Check that the permission is non-zero

Fixes #3241

diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb
index babd27c536ffd4eaf4d813e2fce559678a2fbadc..7ab7f68359c52e7498ee6e5b0e15dcdda2dedeb1 100644 (file)
--- a/app/controllers/oauth_controller.rb
+++ b/app/controllers/oauth_controller.rb
@@ -27,7 +27,7 @@ class OauthController < ApplicationController
     any_auth = false
 
     @token.client_application.permissions.each do |pref|
     any_auth = false
 
     @token.client_application.permissions.each do |pref|

-      if params[pref]
+      if params[pref].to_i.nonzero?

         @token.write_attribute(pref, true)
         any_auth ||= true
       else
         @token.write_attribute(pref, true)
         any_auth ||= true
       else

diff --git a/test/integration/oauth_test.rb b/test/integration/oauth_test.rb
index 1505cb34ab4fcc06b30d99057fd6a193236d79b8..579941774567b621b156cccf1ff197da99b2f3e9 100644 (file)
--- a/test/integration/oauth_test.rb
+++ b/test/integration/oauth_test.rb
@@ -68,7 +68,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,

-                      :allow_read_prefs => true, :allow_write_prefs => true }
+                      :allow_read_prefs => "1", :allow_write_prefs => "1" }

     if client.callback_url
       assert_response :redirect
       assert_redirected_to "#{client.callback_url}?oauth_token=#{token.token}"
     if client.callback_url
       assert_response :redirect
       assert_redirected_to "#{client.callback_url}?oauth_token=#{token.token}"


@@ -151,7 +151,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token, :oauth_callback => callback_url,
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token, :oauth_callback => callback_url,

-                      :allow_write_api => true, :allow_read_gpx => true }
+                      :allow_write_api => "1", :allow_read_gpx => "1" }

     assert_response :redirect
     assert_redirected_to "#{callback_url}?oauth_token=#{token.token}"
     token.reload
     assert_response :redirect
     assert_redirected_to "#{callback_url}?oauth_token=#{token.token}"
     token.reload


@@ -198,7 +198,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,

-                      :allow_read_prefs => true, :allow_write_prefs => true }
+                      :allow_read_prefs => "1", :allow_write_prefs => "1" }

     if client.callback_url
       assert_response :redirect
       verifier = parse_verifier(response)
     if client.callback_url
       assert_response :redirect
       verifier = parse_verifier(response)


@@ -257,7 +257,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,

-                      :allow_write_api => true, :allow_read_gpx => true }
+                      :allow_write_api => "1", :allow_read_gpx => "1" }

     assert_response :redirect
     verifier = parse_verifier(response)
     assert_redirected_to "#{callback_url}?oauth_token=#{token.token}&oauth_verifier=#{verifier}"
     assert_response :redirect
     verifier = parse_verifier(response)
     assert_redirected_to "#{callback_url}?oauth_token=#{token.token}&oauth_verifier=#{verifier}"