diff options
author | NavaL <ayoyo@thoughtworks.com> | 2016-07-14 15:06:20 +0200 |
---|---|---|
committer | NavaL <ayoyo@thoughtworks.com> | 2016-07-14 15:45:09 +0200 |
commit | ab1917c5fe0f03e7719863a5598ad575d9fef302 (patch) | |
tree | 1aba29d7cfa25489d7f53528e022ff14ecb24961 /test/unit/user_test.rb | |
parent | e3c2cb91dfef5c39c608b967e702e9de977d1bd2 (diff) |
[feature] restrict is_admin in the user api, to only allow querying
for him/herself
So that it we do not expose the is_admin property to anyone else
including other admins.
Diffstat (limited to 'test/unit/user_test.rb')
-rw-r--r-- | test/unit/user_test.rb | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index 55d0648..02e94df 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -71,13 +71,12 @@ class UserTest < ActiveSupport::TestCase assert_equal key, @user.public_key end - test "user to json includes id, login, valid, is_admin and enabled" do - json_content = JSON.parse @user.to_json - assert_equal @user.id, json_content["id"] - assert_equal @user.valid?, json_content["ok"] - assert_equal @user.login, json_content["login"] - assert_equal @user.enabled?, json_content["enabled"] - assert_equal @user.is_admin?, json_content["is_admin"] + test "user to hash includes id, login, valid and enabled" do + hash = @user.to_hash + assert_equal @user.id, hash[:id] + assert_equal @user.valid?, hash[:ok] + assert_equal @user.login, hash[:login] + assert_equal @user.enabled?, hash[:enabled] end |