From 1f6ed4f86ab2aa98bb271b40bf381370fab4fdf2 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 5 Jul 2018 18:31:35 +0200 Subject: Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope --- spec/controllers/api/v1/follow_requests_controller_spec.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'spec/controllers/api/v1/follow_requests_controller_spec.rb') diff --git a/spec/controllers/api/v1/follow_requests_controller_spec.rb b/spec/controllers/api/v1/follow_requests_controller_spec.rb index 3c0b84af8..87292d9ce 100644 --- a/spec/controllers/api/v1/follow_requests_controller_spec.rb +++ b/spec/controllers/api/v1/follow_requests_controller_spec.rb @@ -4,7 +4,7 @@ RSpec.describe Api::V1::FollowRequestsController, type: :controller do render_views let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice', locked: true)) } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'follow') } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } let(:follower) { Fabricate(:account, username: 'bob') } before do @@ -13,6 +13,8 @@ RSpec.describe Api::V1::FollowRequestsController, type: :controller do end describe 'GET #index' do + let(:scopes) { 'read:follows' } + before do get :index, params: { limit: 1 } end @@ -23,6 +25,8 @@ RSpec.describe Api::V1::FollowRequestsController, type: :controller do end describe 'POST #authorize' do + let(:scopes) { 'write:follows' } + before do post :authorize, params: { id: follower.id } end @@ -37,6 +41,8 @@ RSpec.describe Api::V1::FollowRequestsController, type: :controller do end describe 'POST #reject' do + let(:scopes) { 'write:follows' } + before do post :reject, params: { id: follower.id } end -- cgit