summaryrefslogtreecommitdiff
path: root/users/test
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-12-31 12:16:43 -0800
committerjessib <jessib@riseup.net>2013-12-31 12:16:43 -0800
commit47d9b62913789358aefe769de6b7e33da8547891 (patch)
tree20f9bf0f60b3a45209b94850c62245646d11c79c /users/test
parentfe3e374daa274a38723da52d929805b80f7ef383 (diff)
Add authentication to API, but not sure it is best way.
Diffstat (limited to 'users/test')
-rw-r--r--users/test/functional/v1/messages_controller_test.rb9
1 files changed, 7 insertions, 2 deletions
diff --git a/users/test/functional/v1/messages_controller_test.rb b/users/test/functional/v1/messages_controller_test.rb
index 7666ba3..0bc09be 100644
--- a/users/test/functional/v1/messages_controller_test.rb
+++ b/users/test/functional/v1/messages_controller_test.rb
@@ -2,14 +2,13 @@ require 'test_helper'
class V1::MessagesControllerTest < ActionController::TestCase
- #TODO ensure authentication for all tests here
-
setup do
@message = Message.new(:text => 'a test message')
@message.save
@user = FactoryGirl.build(:user)
@user.message_ids_to_see << @message.id
@user.save
+ login :is_admin? => true
end
teardown do
@@ -52,4 +51,10 @@ class V1::MessagesControllerTest < ActionController::TestCase
assert_json_response false
end
+ test "fails if not admin" do
+ login :is_admin? => false
+ get :user_messages, :user_id => @user.id
+ assert_access_denied
+ end
+
end