X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f3b8d03f7063b162355bccfd71aeb2b8b67bbdbb..01cd85043c8692b8fd743e87a304e23be6172e21:/services/api/test/integration/api_client_authorizations_scopes_test.rb diff --git a/services/api/test/integration/api_client_authorizations_scopes_test.rb b/services/api/test/integration/api_client_authorizations_scopes_test.rb index 3b28a3163f..93e5b42a21 100644 --- a/services/api/test/integration/api_client_authorizations_scopes_test.rb +++ b/services/api/test/integration/api_client_authorizations_scopes_test.rb @@ -44,15 +44,15 @@ class ApiTokensScopeTest < ActionDispatch::IntegrationTest assert_response 403 end - test "specimens token can see exactly owned specimens" do - get_args = {params: {}, headers: auth(:active_specimens)} - get(v1_url('specimens'), **get_args) + test "collections token can see exactly owned collections" do + get_args = {params: {}, headers: auth(:active_all_collections)} + get(v1_url('collections'), **get_args) assert_response 403 - get(v1_url('specimens', specimens(:owned_by_active_user).uuid), **get_args) + get(v1_url('collections', collections(:collection_owned_by_active).uuid), **get_args) assert_response :success - head(v1_url('specimens', specimens(:owned_by_active_user).uuid), **get_args) + head(v1_url('collections', collections(:collection_owned_by_active).uuid), **get_args) assert_response :success - get(v1_url('specimens', specimens(:owned_by_spectator).uuid), **get_args) + get(v1_url('collections', collections(:collection_owned_by_foo).uuid), **get_args) assert_includes(403..404, @response.status) end @@ -70,7 +70,7 @@ class ApiTokensScopeTest < ActionDispatch::IntegrationTest token_count = get_token_count # Test the POST scope. post(v1_url('api_client_authorizations'), - params: {api_client_authorization: {user_id: users(:active).id}}, + params: {api_client_authorization: {owner_uuid: users(:active).uuid}}, headers: auth(:active_apitokens)) assert_response :success assert_equal(token_count + 1, get_token_count,