summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2015-04-25 17:05:02 +0200
committerFlorian Pritz <bluewind@xinu.at>2015-04-25 17:05:02 +0200
commit645b08267a3fdd516a24db01e09a3cca74bb87a4 (patch)
tree9b364683d40c8c5fbb92a58e6924bcf63256095d /application
parent812185f0e721bc2e500c590eb3ffe96a5cd1a518 (diff)
test: Call more endpoints without enough permissions
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application')
-rw-r--r--application/tests/test_api_v1.php43
1 files changed, 28 insertions, 15 deletions
diff --git a/application/tests/test_api_v1.php b/application/tests/test_api_v1.php
index 50264b6da..524eaae1b 100644
--- a/application/tests/test_api_v1.php
+++ b/application/tests/test_api_v1.php
@@ -86,22 +86,35 @@ class test_api_v1 extends Test {
public function test_callEndpointsWithoutEnoughPermissions()
{
- $apikey = $this->createUserAndApikey();
- $endpoints = array(
- "user/apikeys",
- "user/create_apikey",
- "user/delete_apikey",
+ $testconfig = array(
+ array(
+ "apikey" => $this->createUserAndApikey('basic'),
+ "endpoints" => array(
+ "file/delete",
+ "file/history",
+ ),
+ ),
+ array(
+ "apikey" => $this->createUserAndApikey(),
+ "endpoints" => array(
+ "user/apikeys",
+ "user/create_apikey",
+ "user/delete_apikey",
+ ),
+ ),
);
- foreach ($endpoints as $endpoint) {
- $ret = $this->CallEndpoint("POST", $endpoint, array(
- "apikey" => $apikey,
- ));
- $this->expectError("call $endpoint without enough permissions", $ret);
- $this->t->is_deeply(array(
- 'status' => "error",
- 'error_id' => "api/insufficient-permissions",
- 'message' => "Access denied: Access level too low",
- ), $ret, "expected error");
+ foreach ($testconfig as $test) {
+ foreach ($test['endpoints'] as $endpoint) {
+ $ret = $this->CallEndpoint("POST", $endpoint, array(
+ "apikey" => $test['apikey'],
+ ));
+ $this->expectError("call $endpoint without enough permissions", $ret);
+ $this->t->is_deeply(array(
+ 'status' => "error",
+ 'error_id' => "api/insufficient-permissions",
+ 'message' => "Access denied: Access level too low",
+ ), $ret, "expected permission error");
+ }
}
}