class ModeratorApiAbilityTest < ApiAbilityTest
test "Note permissions" do
- token = create(:oauth_access_token, :scopes => %w[write_notes], :resource_owner_id => create(:moderator_user).id)
+ token = create(:oauth_access_token, :scopes => %w[write_notes], :user => create(:moderator_user))
ability = ApiAbility.new token
[:index, :create, :comment, :feed, :show, :search, :close, :reopen, :destroy].each do |action|
end
test "as a moderator with permissionless token" do
- token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id)
+ token = create(:oauth_access_token, :user => create(:moderator_user))
ability = ApiAbility.new token
[:create, :destroy, :restore].each do |action|
end
test "as a moderator with write_api token" do
- token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id, :scopes => %w[write_api])
+ token = create(:oauth_access_token, :user => create(:moderator_user), :scopes => %w[write_api])
ability = ApiAbility.new token
[:create, :destroy, :restore].each do |action|
end
test "as a moderator with permissionless token" do
- token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id)
+ token = create(:oauth_access_token, :user => create(:moderator_user))
ability = ApiAbility.new token
[:destroy].each do |action|
end
test "as a moderator with write_notes token" do
- token = create(:oauth_access_token, :resource_owner_id => create(:moderator_user).id, :scopes => %w[write_notes])
+ token = create(:oauth_access_token, :user => create(:moderator_user), :scopes => %w[write_notes])
ability = ApiAbility.new token
[:destroy].each do |action|
user = create(:user)
application1 = create(:oauth_application)
create(:oauth_access_grant, :resource_owner_id => user.id, :application => application1)
- create(:oauth_access_token, :resource_owner_id => user.id, :application => application1)
+ create(:oauth_access_token, :user => user, :application => application1)
application2 = create(:oauth_application)
create(:oauth_access_grant, :resource_owner_id => user.id, :application => application2)
- create(:oauth_access_token, :resource_owner_id => user.id, :application => application2)
+ create(:oauth_access_token, :user => user, :application => application2)
create(:oauth_application)
get oauth_authorized_applications_path
user = create(:user)
application1 = create(:oauth_application, :scopes => %w[read_prefs write_prefs write_diary read_gpx write_gpx])
create(:oauth_access_grant, :resource_owner_id => user.id, :application => application1, :scopes => %w[read_prefs write_prefs])
- create(:oauth_access_token, :resource_owner_id => user.id, :application => application1, :scopes => %w[read_prefs write_prefs])
+ create(:oauth_access_token, :user => user, :application => application1, :scopes => %w[read_prefs write_prefs])
create(:oauth_access_grant, :resource_owner_id => user.id, :application => application1, :scopes => %w[read_prefs write_diary])
- create(:oauth_access_token, :resource_owner_id => user.id, :application => application1, :scopes => %w[read_prefs write_diary])
+ create(:oauth_access_token, :user => user, :application => application1, :scopes => %w[read_prefs write_diary])
get oauth_authorized_applications_path
assert_redirected_to login_path(:referer => oauth_authorized_applications_path)
user = create(:user)
application1 = create(:oauth_application)
create(:oauth_access_grant, :resource_owner_id => user.id, :application => application1)
- create(:oauth_access_token, :resource_owner_id => user.id, :application => application1)
+ create(:oauth_access_token, :user => user, :application => application1)
application2 = create(:oauth_application)
create(:oauth_access_grant, :resource_owner_id => user.id, :application => application2)
- create(:oauth_access_token, :resource_owner_id => user.id, :application => application2)
+ create(:oauth_access_token, :user => user, :application => application2)
create(:oauth_application)
delete oauth_authorized_application_path(:id => application1.id)
factory :oauth_access_token, :class => "Doorkeeper::AccessToken" do
application :factory => :oauth_application
- resource_owner_id { create(:user).id }
+ resource_owner_id { user.id }
+
+ transient do
+ user { create(:user) } # rubocop:disable FactoryBot/FactoryAssociationWithStrategy
+ end
end
end
def test_soft_destroy_revokes_oauth2_tokens
user = create(:user)
- oauth_access_token = create(:oauth_access_token, :resource_owner_id => user.id)
+ oauth_access_token = create(:oauth_access_token, :user => user)
assert_equal 1, user.access_tokens.not_expired.count
user.soft_destroy
def bearer_authorization_header(token_or_user = nil, scopes: Oauth::SCOPES)
token = case token_or_user
when nil then create(:oauth_access_token, :scopes => scopes).token
- when User then create(:oauth_access_token, :resource_owner_id => token_or_user.id, :scopes => scopes).token
+ when User then create(:oauth_access_token, :user => token_or_user, :scopes => scopes).token
when Doorkeeper::AccessToken then token_or_user.token
when String then token_or_user
end