Merge branch '468_oauth2_scopes' into 'develop'

[#468] OAuth2 scopes Closes #468 See merge request pleroma/pleroma!799
author: lambda <pleromagit@rogerbraun.net> 2019-02-20 16:15:45 +0000
committer: lambda <pleromagit@rogerbraun.net> 2019-02-20 16:15:45 +0000
commit: dff5e1e46ab5e622ae0cc4b4422ae57ce0a0d5de (patch)
tree: 3e71afab323f4677b142ed6e9f45e6ecab226b1e /test/web/mastodon_api/mastodon_api_controller_test.exs
parent: 11b3c10c54254ecad4b52f27856b8d95629e541c (diff)
parent: b574d97c2ee5ea926342b6ef00d9c22c1cc7ebdd (diff)
download: pleroma-dff5e1e46ab5e622ae0cc4b4422ae57ce0a0d5de.tar.gz
pleroma-dff5e1e46ab5e622ae0cc4b4422ae57ce0a0d5de.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index e804ae203..691264135 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -1556,6 +1556,24 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
       assert user_response = json_response(conn, 200)
       assert user_response["header"] != User.banner_url(user)
     end
+
+    test "requires 'write' permission", %{conn: conn} do
+      token1 = insert(:oauth_token, scopes: ["read"])
+      token2 = insert(:oauth_token, scopes: ["write", "follow"])
+
+      for token <- [token1, token2] do
+        conn =
+          conn
+          |> put_req_header("authorization", "Bearer #{token.token}")
+          |> patch("/api/v1/accounts/update_credentials", %{})
+
+        if token == token1 do
+          assert %{"error" => "Insufficient permissions: write."} == json_response(conn, 403)
+        else
+          assert json_response(conn, 200)
+        end
+      end
+    end
   end
 
   test "get instance information", %{conn: conn} do
author	lambda <pleromagit@rogerbraun.net>	2019-02-20 16:15:45 +0000
committer	lambda <pleromagit@rogerbraun.net>	2019-02-20 16:15:45 +0000
commit	dff5e1e46ab5e622ae0cc4b4422ae57ce0a0d5de (patch)
tree	3e71afab323f4677b142ed6e9f45e6ecab226b1e /test/web/mastodon_api/mastodon_api_controller_test.exs
parent	11b3c10c54254ecad4b52f27856b8d95629e541c (diff)
parent	b574d97c2ee5ea926342b6ef00d9c22c1cc7ebdd (diff)
download	pleroma-dff5e1e46ab5e622ae0cc4b4422ae57ce0a0d5de.tar.gz pleroma-dff5e1e46ab5e622ae0cc4b4422ae57ce0a0d5de.zip