)
- get api_node_version_path(node_v1.node_id, node_v1.version)
assert_response :forbidden, "Redacted node shouldn't be visible via the version API."
+ end
+
+ def test_show_redacted_normal_user
+ node = create(:node, :with_history, :version => 2)
+ node.old_nodes.find_by(:version => 1).redact!(create(:redaction))
+
+ get api_node_version_path(node, 1), :headers => bearer_authorization_header
- # not even to a logged-in user
- auth_header = bearer_authorization_header
- get api_node_version_path(node_v1.node_id, node_v1.version), :headers => auth_header
assert_response :forbidden, "Redacted node shouldn't be visible via the version API, even when logged in."
end
##
# test that redacted relations aren't visible, regardless of
# authorisation except as moderator...
- def test_show_redacted
+ def test_show_redacted_unauthorised
relation = create(:relation, :with_history, :version => 2)
- relation_v1 = relation.old_relations.find_by(:version => 1)
- relation_v1.redact!(create(:redaction))
+ relation.old_relations.find_by(:version => 1).redact!(create(:redaction))
+
+ get api_relation_version_path(relation, 1)
- get api_relation_version_path(relation_v1.relation_id, relation_v1.version)
assert_response :forbidden, "Redacted relation shouldn't be visible via the version API."
+ end
+
+ def test_show_redacted_normal_user
+ relation = create(:relation, :with_history, :version => 2)
+ relation.old_relations.find_by(:version => 1).redact!(create(:redaction))
+
+ get api_relation_version_path(relation, 1), :headers => bearer_authorization_header
- # not even to a logged-in user
- auth_header = bearer_authorization_header
- get api_relation_version_path(relation_v1.relation_id, relation_v1.version), :headers => auth_header
assert_response :forbidden, "Redacted relation shouldn't be visible via the version API, even when logged in."
end
##
# test that redacted ways aren't visible, regardless of
# authorisation except as moderator...
- def test_show_redacted
+ def test_show_redacted_unauthorised
way = create(:way, :with_history, :version => 2)
- way_v1 = way.old_ways.find_by(:version => 1)
- way_v1.redact!(create(:redaction))
+ way.old_ways.find_by(:version => 1).redact!(create(:redaction))
+
+ get api_way_version_path(way, 1)
- get api_way_version_path(way_v1.way_id, way_v1.version)
assert_response :forbidden, "Redacted way shouldn't be visible via the version API."
+ end
+
+ def test_show_redacted_normal_user
+ way = create(:way, :with_history, :version => 2)
+ way.old_ways.find_by(:version => 1).redact!(create(:redaction))
+
+ get api_way_version_path(way, 1), :headers => bearer_authorization_header
- # not even to a logged-in user
- auth_header = bearer_authorization_header
- get api_way_version_path(way_v1.way_id, way_v1.version), :headers => auth_header
assert_response :forbidden, "Redacted way shouldn't be visible via the version API, even when logged in."
end
projects / rails.git / commitdiff