Add authentication to API, but not sure it is best way.

author: jessib <jessib@riseup.net> 2013-12-31 12:16:43 -0800
committer: jessib <jessib@riseup.net> 2013-12-31 12:16:43 -0800
commit: 47d9b62913789358aefe769de6b7e33da8547891 (patch)
tree: 20f9bf0f60b3a45209b94850c62245646d11c79c /users/test/functional/v1
parent: fe3e374daa274a38723da52d929805b80f7ef383 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/users/test/functional/v1/messages_controller_test.rb b/users/test/functional/v1/messages_controller_test.rb
index 7666ba3..0bc09be 100644
--- a/users/test/functional/v1/messages_controller_test.rb
+++ b/users/test/functional/v1/messages_controller_test.rb
@@ -2,14 +2,13 @@ require 'test_helper'
 
 class V1::MessagesControllerTest < ActionController::TestCase
 
-  #TODO ensure authentication for all tests here
-
   setup do
     @message = Message.new(:text => 'a test message')
     @message.save
     @user = FactoryGirl.build(:user)
     @user.message_ids_to_see << @message.id
     @user.save
+    login :is_admin? => true
   end
 
   teardown do
@@ -52,4 +51,10 @@ class V1::MessagesControllerTest < ActionController::TestCase
     assert_json_response false
  end
 
+  test "fails if not admin" do
+    login :is_admin? => false
+    get :user_messages, :user_id => @user.id
+    assert_access_denied
+  end
+
 end
author	jessib <jessib@riseup.net>	2013-12-31 12:16:43 -0800
committer	jessib <jessib@riseup.net>	2013-12-31 12:16:43 -0800
commit	47d9b62913789358aefe769de6b7e33da8547891 (patch)
tree	20f9bf0f60b3a45209b94850c62245646d11c79c /users/test/functional/v1
parent	fe3e374daa274a38723da52d929805b80f7ef383 (diff)