DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

bug(api): token, not checked

Browse source
This commit is contained in:
Martin 2023-01-19 17:33:19 +01:00
parent d566a5e095
commit 7206f1b298
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
spec/controllers/api/v2/graphql_controller_spec.rb
View file

@ -151,6 +151,17 @@ describe API::V2::GraphqlController do
} }
end end
context "when the does not belong to an admin of the procedure" do
let(:another_administrateur) { create(:administrateur) }
before do
request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Token.encode_credentials(APIToken.generate(another_administrateur)[1])
end
it {
expect(gql_errors.first[:message]).to eq("An object of type Demarche was hidden due to permissions")
}
end
context "when the token is revoked" do context "when the token is revoked" do
before do before do
admin.api_tokens.destroy_all admin.api_tokens.destroy_all