Adds test to make sure moderators can't make master keys
It wasn't obvious from the code, plus we'd never want this to regress!
This commit is contained in:
Robin Ward
parent
1a01385e88
commit
3bb4f4c5ef
|
|
@ -7,6 +7,8 @@ describe Admin::ApiController do
|
||||||
end
|
end
|
||||||
|
|
||||||
let(:admin) { Fabricate(:admin) }
|
let(:admin) { Fabricate(:admin) }
|
||||||
|
|
||||||
|
context "as an admin" do
|
||||||
before do
|
before do
|
||||||
sign_in(admin)
|
sign_in(admin)
|
||||||
end
|
end
|
||||||
|
|
@ -51,13 +53,24 @@ describe Admin::ApiController do
|
||||||
expect(ApiKey.where(key: api_key.key).count).to eq(0)
|
expect(ApiKey.where(key: api_key.key).count).to eq(0)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe '#create_master_key' do
|
describe '#create_master_key' do
|
||||||
it "creates a record" do
|
it "creates a record" do
|
||||||
|
sign_in(admin)
|
||||||
expect do
|
expect do
|
||||||
post "/admin/api/key.json"
|
post "/admin/api/key.json"
|
||||||
end.to change(ApiKey, :count).by(1)
|
end.to change(ApiKey, :count).by(1)
|
||||||
expect(response.status).to eq(200)
|
expect(response.status).to eq(200)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "doesn't allow moderators to create master keys" do
|
||||||
|
sign_in(Fabricate(:moderator))
|
||||||
|
expect do
|
||||||
|
post "/admin/api/key.json"
|
||||||
|
end.to change(ApiKey, :count).by(0)
|
||||||
|
expect(response.status).to eq(404)
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue