mirror of
https://github.com/discourse/discourse.git
synced 2024-12-01 13:09:33 -06:00
493d437e79
* Remove outdated option
04078317ba
* Use the non-globally exposed RSpec syntax
https://github.com/rspec/rspec-core/pull/2803
* Use the non-globally exposed RSpec syntax, cont
https://github.com/rspec/rspec-core/pull/2803
* Comply to strict predicate matchers
See:
- https://github.com/rspec/rspec-expectations/pull/1195
- https://github.com/rspec/rspec-expectations/pull/1196
- https://github.com/rspec/rspec-expectations/pull/1277
42 lines
1.6 KiB
Ruby
42 lines
1.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe UserApiKey do
|
|
describe "#allow?" do
|
|
def request_env(method, path, **path_parameters)
|
|
ActionDispatch::TestRequest.create.tap do |request|
|
|
request.request_method = method
|
|
request.path = path
|
|
request.path_parameters = path_parameters
|
|
end.env
|
|
end
|
|
|
|
it "can look up permissions correctly" do
|
|
key = UserApiKey.new(scopes: ['message_bus', 'notifications'].map { |name| UserApiKeyScope.new(name: name) })
|
|
|
|
expect(key.allow?(request_env("GET", "/random"))).to eq(false)
|
|
expect(key.allow?(request_env("POST", "/message-bus/1234/poll"))).to eq(true)
|
|
|
|
expect(key.allow?(request_env("PUT", "/xyz", controller: "notifications", action: "mark_read"))).to eq(true)
|
|
|
|
expect(key.allow?(request_env("POST", "/xyz", controller: "user_api_keys", action: "revoke"))).to eq(true)
|
|
end
|
|
|
|
it "can allow all correct scopes to write" do
|
|
key = UserApiKey.new(scopes: ["write"].map { |name| UserApiKeyScope.new(name: name) })
|
|
|
|
expect(key.allow?(request_env("GET", "/random"))).to eq(true)
|
|
expect(key.allow?(request_env("PUT", "/random"))).to eq(true)
|
|
expect(key.allow?(request_env("PATCH", "/random"))).to eq(true)
|
|
expect(key.allow?(request_env("DELETE", "/random"))).to eq(true)
|
|
expect(key.allow?(request_env("POST", "/random"))).to eq(true)
|
|
end
|
|
|
|
it "can allow blanket read" do
|
|
key = UserApiKey.new(scopes: ["read"].map { |name| UserApiKeyScope.new(name: name) })
|
|
|
|
expect(key.allow?(request_env("GET", "/random"))).to eq(true)
|
|
expect(key.allow?(request_env("PUT", "/random"))).to eq(false)
|
|
end
|
|
end
|
|
end
|