- assert conn == ret_conn
- end
-
- test "if token has any of admin scopes, denies a user that isn't an admin", %{conn: conn} do
- user = insert(:user, is_admin: false)
- token = insert(:oauth_token, user: user, scopes: ["admin:something"])
-
- conn =
- conn
- |> assign(:user, user)
- |> assign(:token, token)
- |> UserIsAdminPlug.call(%{})
-
- assert conn.status == 403
- end
-
- test "if token has any of admin scopes, denies when a user isn't set", %{conn: conn} do
- token = insert(:oauth_token, scopes: ["admin:something"])
-
- conn =
- conn
- |> assign(:user, nil)
- |> assign(:token, token)
- |> UserIsAdminPlug.call(%{})
-
- assert conn.status == 403
- end
-
- test "if token lacks admin scopes, denies users regardless of is_admin flag",
- %{users: users} do
- for user <- users do
- token = insert(:oauth_token, user: user)
-
- conn =
- build_conn()
- |> assign(:user, user)
- |> assign(:token, token)
- |> UserIsAdminPlug.call(%{})
-
- assert conn.status == 403
- end
- end