gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Add more granular OAuth scopes (#7929)

Browse source 
* Add more granular OAuth scopes

* Add human-readable descriptions of the new scopes

* Ensure new scopes look good on the app UI

* Add tests

* Group scopes in screen and color-code dangerous ones

* Fix wrong extra scope
This commit is contained in:
Eugen Rochko 2018-07-05 18:31:35 +02:00 committed by GitHub
parent ca2cc556f1
commit 1f6ed4f86a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
69 changed files with 295 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

7
spec/controllers/api/v1/statuses_controller_spec.rb
View file

@ -5,7 +5,7 @@ RSpec.describe Api::V1::StatusesController, type: :controller do
let(:user) { Fabricate(:user, account: Fabricate(:account, username: 'alice')) }
let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, application: app, scopes: 'write') }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, application: app, scopes: scopes) }
context 'with an oauth token' do
before do
@ -13,6 +13,7 @@ RSpec.describe Api::V1::StatusesController, type: :controller do
end
describe 'GET #show' do
let(:scopes) { 'read:statuses' }
let(:status) { Fabricate(:status, account: user.account) }
it 'returns http success' do
@ -22,6 +23,7 @@ RSpec.describe Api::V1::StatusesController, type: :controller do
end
describe 'GET #context' do
let(:scopes) { 'read:statuses' }
let(:status) { Fabricate(:status, account: user.account) }
before do
@ -35,6 +37,8 @@ RSpec.describe Api::V1::StatusesController, type: :controller do
end
describe 'POST #create' do
let(:scopes) { 'write:statuses' }
before do
post :create, params: { status: 'Hello world' }
end
@ -45,6 +49,7 @@ RSpec.describe Api::V1::StatusesController, type: :controller do
end
describe 'DELETE #destroy' do
let(:scopes) { 'write:statuses' }
let(:status) { Fabricate(:status, account: user.account) }
before do