Fix unauthorized user tests and add non-authenticated user tests

f1645bf7 · JB Vasseur · 33c88f5e · f1645bf7
Commit f1645bf7 authored Oct 11, 2018 by JB Vasseur
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 3 deletions

spec/requests/api/applications_spec.rb spec/requests/api/applications_spec.rb +19 -3

No files found.
--- a/spec/requests/api/applications_spec.rb
+++ b/spec/requests/api/applications_spec.rb
@@ -95,6 +95,14 @@ describe API::Applications, :api do
      end
    end

+    context 'authorized user without authorization' do
+      it 'cannot list application' do
+        get api('/applications', user)
+
+        expect(response).to have_http_status 403
+      end
+    end
+
    context 'non-authenticated user' do
      it 'cannot list application' do
        get api('/applications', user)
@@ -109,16 +117,24 @@ describe API::Applications, :api do
      it 'can delete an application' do
        expect do
          delete api("/applications/#{application.id}", admin_user)
-        end.to change { Doorkeeper::Application.count }.by -1
-        
+        end.to change { Doorkeeper::Application.count }.by(-1)
+
        expect(response).to have_gitlab_http_status(204)
      end
    end

-    context 'non-authenticated user' do
+    context 'authorized user without authorization' do
      it 'cannot delete an application' do
        delete api("/applications/#{application.id}", user)

+        expect(response).to have_http_status 403
+      end
+    end
+
+    context 'non-authenticated user' do
+      it 'cannot delete an application' do
+        delete api("/applications/#{application.id}")
+
        expect(response).to have_http_status 401
      end
    end