3 files changed, 67 insertions, 5 deletions

diff --git a/test/repo_test.exs b/test/repo_test.exs
index 85b64d4d1..5526b0327 100644
--- a/test/repo_test.exs
+++ b/test/repo_test.exs
@@ -4,7 +4,10 @@
 
 defmodule Pleroma.RepoTest do
   use Pleroma.DataCase
+  import ExUnit.CaptureLog
   import Pleroma.Factory
+  import Mock
+
   alias Pleroma.User
 
   describe "find_resource/1" do
@@ -46,4 +49,44 @@ defmodule Pleroma.RepoTest do
       assert Repo.get_assoc(token, :user) == {:error, :not_found}
     end
   end
+
+  describe "check_migrations_applied!" do
+    setup_with_mocks([
+      {Ecto.Migrator, [],
+       [
+         with_repo: fn repo, fun -> passthrough([repo, fun]) end,
+         migrations: fn Pleroma.Repo ->
+           [
+             {:up, 20_191_128_153_944, "fix_missing_following_count"},
+             {:up, 20_191_203_043_610, "create_report_notes"},
+             {:down, 20_191_220_174_645, "add_scopes_to_pleroma_feo_auth_records"}
+           ]
+         end
+       ]}
+    ]) do
+      :ok
+    end
+
+    test "raises if it detects unapplied migrations" do
+      assert_raise Pleroma.Repo.UnappliedMigrationsError, fn ->
+        capture_log(&Repo.check_migrations_applied!/0)
+      end
+    end
+
+    test "doesn't do anything if disabled" do
+      disable_migration_check =
+        Pleroma.Config.get([:i_am_aware_this_may_cause_data_loss, :disable_migration_check])
+
+      Pleroma.Config.put([:i_am_aware_this_may_cause_data_loss, :disable_migration_check], true)
+
+      on_exit(fn ->
+        Pleroma.Config.put(
+          [:i_am_aware_this_may_cause_data_loss, :disable_migration_check],
+          disable_migration_check
+        )
+      end)
+
+      assert :ok == Repo.check_migrations_applied!()
+    end
+  end
 end
diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs
index d70fe54b2..d11b26207 100644
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@ -1363,6 +1363,30 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       }
     end
 
+    test "requires write:reports scope", %{conn: conn, id: id, admin: admin} do
+      read_token = insert(:oauth_token, user: admin, scopes: ["read"])
+      write_token = insert(:oauth_token, user: admin, scopes: ["write:reports"])
+
+      response =
+        conn
+        |> assign(:token, read_token)
+        |> patch("/api/pleroma/admin/reports", %{
+          "reports" => [%{"state" => "resolved", "id" => id}]
+        })
+        |> json_response(403)
+
+      assert response == %{
+               "error" => "Insufficient permissions: admin:write:reports | write:reports."
+             }
+
+      conn
+      |> assign(:token, write_token)
+      |> patch("/api/pleroma/admin/reports", %{
+        "reports" => [%{"state" => "resolved", "id" => id}]
+      })
+      |> json_response(:no_content)
+    end
+
     test "mark report as resolved", %{conn: conn, id: id, admin: admin} do
       conn
       |> patch("/api/pleroma/admin/reports", %{
diff --git a/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs b/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs
index 3f7ef13bc..fb7500134 100644
--- a/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs
+++ b/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs
@@ -57,11 +57,6 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
 
     {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
 
-    conn =
-      conn
-      |> assign(:user, user)
-      |> assign(:token, insert(:oauth_token, user: user, scopes: ["read:statuses"]))
-
     result =
       conn
       |> get("/api/v1/pleroma/statuses/#{activity.id}/emoji_reactions_by")