summaryrefslogtreecommitdiff
path: root/spec/requests/api/helpers_spec.rb
Commit message (Collapse)AuthorAgeFilesLines
* Enable the Layout/SpaceBeforeBlockBraces coprc/enable-the-Layout/SpaceBeforeBlockBraces-copRémy Coutable2017-08-091-2/+2
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Add specsDouwe Maan2017-07-271-6/+44
|
* Test OAuth token scope verification in the `API::Users` endpointTimothy Andrew2017-06-281-1/+3
|
* Allow API scope declarations to be applied conditionally.Timothy Andrew2017-06-281-1/+2
| | | | | | | | | | | - Scope declarations of the form: allow_access_with_scope :read_user, if: -> (request) { request.get? } will only apply for `GET` requests - Add a negative test to a `POST` endpoint in the `users` API to test this. Also test for this case in the `AccessTokenValidationService` unit tests.
* Correct RSpec/SingleLineHook cop offensesRobert Speicher2017-06-141-8/+30
|
* Auto-correct `RSpec/DescribedClass` violationsrs-described_class-cop-2Robert Speicher2017-05-011-1/+1
|
* Merge branch '29505-allow-admins-sudo-to-blocked-users' into 'master' Rémy Coutable2017-04-271-1/+27
|\ | | | | | | | | Allow admins to sudo to blocked users See merge request !10842
| * Allow admins to sudo to blocked users.29505-allow-admins-sudo-to-blocked-usersTimothy Andrew2017-04-261-1/+27
| | | | | | | | | | | | | | | | | | | | - Currently, (for example) admins can't delete snippets for blocked users, which is an unexpected limitation. - We modify `authenticate!` to conduct the `access_api` policy check against the `initial_current_user`, instead of the user being impersonated. - Update CHANGELOG for !10842
* | Unnecessary "include WaitForAjax" and "include ApiHelpers"Jacopo2017-04-211-1/+1
|/ | | | | Removed all the unnecessary include of `WaitForAjax` and `ApiHelpers` in the specs. Removed unnecessary usage of `api:true`
* fix a brittle stubhttp://jneen.net/2017-03-091-1/+1
| | | | | true is neither nil nor a user and doesn't make sense as the return value of `current_user`
* Fix specsKamil Trzcinski2017-01-191-1/+2
|
* Fix a Grape deprecation, use `#request_method` instead of `#route_method`fix-api-deprecationRémy Coutable2016-12-231-2/+2
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Modify `ApiHelpers` spec to adhere to the Four-Phase test style.Timothy Andrew2016-12-161-0/+12
| | | | - Use whitespace to separate the setup, expectation and teardown phases.
* Calls to the API are checked for scope.Timothy Andrew2016-12-161-17/+26
| | | | | | | | | | | | | | - Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
* Be smarter when finding a sudoed user in API::Helpers25482-fix-api-sudoRémy Coutable2016-12-131-2/+2
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* API: Memoize the current_user so that the sudo can work properlyRémy Coutable2016-12-121-0/+425
The issue was arising when `#current_user` was called a second time after a user was impersonated: the `User#is_admin?` check would be performed on it and it would fail. Signed-off-by: Rémy Coutable <remy@rymai.me>
View Lorry Controller Status