github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-27 18:43:38 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
c3fadc7330
discourse/spec/requests/admin/admin_controller_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

68 lines
1.8 KiB
Ruby
Raw Normal View History

DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction
2019-04-30 08:27:42 +08:00
# frozen_string_literal: true
Move new controller specs to reqeusts folder.
2017-08-24 11:01:11 +08:00
RSpec.describe Admin::AdminController do
DEV: Allow fab! without block (#24314) The most common thing that we do with fab! is: fab!(:thing) { Fabricate(:thing) } This commit adds a shorthand for this which is just simply: fab!(:thing) i.e. If you omit the block, then, by default, you'll get a `Fabricate`d object using the fabricator of the same name.
2023-11-10 06:47:59 +08:00
fab!(:admin)
fab!(:moderator)
DEV: Extend specs coverage for non-admin access to admin endpoints (#18833) Replace base controller class inheritance specs with explicit specs for non-staff and moderator access to admin resources
2022-11-03 11:42:44 +08:00
describe "#index" do
context "when unauthenticated" do
it "denies access with a 404 response" do
get "/admin.json"
expect(response.status).to eq(404)
expect(response.parsed_body["errors"]).to include(I18n.t("not_found"))
end
REFACTOR: admin controller specs to requests (#5978)
2018-06-11 12:32:55 +08:00
end
FIX: don't return 200s when login is required to paths When running `ensure_login_required` it should always happen prior to `check_xhr` cause check xhr will trigger a 200 response
2018-02-01 09:26:45 +08:00
DEV: Extend specs coverage for non-admin access to admin endpoints (#18833) Replace base controller class inheritance specs with explicit specs for non-staff and moderator access to admin resources
2022-11-03 11:42:44 +08:00
context "when authenticated" do
context "as an admin" do
it "permits access with a 200 response" do
sign_in(admin)
get "/admin.json"
expect(response.status).to eq(200)
end
end
context "as a non-admin" do
it "denies access with a 403 response" do
sign_in(moderator)
get "/admin.json"
expect(response.status).to eq(403)
expect(response.parsed_body["errors"]).to include(I18n.t("invalid_access"))
end
end
context "when user is admin with api key" do
it "permits access with a 200 response" do
api_key = Fabricate(:api_key, user: admin)
get "/admin.json",
headers: {
HTTP_API_KEY: api_key.key,
HTTP_API_USERNAME: admin.username,
}
expect(response.status).to eq(200)
end
end
context "when user is a non-admin with api key" do
it "denies access with a 403 response" do
api_key = Fabricate(:api_key, user: moderator)
get "/admin.json",
headers: {
HTTP_API_KEY: api_key.key,
HTTP_API_USERNAME: moderator.username,
}
REFACTOR: admin controller specs to requests (#5978)
2018-06-11 12:32:55 +08:00
DEV: Extend specs coverage for non-admin access to admin endpoints (#18833) Replace base controller class inheritance specs with explicit specs for non-staff and moderator access to admin resources
2022-11-03 11:42:44 +08:00
expect(response.status).to eq(403)
expect(response.parsed_body["errors"]).to include(I18n.t("invalid_access"))
end
end
REFACTOR: admin controller specs to requests (#5978)
2018-06-11 12:32:55 +08:00
end
FIX: Return 404 if API access is invalid.
2017-08-10 17:27:01 +08:00
end
end
Reference in New Issue Copy Permalink