From 47d9b62913789358aefe769de6b7e33da8547891 Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Tue, 31 Dec 2013 12:16:43 -0800
Subject: Add authentication to API, but not sure it is best way.

---
 users/test/functional/v1/messages_controller_test.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'users/test/functional/v1')

diff --git a/users/test/functional/v1/messages_controller_test.rb b/users/test/functional/v1/messages_controller_test.rb
index 7666ba3..0bc09be 100644
--- a/users/test/functional/v1/messages_controller_test.rb
+++ b/users/test/functional/v1/messages_controller_test.rb
@@ -2,14 +2,13 @@ require 'test_helper'
 
 class V1::MessagesControllerTest < ActionController::TestCase
 
-  #TODO ensure authentication for all tests here
-
   setup do
     @message = Message.new(:text => 'a test message')
     @message.save
     @user = FactoryGirl.build(:user)
     @user.message_ids_to_see << @message.id
     @user.save
+    login :is_admin? => true
   end
 
   teardown do
@@ -52,4 +51,10 @@ class V1::MessagesControllerTest < ActionController::TestCase
     assert_json_response false
  end
 
+  test "fails if not admin" do
+    login :is_admin? => false
+    get :user_messages, :user_id => @user.id
+    assert_access_denied
+  end
+
 end
-- 
cgit v1.2.3