X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/02377152d7e368b6b73b2a94ceb68c99f9d55959..0f644e242ef37c911ad3dc25aca8135c339de349:/services/api/test/integration/api_client_authorizations_scopes_test.rb diff --git a/services/api/test/integration/api_client_authorizations_scopes_test.rb b/services/api/test/integration/api_client_authorizations_scopes_test.rb index 20f83dc0ff..dba801920c 100644 --- a/services/api/test/integration/api_client_authorizations_scopes_test.rb +++ b/services/api/test/integration/api_client_authorizations_scopes_test.rb @@ -1,14 +1,18 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + # The v1 API uses token scopes to control access to the REST API at the path # level. This is enforced in the base ApplicationController, making it a # functional test that we can run against many different controllers. require 'test_helper' -class Arvados::V1::ApiTokensScopeTest < ActionController::IntegrationTest +class ApiTokensScopeTest < ActionDispatch::IntegrationTest fixtures :all def v1_url(*parts) - (['arvados', 'v1'] + parts).join('/') + (['', 'arvados', 'v1'] + parts).join('/') end test "user list token can only list users" do @@ -29,6 +33,8 @@ class Arvados::V1::ApiTokensScopeTest < ActionController::IntegrationTest assert_response 403 get(v1_url('specimens', specimens(:owned_by_active_user).uuid), *get_args) assert_response :success + head(v1_url('specimens', specimens(:owned_by_active_user).uuid), *get_args) + assert_response :success get(v1_url('specimens', specimens(:owned_by_spectator).uuid), *get_args) assert_includes(403..404, @response.status) end @@ -63,7 +69,7 @@ class Arvados::V1::ApiTokensScopeTest < ActionController::IntegrationTest req_args = [{}, auth(:admin_noscope)] get(v1_url('logs'), *req_args) assert_response 403 - get(v1_url('logs', logs(:log1).uuid), *req_args) + get(v1_url('logs', logs(:noop).uuid), *req_args) assert_response 403 post(v1_url('logs'), *req_args) assert_response 403