+ test "narrow + wide scoped tokens for different users" do
+ get_args = {
+ params: {
+ reader_tokens: [api_client_authorizations(:anonymous).api_token]
+ },
+ headers: auth(:active_userlist),
+ }
+ get(v1_url('users'), **get_args)
+ assert_response :success
+ get(v1_url('users', ''), **get_args) # Add trailing slash.
+ assert_response :success
+ get(v1_url('users', 'current'), **get_args)
+ assert_response 403
+ get(v1_url('virtual_machines'), **get_args)
+ assert_response 403
+ end
+