From 47d9b62913789358aefe769de6b7e33da8547891 Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 31 Dec 2013 12:16:43 -0800 Subject: Add authentication to API, but not sure it is best way. --- users/app/controllers/v1/messages_controller.rb | 2 +- users/test/functional/v1/messages_controller_test.rb | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'users') diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index 42a88f7..b58dfe9 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -1,7 +1,7 @@ module V1 class MessagesController < ApplicationController - # TODO need to add authentication + before_filter :authorize_admin # not sure this is best way respond_to :json # for now, will not pass unseen, so unseen will always be true diff --git a/users/test/functional/v1/messages_controller_test.rb b/users/test/functional/v1/messages_controller_test.rb index 7666ba3..0bc09be 100644 --- a/users/test/functional/v1/messages_controller_test.rb +++ b/users/test/functional/v1/messages_controller_test.rb @@ -2,14 +2,13 @@ require 'test_helper' class V1::MessagesControllerTest < ActionController::TestCase - #TODO ensure authentication for all tests here - setup do @message = Message.new(:text => 'a test message') @message.save @user = FactoryGirl.build(:user) @user.message_ids_to_see << @message.id @user.save + login :is_admin? => true end teardown do @@ -52,4 +51,10 @@ class V1::MessagesControllerTest < ActionController::TestCase assert_json_response false end + test "fails if not admin" do + login :is_admin? => false + get :user_messages, :user_id => @user.id + assert_access_denied + end + end -- cgit v1.2.3