params[:reader_tokens] = [api_token(read_auth)].send(formatter) if read_auth
headers = {}
headers.merge!(auth(main_auth)) if main_auth
- get('/arvados/v1/specimens', params, headers)
+ get('/arvados/v1/specimens', params: params, headers: headers)
end
def get_specimen_uuids(main_auth, read_auth, formatter=:to_a)
expected = 401
end
post('/arvados/v1/specimens.json',
- {specimen: {}, reader_tokens: [api_token(read_auth)].send(formatter)},
- headers)
+ params: {specimen: {}, reader_tokens: [api_token(read_auth)].send(formatter)},
+ headers: headers)
assert_response expected
end
[nil, :active_noscope].each do |main_auth|
[:spectator, :spectator_specimens].each do |read_auth|
[:to_a, :to_json].each do |formatter|
- test "#{main_auth.inspect} auth with #{formatter} reader token #{read_auth} can't read" do
+ test "#{main_auth.inspect} auth with #{formatter} reader token #{read_auth} can#{"'t" if main_auth} read" do
get_specimens(main_auth, read_auth)
- assert_response(if main_auth then 403 else 302 end)
+ assert_response(if main_auth then 403 else 200 end)
end
test "#{main_auth.inspect} auth with #{formatter} reader token #{read_auth} can't write" do
test "scopes are still limited with reader tokens" do
get('/arvados/v1/collections',
- {reader_tokens: [api_token(:spectator_specimens)]},
- auth(:active_noscope))
+ params: {reader_tokens: [api_token(:spectator_specimens)]},
+ headers: auth(:active_noscope))
assert_response 403
end
projects / arvados.git / blobdiff