From 1f6ed4f86ab2aa98bb271b40bf381370fab4fdf2 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 5 Jul 2018 18:31:35 +0200 Subject: Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope --- spec/controllers/api/v1/lists/accounts_controller_spec.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'spec/controllers/api/v1/lists/accounts_controller_spec.rb') diff --git a/spec/controllers/api/v1/lists/accounts_controller_spec.rb b/spec/controllers/api/v1/lists/accounts_controller_spec.rb index c37a481d6..08c22de56 100644 --- a/spec/controllers/api/v1/lists/accounts_controller_spec.rb +++ b/spec/controllers/api/v1/lists/accounts_controller_spec.rb @@ -4,7 +4,7 @@ describe Api::V1::Lists::AccountsController do render_views let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read write') } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } let(:list) { Fabricate(:list, account: user.account) } before do @@ -14,6 +14,8 @@ describe Api::V1::Lists::AccountsController do end describe 'GET #index' do + let(:scopes) { 'read:lists' } + it 'returns http success' do get :show, params: { list_id: list.id } @@ -22,6 +24,7 @@ describe Api::V1::Lists::AccountsController do end describe 'POST #create' do + let(:scopes) { 'write:lists' } let(:bob) { Fabricate(:account, username: 'bob') } before do @@ -39,6 +42,8 @@ describe Api::V1::Lists::AccountsController do end describe 'DELETE #destroy' do + let(:scopes) { 'write:lists' } + before do delete :destroy, params: { list_id: list.id, account_ids: [list.accounts.first.id] } end -- cgit