diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2019-06-04 20:10:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-06-04 20:10:26 +0200 |
commit | 48fee1a800a262ce26171d724c15738d083eb6d6 (patch) | |
tree | 83ffc708e37db457e65b14386eb7e9d348417a66 /spec | |
parent | 6077eca240d3dc8765380c99896d85ab6e9c4ea9 (diff) |
Fix poll API not requiring authentication on non-public polls (#10960)
* Fix poll API not requiring authentication on non-public polls That API does not reveal the content of the status, i.e. the question itself, nor who the author is, nor which status it belongs to, but it does reveal the poll options and how many answers they got Fix #10959 * Add test
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/api/v1/polls_controller_spec.rb | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/spec/controllers/api/v1/polls_controller_spec.rb b/spec/controllers/api/v1/polls_controller_spec.rb index 2b8d5f3ef..851bccb7e 100644 --- a/spec/controllers/api/v1/polls_controller_spec.rb +++ b/spec/controllers/api/v1/polls_controller_spec.rb @@ -10,14 +10,26 @@ RSpec.describe Api::V1::PollsController, type: :controller do before { allow(controller).to receive(:doorkeeper_token) { token } } describe 'GET #show' do - let(:poll) { Fabricate(:poll) } + let(:poll) { Fabricate(:poll, status: Fabricate(:status, visibility: visibility)) } before do get :show, params: { id: poll.id } end - it 'returns http success' do - expect(response).to have_http_status(200) + context 'when parent status is public' do + let(:visibility) { 'public' } + + it 'returns http success' do + expect(response).to have_http_status(200) + end + end + + context 'when parent status is private' do + let(:visibility) { 'private' } + + it 'returns http not found' do + expect(response).to have_http_status(404) + end end end end |