Adds test to make sure moderators can't make master keys

It wasn't obvious from the code, plus we'd never want this to regress!
2018-09-11 12:02:06 -04:00 · 2018-09-11 12:02:06 -04:00 · 3bb4f4c5ef
parent 1a01385e88
commit 3bb4f4c5ef
1 changed files with 50 additions and 37 deletions
--- a/spec/requests/admin/api_controller_spec.rb
+++ b/spec/requests/admin/api_controller_spec.rb
@ -7,6 +7,8 @@ describe Admin::ApiController do
  end

  let(:admin) { Fabricate(:admin) }
+
+  context "as an admin" do
    before do
      sign_in(admin)
    end
@ -51,13 +53,24 @@ describe Admin::ApiController do
        expect(ApiKey.where(key: api_key.key).count).to eq(0)
      end
    end
+  end

  describe '#create_master_key' do
    it "creates a record" do
+      sign_in(admin)
      expect do
        post "/admin/api/key.json"
      end.to change(ApiKey, :count).by(1)
      expect(response.status).to eq(200)
    end
+
+    it "doesn't allow moderators to create master keys" do
+      sign_in(Fabricate(:moderator))
+      expect do
+        post "/admin/api/key.json"
+      end.to change(ApiKey, :count).by(0)
+      expect(response.status).to eq(404)
+    end
+
  end
 end