diff options
-rw-r--r-- | users/app/controllers/v1/messages_controller.rb | 2 | ||||
-rw-r--r-- | users/test/functional/v1/messages_controller_test.rb | 9 |
2 files changed, 8 insertions, 3 deletions
diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index 42a88f7..b58dfe9 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -1,7 +1,7 @@ module V1 class MessagesController < ApplicationController - # TODO need to add authentication + before_filter :authorize_admin # not sure this is best way respond_to :json # for now, will not pass unseen, so unseen will always be true diff --git a/users/test/functional/v1/messages_controller_test.rb b/users/test/functional/v1/messages_controller_test.rb index 7666ba3..0bc09be 100644 --- a/users/test/functional/v1/messages_controller_test.rb +++ b/users/test/functional/v1/messages_controller_test.rb @@ -2,14 +2,13 @@ require 'test_helper' class V1::MessagesControllerTest < ActionController::TestCase - #TODO ensure authentication for all tests here - setup do @message = Message.new(:text => 'a test message') @message.save @user = FactoryGirl.build(:user) @user.message_ids_to_see << @message.id @user.save + login :is_admin? => true end teardown do @@ -52,4 +51,10 @@ class V1::MessagesControllerTest < ActionController::TestCase assert_json_response false end + test "fails if not admin" do + login :is_admin? => false + get :user_messages, :user_id => @user.id + assert_access_denied + end + end |