diff options
author | jessib <jessib@riseup.net> | 2013-12-31 12:16:43 -0800 |
---|---|---|
committer | jessib <jessib@riseup.net> | 2013-12-31 12:16:43 -0800 |
commit | 47d9b62913789358aefe769de6b7e33da8547891 (patch) | |
tree | 20f9bf0f60b3a45209b94850c62245646d11c79c /users/test | |
parent | fe3e374daa274a38723da52d929805b80f7ef383 (diff) |
Add authentication to API, but not sure it is best way.
Diffstat (limited to 'users/test')
-rw-r--r-- | users/test/functional/v1/messages_controller_test.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/users/test/functional/v1/messages_controller_test.rb b/users/test/functional/v1/messages_controller_test.rb index 7666ba3..0bc09be 100644 --- a/users/test/functional/v1/messages_controller_test.rb +++ b/users/test/functional/v1/messages_controller_test.rb @@ -2,14 +2,13 @@ require 'test_helper' class V1::MessagesControllerTest < ActionController::TestCase - #TODO ensure authentication for all tests here - setup do @message = Message.new(:text => 'a test message') @message.save @user = FactoryGirl.build(:user) @user.message_ids_to_see << @message.id @user.save + login :is_admin? => true end teardown do @@ -52,4 +51,10 @@ class V1::MessagesControllerTest < ActionController::TestCase assert_json_response false end + test "fails if not admin" do + login :is_admin? => false + get :user_messages, :user_id => @user.id + assert_access_denied + end + end |