Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/requests/admin/admin_controller_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

68 lines
1.8 KiB
Ruby
Raw Normal View History

DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction
2019-04-29 20:27:42 -04:00
# frozen_string_literal: true
Move new controller specs to reqeusts folder.
2017-08-23 23:01:11 -04:00
RSpec.describe Admin::AdminController do
DEV: Extend specs coverage for non-admin access to admin endpoints (#18833) Replace base controller class inheritance specs with explicit specs for non-staff and moderator access to admin resources
2022-11-02 23:42:44 -04:00
fab!(:admin) { Fabricate(:admin) }
fab!(:moderator) { Fabricate(:moderator) }
describe "#index" do
context "when unauthenticated" do
it "denies access with a 404 response" do
get "/admin.json"
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
end
REFACTOR: admin controller specs to requests (#5978)
2018-06-11 00:32:55 -04:00
end
FIX: don't return 200s when login is required to paths When running `ensure_login_required` it should always happen prior to `check_xhr` cause check xhr will trigger a 200 response
2018-01-31 20:26:45 -05:00
DEV: Extend specs coverage for non-admin access to admin endpoints (#18833) Replace base controller class inheritance specs with explicit specs for non-staff and moderator access to admin resources
2022-11-02 23:42:44 -04:00
context "when authenticated" do
context "as an admin" do
it "permits access with a 200 response" do
sign_in(admin)
get "/admin.json"
expect(response.status).to eq(200)
end
end
context "as a non-admin" do
it "denies access with a 403 response" do
sign_in(moderator)
get "/admin.json"
expect(response.status).to eq(403)
expect(response.parsed_body["errors"]).to include(I18n.t("invalid_access"))
end
end
context "when user is admin with api key" do
it "permits access with a 200 response" do
api_key = Fabricate(:api_key, user: admin)
get "/admin.json",
headers: {
HTTP_API_KEY: api_key.key,
HTTP_API_USERNAME: admin.username,
}
expect(response.status).to eq(200)
end
end
context "when user is a non-admin with api key" do
it "denies access with a 403 response" do
api_key = Fabricate(:api_key, user: moderator)
get "/admin.json",
headers: {
HTTP_API_KEY: api_key.key,
HTTP_API_USERNAME: moderator.username,
}
REFACTOR: admin controller specs to requests (#5978)
2018-06-11 00:32:55 -04:00
DEV: Extend specs coverage for non-admin access to admin endpoints (#18833) Replace base controller class inheritance specs with explicit specs for non-staff and moderator access to admin resources
2022-11-02 23:42:44 -04:00
expect(response.status).to eq(403)
expect(response.parsed_body["errors"]).to include(I18n.t("invalid_access"))
end
end
REFACTOR: admin controller specs to requests (#5978)
2018-06-11 00:32:55 -04:00
end
FIX: Return 404 if API access is invalid.
2017-08-10 05:27:01 -04:00
end
end