diff options
author | Timothy Andrew <mail@timothyandrew.net> | 2017-06-20 12:35:59 +0300 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2017-06-28 10:17:13 +0300 |
commit | 157c05f49da1d6992d6b491e4fba8d90a7d821c8 (patch) | |
tree | 3dc0a7f3e86b29bc0cc3117c6a8c06b810213c56 /spec/support/api | |
parent | 80c1ebaa83f346e45346baac584f21878652c350 (diff) |
Test `/users` endpoints for the `read_user` scope.
- Test `GET` endpoints to check that the scope is allowed.
- Test `POST` endpoints to check that the scope is disallowed.
- Test both `v3` and `v4` endpoints.
Diffstat (limited to 'spec/support/api')
-rw-r--r-- | spec/support/api/scopes/read_user_shared_examples.rb | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/spec/support/api/scopes/read_user_shared_examples.rb b/spec/support/api/scopes/read_user_shared_examples.rb new file mode 100644 index 00000000000..bb5f493f3fd --- /dev/null +++ b/spec/support/api/scopes/read_user_shared_examples.rb @@ -0,0 +1,33 @@ +shared_examples_for 'allows the "read_user" scope' do + describe 'when the requesting token has the "read_user" scope' do + let(:token) { create(:personal_access_token, scopes: ['read_user'], user: user) } + + it 'returns a "200" response' do + get api_call.call(path, user, personal_access_token: token) + + expect(response).to have_http_status(200) + end + end + + describe 'when the requesting token does not have any required scope' do + let(:token) { create(:personal_access_token, scopes: ['read_registry'], user: user) } + + it 'returns a "401" response' do + get api_call.call(path, user, personal_access_token: token) + + expect(response).to have_http_status(401) + end + end +end + +shared_examples_for 'does not allow the "read_user" scope' do + context 'when the requesting token has the "read_user" scope' do + let(:token) { create(:personal_access_token, scopes: ['read_user'], user: user) } + + it 'returns a "401" response' do + post api_call.call(path, user, personal_access_token: token), attributes_for(:user, projects_limit: 3) + + expect(response).to have_http_status(401) + end + end +end |