From 1f6ed4f86ab2aa98bb271b40bf381370fab4fdf2 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 5 Jul 2018 18:31:35 +0200 Subject: Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope --- spec/controllers/api/v1/accounts/credentials_controller_spec.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'spec/controllers/api/v1/accounts/credentials_controller_spec.rb') diff --git a/spec/controllers/api/v1/accounts/credentials_controller_spec.rb b/spec/controllers/api/v1/accounts/credentials_controller_spec.rb index 9a52fd14c..727669886 100644 --- a/spec/controllers/api/v1/accounts/credentials_controller_spec.rb +++ b/spec/controllers/api/v1/accounts/credentials_controller_spec.rb @@ -4,7 +4,7 @@ describe Api::V1::Accounts::CredentialsController do render_views let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read write') } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } context 'with an oauth token' do before do @@ -12,6 +12,8 @@ describe Api::V1::Accounts::CredentialsController do end describe 'GET #show' do + let(:scopes) { 'read:accounts' } + it 'returns http success' do get :show expect(response).to have_http_status(200) @@ -19,6 +21,8 @@ describe Api::V1::Accounts::CredentialsController do end describe 'PATCH #update' do + let(:scopes) { 'write:accounts' } + describe 'with valid data' do before do allow(ActivityPub::UpdateDistributionWorker).to receive(:perform_async) -- cgit