test: Call more endpoints without enough permissions

Signed-off-by: Florian Pritz <bluewind@xinu.at>

1 files changed, 28 insertions, 15 deletions

diff --git a/application/tests/test_api_v1.php b/application/tests/test_api_v1.php
index 50264b6da..524eaae1b 100644
--- a/application/tests/test_api_v1.php
+++ b/application/tests/test_api_v1.php
@@ -86,22 +86,35 @@ class test_api_v1 extends Test {
 
 	public function test_callEndpointsWithoutEnoughPermissions()
 	{
-		$apikey = $this->createUserAndApikey();
-		$endpoints = array(
-			"user/apikeys",
-			"user/create_apikey",
-			"user/delete_apikey",
+		$testconfig = array(
+			array(
+				"apikey" => $this->createUserAndApikey('basic'),
+				"endpoints" => array(
+					"file/delete",
+					"file/history",
+				),
+			),
+			array(
+				"apikey" => $this->createUserAndApikey(),
+				"endpoints" => array(
+					"user/apikeys",
+					"user/create_apikey",
+					"user/delete_apikey",
+				),
+			),
 		);
-		foreach ($endpoints as $endpoint) {
-			$ret = $this->CallEndpoint("POST", $endpoint, array(
-				"apikey" => $apikey,
-			));
-			$this->expectError("call $endpoint without enough permissions", $ret);
-			$this->t->is_deeply(array(
-				'status' => "error",
-				'error_id' => "api/insufficient-permissions",
-				'message' => "Access denied: Access level too low",
-			   ), $ret, "expected error");
+		foreach ($testconfig as $test) {
+			foreach ($test['endpoints'] as $endpoint) {
+				$ret = $this->CallEndpoint("POST", $endpoint, array(
+					"apikey" => $test['apikey'],
+				));
+				$this->expectError("call $endpoint without enough permissions", $ret);
+				$this->t->is_deeply(array(
+					'status' => "error",
+					'error_id' => "api/insufficient-permissions",
+					'message' => "Access denied: Access level too low",
+				   ), $ret, "expected permission error");
+			}
 		}
 	}