+ assert conn == ret_conn
+ end
+
+ test "if token has any of admin scopes, denies a user that isn't an admin", %{conn: conn} do
+ user = insert(:user, is_admin: false)
+ token = insert(:oauth_token, user: user, scopes: ["admin:something"])
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> assign(:token, token)
+ |> UserIsAdminPlug.call(%{})
+
+ assert conn.status == 403
+ end
+
+ test "if token has any of admin scopes, denies when a user isn't set", %{conn: conn} do
+ token = insert(:oauth_token, scopes: ["admin:something"])
+
+ conn =
+ conn
+ |> assign(:user, nil)
+ |> assign(:token, token)
+ |> UserIsAdminPlug.call(%{})
+
+ assert conn.status == 403