X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/9090c60b28de593b8bb2ce606a9ab35b62b57608..8a0e9c549595e114a0eadc9d6792a17fb59d0f3e:/services/api/test/integration/reader_tokens_test.rb

diff --git a/services/api/test/integration/reader_tokens_test.rb b/services/api/test/integration/reader_tokens_test.rb
index 23dd42f302..e8e8c910c7 100644
--- a/services/api/test/integration/reader_tokens_test.rb
+++ b/services/api/test/integration/reader_tokens_test.rb
@@ -1,3 +1,7 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 require 'test_helper'
 
 class ReaderTokensTest < ActionDispatch::IntegrationTest
@@ -12,7 +16,7 @@ class ReaderTokensTest < ActionDispatch::IntegrationTest
     params[:reader_tokens] = [api_token(read_auth)].send(formatter) if read_auth
     headers = {}
     headers.merge!(auth(main_auth)) if main_auth
-    get('/arvados/v1/specimens', params, headers)
+    get('/arvados/v1/specimens', params: params, headers: headers)
   end
 
   def get_specimen_uuids(main_auth, read_auth, formatter=:to_a)
@@ -30,8 +34,8 @@ class ReaderTokensTest < ActionDispatch::IntegrationTest
       expected = 401
     end
     post('/arvados/v1/specimens.json',
-         {specimen: {}, reader_tokens: [api_token(read_auth)].send(formatter)},
-         headers)
+      params: {specimen: {}, reader_tokens: [api_token(read_auth)].send(formatter)},
+      headers: headers)
     assert_response expected
   end
 
@@ -46,30 +50,23 @@ class ReaderTokensTest < ActionDispatch::IntegrationTest
 
   [nil, :active_noscope].each do |main_auth|
     [:spectator, :spectator_specimens].each do |read_auth|
-      test "#{main_auth} auth with reader token #{read_auth} can read" do
-        assert_includes(get_specimen_uuids(main_auth, read_auth),
-                        spectator_specimen, "did not find spectator specimen")
-      end
-
-      test "#{main_auth} auth with JSON read token #{read_auth} can read" do
-        assert_includes(get_specimen_uuids(main_auth, read_auth, :to_json),
-                        spectator_specimen, "did not find spectator specimen")
-      end
-
-      test "#{main_auth} auth with reader token #{read_auth} can't write" do
-        assert_post_denied(main_auth, read_auth)
-      end
+      [:to_a, :to_json].each do |formatter|
+        test "#{main_auth.inspect} auth with #{formatter} reader token #{read_auth} can#{"'t" if main_auth} read" do
+          get_specimens(main_auth, read_auth)
+          assert_response(if main_auth then 403 else 200 end)
+        end
 
-      test "#{main_auth} auth with JSON read token #{read_auth} can't write" do
-        assert_post_denied(main_auth, read_auth, :to_json)
+        test "#{main_auth.inspect} auth with #{formatter} reader token #{read_auth} can't write" do
+          assert_post_denied(main_auth, read_auth, formatter)
+        end
       end
     end
   end
 
   test "scopes are still limited with reader tokens" do
     get('/arvados/v1/collections',
-        {reader_tokens: [api_token(:spectator_specimens)]},
-        auth(:active_noscope))
+      params: {reader_tokens: [api_token(:spectator_specimens)]},
+      headers: auth(:active_noscope))
     assert_response 403
   end