summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
Diffstat (limited to 'spec')
-rw-r--r--spec/fixtures/api/schemas/public_api/v4/user/public.json2
-rw-r--r--spec/requests/api/keys_spec.rb6
-rw-r--r--spec/requests/api/users_spec.rb8
-rw-r--r--spec/requests/api/v3/users_spec.rb6
4 files changed, 18 insertions, 4 deletions
diff --git a/spec/fixtures/api/schemas/public_api/v4/user/public.json b/spec/fixtures/api/schemas/public_api/v4/user/public.json
index 5587cfec61a..faa126b65f2 100644
--- a/spec/fixtures/api/schemas/public_api/v4/user/public.json
+++ b/spec/fixtures/api/schemas/public_api/v4/user/public.json
@@ -9,7 +9,6 @@
"avatar_url",
"web_url",
"created_at",
- "is_admin",
"bio",
"location",
"skype",
@@ -43,7 +42,6 @@
"avatar_url": { "type": "string" },
"web_url": { "type": "string" },
"created_at": { "type": "date" },
- "is_admin": { "type": "boolean" },
"bio": { "type": ["string", "null"] },
"location": { "type": ["string", "null"] },
"skype": { "type": "string" },
diff --git a/spec/requests/api/keys_spec.rb b/spec/requests/api/keys_spec.rb
index b5586088485..ab957c72984 100644
--- a/spec/requests/api/keys_spec.rb
+++ b/spec/requests/api/keys_spec.rb
@@ -32,6 +32,12 @@ describe API::Keys do
expect(json_response['user']['id']).to eq(user.id)
expect(json_response['user']['username']).to eq(user.username)
end
+
+ it "does not include the user's `is_admin` flag" do
+ get api("/keys/#{key.id}", admin)
+
+ expect(json_response['user']['is_admin']).to be_nil
+ end
end
end
end
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 2c6ae592d91..4919ad19833 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -135,6 +135,12 @@ describe API::Users do
expect(json_response['username']).to eq(user.username)
end
+ it "does not return the user's `is_admin` flag" do
+ get api("/users/#{user.id}", user)
+
+ expect(json_response['is_admin']).to be_nil
+ end
+
it "returns a 401 if unauthenticated" do
get api("/users/9998")
expect(response).to have_http_status(401)
@@ -397,7 +403,6 @@ describe API::Users do
it "updates admin status" do
put api("/users/#{user.id}", admin), { admin: true }
expect(response).to have_http_status(200)
- expect(json_response['is_admin']).to eq(true)
expect(user.reload.admin).to eq(true)
end
@@ -411,7 +416,6 @@ describe API::Users do
it "does not update admin status" do
put api("/users/#{admin_user.id}", admin), { can_create_group: false }
expect(response).to have_http_status(200)
- expect(json_response['is_admin']).to eq(true)
expect(admin_user.reload.admin).to eq(true)
expect(admin_user.can_create_group).to eq(false)
end
diff --git a/spec/requests/api/v3/users_spec.rb b/spec/requests/api/v3/users_spec.rb
index 05ee704f738..e9c57f7c6c3 100644
--- a/spec/requests/api/v3/users_spec.rb
+++ b/spec/requests/api/v3/users_spec.rb
@@ -274,5 +274,11 @@ describe API::V3::Users do
expect(new_user).to be_confirmed
end
+
+ it 'does not reveal the `is_admin` flag of the user' do
+ post v3_api('/users', admin), attributes_for(:user)
+
+ expect(json_response['is_admin']).to be_nil
+ end
end
end
View Lorry Controller Status