diff options
author | Florian Pritz <bluewind@xinu.at> | 2015-04-25 17:05:02 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2015-04-25 17:05:02 +0200 |
commit | 645b08267a3fdd516a24db01e09a3cca74bb87a4 (patch) | |
tree | 9b364683d40c8c5fbb92a58e6924bcf63256095d /application/tests/test_api_v1.php | |
parent | 812185f0e721bc2e500c590eb3ffe96a5cd1a518 (diff) |
test: Call more endpoints without enough permissions
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/tests/test_api_v1.php')
-rw-r--r-- | application/tests/test_api_v1.php | 43 |
1 files changed, 28 insertions, 15 deletions
diff --git a/application/tests/test_api_v1.php b/application/tests/test_api_v1.php index 50264b6da..524eaae1b 100644 --- a/application/tests/test_api_v1.php +++ b/application/tests/test_api_v1.php @@ -86,22 +86,35 @@ class test_api_v1 extends Test { public function test_callEndpointsWithoutEnoughPermissions() { - $apikey = $this->createUserAndApikey(); - $endpoints = array( - "user/apikeys", - "user/create_apikey", - "user/delete_apikey", + $testconfig = array( + array( + "apikey" => $this->createUserAndApikey('basic'), + "endpoints" => array( + "file/delete", + "file/history", + ), + ), + array( + "apikey" => $this->createUserAndApikey(), + "endpoints" => array( + "user/apikeys", + "user/create_apikey", + "user/delete_apikey", + ), + ), ); - foreach ($endpoints as $endpoint) { - $ret = $this->CallEndpoint("POST", $endpoint, array( - "apikey" => $apikey, - )); - $this->expectError("call $endpoint without enough permissions", $ret); - $this->t->is_deeply(array( - 'status' => "error", - 'error_id' => "api/insufficient-permissions", - 'message' => "Access denied: Access level too low", - ), $ret, "expected error"); + foreach ($testconfig as $test) { + foreach ($test['endpoints'] as $endpoint) { + $ret = $this->CallEndpoint("POST", $endpoint, array( + "apikey" => $test['apikey'], + )); + $this->expectError("call $endpoint without enough permissions", $ret); + $this->t->is_deeply(array( + 'status' => "error", + 'error_id' => "api/insufficient-permissions", + 'message' => "Access denied: Access level too low", + ), $ret, "expected permission error"); + } } } |