catstodon/spec/controllers/api/v1/statuses_controller_spec.rb
Eugen Rochko 1f6ed4f86a
Add more granular OAuth scopes (#7929)
* Add more granular OAuth scopes

* Add human-readable descriptions of the new scopes

* Ensure new scopes look good on the app UI

* Add tests

* Group scopes in screen and color-code dangerous ones

* Fix wrong extra scope
2018-07-05 18:31:35 +02:00

132 lines
3.5 KiB
Ruby

require 'rails_helper'
RSpec.describe Api::V1::StatusesController, type: :controller do
render_views
let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) }
let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, application: app, scopes: scopes) }
context 'with an oauth token' do
before do
allow(controller).to receive(:doorkeeper_token) { token }
end
describe 'GET #show' do
let(:scopes) { 'read:statuses' }
let(:status) { Fabricate(:status, account: user.account) }
it 'returns http success' do
get :show, params: { id: status.id }
expect(response).to have_http_status(200)
end
end
describe 'GET #context' do
let(:scopes) { 'read:statuses' }
let(:status) { Fabricate(:status, account: user.account) }
before do
Fabricate(:status, account: user.account, thread: status)
end
it 'returns http success' do
get :context, params: { id: status.id }
expect(response).to have_http_status(200)
end
end
describe 'POST #create' do
let(:scopes) { 'write:statuses' }
before do
post :create, params: { status: 'Hello world' }
end
it 'returns http success' do
expect(response).to have_http_status(200)
end
end
describe 'DELETE #destroy' do
let(:scopes) { 'write:statuses' }
let(:status) { Fabricate(:status, account: user.account) }
before do
post :destroy, params: { id: status.id }
end
it 'returns http success' do
expect(response).to have_http_status(200)
end
it 'removes the status' do
expect(Status.find_by(id: status.id)).to be nil
end
end
end
context 'without an oauth token' do
before do
allow(controller).to receive(:doorkeeper_token) { nil }
end
context 'with a private status' do
let(:status) { Fabricate(:status, account: user.account, visibility: :private) }
describe 'GET #show' do
it 'returns http unautharized' do
get :show, params: { id: status.id }
expect(response).to have_http_status(404)
end
end
describe 'GET #context' do
before do
Fabricate(:status, account: user.account, thread: status)
end
it 'returns http unautharized' do
get :context, params: { id: status.id }
expect(response).to have_http_status(404)
end
end
describe 'GET #card' do
it 'returns http unautharized' do
get :card, params: { id: status.id }
expect(response).to have_http_status(404)
end
end
end
context 'with a public status' do
let(:status) { Fabricate(:status, account: user.account, visibility: :public) }
describe 'GET #show' do
it 'returns http success' do
get :show, params: { id: status.id }
expect(response).to have_http_status(200)
end
end
describe 'GET #context' do
before do
Fabricate(:status, account: user.account, thread: status)
end
it 'returns http success' do
get :context, params: { id: status.id }
expect(response).to have_http_status(200)
end
end
describe 'GET #card' do
it 'returns http success' do
get :card, params: { id: status.id }
expect(response).to have_http_status(200)
end
end
end
end
end