X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/e87cfcde836ef572a722d645655c7a05fb3f473d..5b863886118890cc81b728a3a606ea823c836f2b:/services/api/test/integration/reader_tokens_test.rb

diff --git a/services/api/test/integration/reader_tokens_test.rb b/services/api/test/integration/reader_tokens_test.rb
index c0b8cfeec6..a60be093a3 100644
--- a/services/api/test/integration/reader_tokens_test.rb
+++ b/services/api/test/integration/reader_tokens_test.rb
@@ -1,26 +1,44 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 require 'test_helper'
 
-class Arvados::V1::ReaderTokensTest < ActionController::IntegrationTest
+class ReaderTokensTest < ActionDispatch::IntegrationTest
   fixtures :all
 
   def spectator_specimen
     specimens(:owned_by_spectator).uuid
   end
 
-  def get_specimens(main_auth, read_auth)
+  def get_specimens(main_auth, read_auth, formatter=:to_a)
     params = {}
-    params[:reader_tokens] = [api_token(read_auth)] if read_auth
+    params[:reader_tokens] = [api_token(read_auth)].send(formatter) if read_auth
     headers = {}
     headers.merge!(auth(main_auth)) if main_auth
     get('/arvados/v1/specimens', params, headers)
   end
 
-  def get_specimen_uuids(main_auth, read_auth)
-    get_specimens(main_auth, read_auth)
+  def get_specimen_uuids(main_auth, read_auth, formatter=:to_a)
+    get_specimens(main_auth, read_auth, formatter)
     assert_response :success
     json_response['items'].map { |spec| spec['uuid'] }
   end
 
+  def assert_post_denied(main_auth, read_auth, formatter=:to_a)
+    if main_auth
+      headers = auth(main_auth)
+      expected = 403
+    else
+      headers = {}
+      expected = 401
+    end
+    post('/arvados/v1/specimens.json',
+         {specimen: {}, reader_tokens: [api_token(read_auth)].send(formatter)},
+         headers)
+    assert_response expected
+  end
+
   test "active user can't see spectator specimen" do
     # Other tests in this suite assume that the active user doesn't
     # have read permission to the owned_by_spectator specimen.
@@ -32,22 +50,15 @@ class Arvados::V1::ReaderTokensTest < ActionController::IntegrationTest
 
   [nil, :active_noscope].each do |main_auth|
     [:spectator, :spectator_specimens].each do |read_auth|
-      test "#{main_auth} auth with reader token #{read_auth} can read" do
-        assert_includes(get_specimen_uuids(main_auth, read_auth),
-                        spectator_specimen, "did not find spectator specimen")
-      end
+      [:to_a, :to_json].each do |formatter|
+        test "#{main_auth.inspect} auth with #{formatter} reader token #{read_auth} can#{"'t" if main_auth} read" do
+          get_specimens(main_auth, read_auth)
+          assert_response(if main_auth then 403 else 200 end)
+        end
 
-      test "#{main_auth} auth with reader token #{read_auth} can't write" do
-        if main_auth
-          headers = auth(main_auth)
-          expected = 403
-        else
-          headers = {}
-          expected = 401
+        test "#{main_auth.inspect} auth with #{formatter} reader token #{read_auth} can't write" do
+          assert_post_denied(main_auth, read_auth, formatter)
         end
-        post('/arvados/v1/specimens.json',
-             {specimen: {}, reader_tokens: [api_token(read_auth)]}, headers)
-        assert_response expected
       end
     end
   end