2019-04-29 20:27:42 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-08-23 23:01:11 -04:00
|
|
|
RSpec.describe Admin::AdminController do
|
2022-11-02 23:42:44 -04:00
|
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
|
|
fab!(:moderator) { Fabricate(:moderator) }
|
|
|
|
|
|
|
|
describe "#index" do
|
|
|
|
context "when unauthenticated" do
|
|
|
|
it "denies access with a 404 response" do
|
|
|
|
get "/admin.json"
|
|
|
|
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
|
|
|
|
end
|
2018-06-11 00:32:55 -04:00
|
|
|
end
|
2018-01-31 20:26:45 -05:00
|
|
|
|
2022-11-02 23:42:44 -04:00
|
|
|
context "when authenticated" do
|
|
|
|
context "as an admin" do
|
|
|
|
it "permits access with a 200 response" do
|
|
|
|
sign_in(admin)
|
|
|
|
get "/admin.json"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "as a non-admin" do
|
|
|
|
it "denies access with a 403 response" do
|
|
|
|
sign_in(moderator)
|
|
|
|
get "/admin.json"
|
|
|
|
|
|
|
|
expect(response.status).to eq(403)
|
|
|
|
expect(response.parsed_body["errors"]).to include(I18n.t("invalid_access"))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when user is admin with api key" do
|
|
|
|
it "permits access with a 200 response" do
|
|
|
|
api_key = Fabricate(:api_key, user: admin)
|
|
|
|
|
|
|
|
get "/admin.json", headers: {
|
|
|
|
HTTP_API_KEY: api_key.key,
|
|
|
|
HTTP_API_USERNAME: admin.username
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when user is a non-admin with api key" do
|
|
|
|
it "denies access with a 403 response" do
|
|
|
|
api_key = Fabricate(:api_key, user: moderator)
|
|
|
|
|
|
|
|
get "/admin.json", headers: {
|
|
|
|
HTTP_API_KEY: api_key.key,
|
|
|
|
HTTP_API_USERNAME: moderator.username
|
|
|
|
}
|
2018-06-11 00:32:55 -04:00
|
|
|
|
2022-11-02 23:42:44 -04:00
|
|
|
expect(response.status).to eq(403)
|
|
|
|
expect(response.parsed_body["errors"]).to include(I18n.t("invalid_access"))
|
|
|
|
end
|
|
|
|
end
|
2018-06-11 00:32:55 -04:00
|
|
|
end
|
2017-08-10 05:27:01 -04:00
|
|
|
end
|
|
|
|
end
|