From: Anton Khorev <tony29@yandex.ru>
Date: Wed, 12 Feb 2025 16:03:42 +0000 (+0300)
Subject: Split api changeset comment create scope and terms tests
X-Git-Tag: live~161^2~8
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/c9057188aab64e39635c4230b117bf98ce667307

Split api changeset comment create scope and terms tests
---

diff --git a/test/controllers/api/changeset_comments_controller_test.rb b/test/controllers/api/changeset_comments_controller_test.rb
index b3b3d9c75..c5e53ad6d 100644
--- a/test/controllers/api/changeset_comments_controller_test.rb
+++ b/test/controllers/api/changeset_comments_controller_test.rb
@@ -133,6 +133,28 @@ module Api
       end
     end
 
+    def test_create_when_not_agreed_to_terms
+      user = create(:user, :terms_agreed => nil)
+      auth_header = bearer_authorization_header user
+      changeset = create(:changeset, :closed)
+
+      assert_difference "ChangesetComment.count", 0 do
+        post changeset_comment_path(changeset), :params => { :text => "This is a comment" }, :headers => auth_header
+        assert_response :forbidden
+      end
+    end
+
+    def test_create_with_write_api_scope
+      user = create(:user)
+      auth_header = bearer_authorization_header user, :scopes => %w[write_api]
+      changeset = create(:changeset, :closed)
+
+      assert_difference "ChangesetComment.count", 1 do
+        post changeset_comment_path(changeset), :params => { :text => "This is a comment" }, :headers => auth_header
+        assert_response :success
+      end
+    end
+
     ##
     # create comment rate limit for new users
     def test_create_by_new_user_with_rate_limit
@@ -296,30 +318,5 @@ module Api
       assert_response :success
       assert comment.reload.visible
     end
-
-    # This test ensures that token capabilities behave correctly for a method that
-    # requires the terms to have been agreed.
-    # (This would be better as an integration or system testcase, since the changeset_comment
-    # create method is simply a stand-in for any method that requires terms agreement.
-    # But writing oauth tests is hard, and so it's easier to put in a controller test.)
-    def test_api_write_and_terms_agreed_via_token
-      user = create(:user, :terms_agreed => nil)
-      auth_header = bearer_authorization_header(user, :scopes => %w[write_api])
-      changeset = create(:changeset, :closed)
-
-      assert_difference "ChangesetComment.count", 0 do
-        post changeset_comment_path(changeset), :params => { :text => "This is a comment" }, :headers => auth_header
-      end
-      assert_response :forbidden
-
-      # Try again, after agreement with the terms
-      user.terms_agreed = Time.now.utc
-      user.save!
-
-      assert_difference "ChangesetComment.count", 1 do
-        post changeset_comment_path(changeset), :params => { :text => "This is a comment" }, :headers => auth_header
-      end
-      assert_response :success
-    end
   end
 end