From ab1917c5fe0f03e7719863a5598ad575d9fef302 Mon Sep 17 00:00:00 2001
From: NavaL <ayoyo@thoughtworks.com>
Date: Thu, 14 Jul 2016 15:06:20 +0200
Subject: [feature] restrict is_admin in the user api, to only allow querying
 for him/herself

So that it we do not expose the is_admin property to anyone else
including other admins.
---
 test/unit/user_test.rb | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'test/unit/user_test.rb')

diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 55d0648..02e94df 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -71,13 +71,12 @@ class UserTest < ActiveSupport::TestCase
     assert_equal key, @user.public_key
   end
 
-  test "user to json includes id, login, valid, is_admin and enabled" do
-    json_content = JSON.parse @user.to_json
-    assert_equal @user.id, json_content["id"]
-    assert_equal @user.valid?, json_content["ok"]
-    assert_equal @user.login, json_content["login"]
-    assert_equal @user.enabled?, json_content["enabled"]
-    assert_equal @user.is_admin?, json_content["is_admin"]
+  test "user to hash includes id, login, valid and enabled" do
+    hash = @user.to_hash
+    assert_equal @user.id, hash[:id]
+    assert_equal @user.valid?, hash[:ok]
+    assert_equal @user.login, hash[:login]
+    assert_equal @user.enabled?, hash[:enabled]
   end
 
 
-- 
cgit v1.2.3