discourse/spec/models/user_api_key_spec.rb

require 'rails_helper'

describe UserApiKey do
  context "#allow?" do
    it "can look up permissions correctly" do
      key = UserApiKey.new(scopes: ['message_bus', 'notifications'])

      expect(key.allow?("PATH_INFO" => "/random", "REQUEST_METHOD" => "GET")).to eq(false)
      expect(key.allow?("PATH_INFO" => "/message-bus/1234/poll", "REQUEST_METHOD" => "POST")).to eq(true)

      expect(key.allow?("action_dispatch.request.path_parameters" => {:controller => "notifications", :action => "mark_read"},
                        "PATH_INFO" => "/xyz", "REQUEST_METHOD" => "PUT")).to eq(true)


      expect(key.allow?("action_dispatch.request.path_parameters" => {:controller => "user_api_keys", :action => "revoke"},
                        "PATH_INFO" => "/xyz", "REQUEST_METHOD" => "POST")).to eq(true)

    end

    it "can allow blanket read" do

      key = UserApiKey.new(scopes: ['read'])

      expect(key.allow?("PATH_INFO" => "/random", "REQUEST_METHOD" => "GET")).to eq(true)
      expect(key.allow?("PATH_INFO" => "/random", "REQUEST_METHOD" => "PUT")).to eq(false)
    end
  end
end