diff options
Diffstat (limited to 'application')
-rw-r--r-- | application/tests/test_api_v1.php | 43 |
1 files changed, 28 insertions, 15 deletions
diff --git a/application/tests/test_api_v1.php b/application/tests/test_api_v1.php index 50264b6da..524eaae1b 100644 --- a/application/tests/test_api_v1.php +++ b/application/tests/test_api_v1.php @@ -86,22 +86,35 @@ class test_api_v1 extends Test { public function test_callEndpointsWithoutEnoughPermissions() { - $apikey = $this->createUserAndApikey(); - $endpoints = array( - "user/apikeys", - "user/create_apikey", - "user/delete_apikey", + $testconfig = array( + array( + "apikey" => $this->createUserAndApikey('basic'), + "endpoints" => array( + "file/delete", + "file/history", + ), + ), + array( + "apikey" => $this->createUserAndApikey(), + "endpoints" => array( + "user/apikeys", + "user/create_apikey", + "user/delete_apikey", + ), + ), ); - foreach ($endpoints as $endpoint) { - $ret = $this->CallEndpoint("POST", $endpoint, array( - "apikey" => $apikey, - )); - $this->expectError("call $endpoint without enough permissions", $ret); - $this->t->is_deeply(array( - 'status' => "error", - 'error_id' => "api/insufficient-permissions", - 'message' => "Access denied: Access level too low", - ), $ret, "expected error"); + foreach ($testconfig as $test) { + foreach ($test['endpoints'] as $endpoint) { + $ret = $this->CallEndpoint("POST", $endpoint, array( + "apikey" => $test['apikey'], + )); + $this->expectError("call $endpoint without enough permissions", $ret); + $this->t->is_deeply(array( + 'status' => "error", + 'error_id' => "api/insufficient-permissions", + 'message' => "Access denied: Access level too low", + ), $ret, "expected permission error"); + } } } |