2019-04-29 19:27:42 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2022-07-27 21:27:38 -05:00
|
|
|
RSpec.describe UserApiKey do
|
2022-07-27 05:21:10 -05:00
|
|
|
describe "#allow?" do
|
2020-10-06 11:20:15 -05:00
|
|
|
def request_env(method, path, **path_parameters)
|
2023-01-09 05:18:21 -06:00
|
|
|
ActionDispatch::TestRequest
|
|
|
|
.create
|
|
|
|
.tap do |request|
|
|
|
|
request.request_method = method
|
|
|
|
request.path = path
|
|
|
|
request.path_parameters = path_parameters
|
|
|
|
end
|
|
|
|
.env
|
2020-10-06 11:20:15 -05:00
|
|
|
end
|
|
|
|
|
2016-10-14 00:05:27 -05:00
|
|
|
it "can look up permissions correctly" do
|
2023-01-09 05:18:21 -06:00
|
|
|
key =
|
|
|
|
UserApiKey.new(
|
|
|
|
scopes: %w[message_bus notifications].map { |name| UserApiKeyScope.new(name: name) },
|
|
|
|
)
|
2016-10-14 00:05:27 -05:00
|
|
|
|
2020-10-06 11:20:15 -05:00
|
|
|
expect(key.allow?(request_env("GET", "/random"))).to eq(false)
|
|
|
|
expect(key.allow?(request_env("POST", "/message-bus/1234/poll"))).to eq(true)
|
2016-10-14 00:05:27 -05:00
|
|
|
|
2023-01-09 05:18:21 -06:00
|
|
|
expect(
|
|
|
|
key.allow?(request_env("PUT", "/xyz", controller: "notifications", action: "mark_read")),
|
|
|
|
).to eq(true)
|
2016-10-14 00:05:27 -05:00
|
|
|
|
2023-01-09 05:18:21 -06:00
|
|
|
expect(
|
|
|
|
key.allow?(request_env("POST", "/xyz", controller: "user_api_keys", action: "revoke")),
|
|
|
|
).to eq(true)
|
2016-10-14 00:05:27 -05:00
|
|
|
end
|
|
|
|
|
2019-02-12 22:49:25 -06:00
|
|
|
it "can allow all correct scopes to write" do
|
2020-09-29 04:57:48 -05:00
|
|
|
key = UserApiKey.new(scopes: ["write"].map { |name| UserApiKeyScope.new(name: name) })
|
2019-02-12 22:49:25 -06:00
|
|
|
|
2020-10-06 11:20:15 -05:00
|
|
|
expect(key.allow?(request_env("GET", "/random"))).to eq(true)
|
|
|
|
expect(key.allow?(request_env("PUT", "/random"))).to eq(true)
|
|
|
|
expect(key.allow?(request_env("PATCH", "/random"))).to eq(true)
|
|
|
|
expect(key.allow?(request_env("DELETE", "/random"))).to eq(true)
|
|
|
|
expect(key.allow?(request_env("POST", "/random"))).to eq(true)
|
2019-02-12 22:49:25 -06:00
|
|
|
end
|
|
|
|
|
2016-10-14 00:05:27 -05:00
|
|
|
it "can allow blanket read" do
|
2020-09-29 04:57:48 -05:00
|
|
|
key = UserApiKey.new(scopes: ["read"].map { |name| UserApiKeyScope.new(name: name) })
|
2016-10-14 00:05:27 -05:00
|
|
|
|
2020-10-06 11:20:15 -05:00
|
|
|
expect(key.allow?(request_env("GET", "/random"))).to eq(true)
|
|
|
|
expect(key.allow?(request_env("PUT", "/random"))).to eq(false)
|
2016-10-14 00:05:27 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|