Prevent unauthenticated users commenting on notes via the API

2023-11-23 16:46:36 +00:00 · 2023-11-23 16:46:36 +00:00 · efd2b92a80
commit efd2b92a80
parent 5d916975db
2 changed files with 4 additions and 4 deletions
--- a/test/abilities/api_abilities_test.rb
+++ b/test/abilities/api_abilities_test.rb
@ -9,11 +9,11 @@ class GuestApiAbilityTest < ApiAbilityTest
  test "note permissions for a guest" do
    ability = ApiAbility.new nil

-    [:index, :create, :comment, :feed, :show, :search].each do |action|
+    [:index, :create, :feed, :show, :search].each do |action|
      assert ability.can?(action, Note), "should be able to #{action} Notes"
    end

-    [:close, :reopen, :destroy].each do |action|
+    [:comment, :close, :reopen, :destroy].each do |action|
      assert ability.cannot?(action, Note), "should not be able to #{action} Notes"
    end
  end