cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Pass scopes instead of token to ApiAbility

Browse source
This commit is contained in:
Anton Khorev 2025-02-12 18:13:56 +03:00
parent 304e0ef638
commit 77a2657d33
4 changed files with 55 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

61
test/abilities/api_capability_test.rb
View file

@ -3,20 +3,20 @@
require "test_helper"
class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
test "as a normal user with permissionless token" do
test "as a normal user without scopes" do
user = create(:user)
token = create(:oauth_access_token, :user => user)
ability = ApiAbility.new user, token
scopes = Set.new
ability = ApiAbility.new user, scopes
[:create, :destroy, :restore].each do |action|
assert ability.cannot? action, ChangesetComment
end
end
test "as a normal user with write_api token" do
test "as a normal user with write_api scope" do
user = create(:user)
token = create(:oauth_access_token, :user => user, :scopes => %w[write_api])
ability = ApiAbility.new user, token
scopes = Set.new %w[write_api]
ability = ApiAbility.new user, scopes
[:destroy, :restore].each do |action|
assert ability.cannot? action, ChangesetComment
@ -27,20 +27,20 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
end
end
test "as a moderator with permissionless token" do
test "as a moderator without scopes" do
user = create(:moderator_user)
token = create(:oauth_access_token, :user => user)
ability = ApiAbility.new user, token
scopes = Set.new
ability = ApiAbility.new user, scopes
[:create, :destroy, :restore].each do |action|
assert ability.cannot? action, ChangesetComment
end
end
test "as a moderator with write_api token" do
test "as a moderator with write_api scope" do
user = create(:moderator_user)
token = create(:oauth_access_token, :user => user, :scopes => %w[write_api])
ability = ApiAbility.new user, token
scopes = Set.new %w[write_api]
ability = ApiAbility.new user, scopes
[:create, :destroy, :restore].each do |action|
assert ability.can? action, ChangesetComment
@ -49,20 +49,20 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
end
class NoteApiCapabilityTest < ActiveSupport::TestCase
test "as a normal user with permissionless token" do
test "as a normal user without scopes" do
user = create(:user)
token = create(:oauth_access_token, :user => user)
ability = ApiAbility.new user, token
scopes = Set.new
ability = ApiAbility.new user, scopes
[:create, :comment, :close, :reopen, :destroy].each do |action|
assert ability.cannot? action, Note
end
end
test "as a normal user with write_notes token" do
test "as a normal user with write_notes scope" do
user = create(:user)
token = create(:oauth_access_token, :user => user, :scopes => %w[write_notes])
ability = ApiAbility.new user, token
scopes = Set.new %w[write_notes]
ability = ApiAbility.new user, scopes
[:destroy].each do |action|
assert ability.cannot? action, Note
@ -73,20 +73,20 @@ class NoteApiCapabilityTest < ActiveSupport::TestCase
end
end
test "as a moderator with permissionless token" do
test "as a moderator without scopes" do
user = create(:moderator_user)
token = create(:oauth_access_token, :user => user)
ability = ApiAbility.new user, token
scopes = Set.new
ability = ApiAbility.new user, scopes
[:destroy].each do |action|
assert ability.cannot? action, Note
end
end
test "as a moderator with write_notes token" do
test "as a moderator with write_notes scope" do
user = create(:moderator_user)
token = create(:oauth_access_token, :user => user, :scopes => %w[write_notes])
ability = ApiAbility.new user, token
scopes = Set.new %w[write_notes]
ability = ApiAbility.new user, scopes
[:destroy].each do |action|
assert ability.can? action, Note
@ -96,17 +96,16 @@ end
class UserApiCapabilityTest < ActiveSupport::TestCase
test "user preferences" do
# A user with empty tokens
user = create(:user)
token = create(:oauth_access_token, :user => user)
ability = ApiAbility.new user, token
scopes = Set.new
ability = ApiAbility.new user, scopes
[:index, :show, :update_all, :update, :destroy].each do |act|
assert ability.cannot? act, UserPreference
end
token = create(:oauth_access_token, :user => user, :scopes => %w[read_prefs])
ability = ApiAbility.new user, token
scopes = Set.new %w[read_prefs]
ability = ApiAbility.new user, scopes
[:update_all, :update, :destroy].each do |act|
assert ability.cannot? act, UserPreference
@ -116,8 +115,8 @@ class UserApiCapabilityTest < ActiveSupport::TestCase
assert ability.can? act, UserPreference
end
token = create(:oauth_access_token, :user => user, :scopes => %w[write_prefs])
ability = ApiAbility.new user, token
scopes = Set.new %w[write_prefs]
ability = ApiAbility.new user, scopes
[:index, :show].each do |act|
assert ability.cannot? act, UserPreference