X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/bb5bad9115a014730575083a2bbc1be13e3bb49a..304e0ef63843ddcb55aab62312ff18be8a5b4703:/test/abilities/api_capability_test.rb

diff --git a/test/abilities/api_capability_test.rb b/test/abilities/api_capability_test.rb
index ca679dd71..12bbc4965 100644
--- a/test/abilities/api_capability_test.rb
+++ b/test/abilities/api_capability_test.rb
@@ -4,8 +4,9 @@ require "test_helper"
 
 class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
   test "as a normal user with permissionless token" do
-    token = create(:oauth_access_token)
-    ability = ApiAbility.new token
+    user = create(:user)
+    token = create(:oauth_access_token, :user => user)
+    ability = ApiAbility.new user, token
 
     [:create, :destroy, :restore].each do |action|
       assert ability.cannot? action, ChangesetComment
@@ -13,8 +14,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
   end
 
   test "as a normal user with write_api token" do
-    token = create(:oauth_access_token, :scopes => %w[write_api])
-    ability = ApiAbility.new token
+    user = create(:user)
+    token = create(:oauth_access_token, :user => user, :scopes => %w[write_api])
+    ability = ApiAbility.new user, token
 
     [:destroy, :restore].each do |action|
       assert ability.cannot? action, ChangesetComment
@@ -26,8 +28,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
   end
 
   test "as a moderator with permissionless token" do
-    token = create(:oauth_access_token, :user => create(:moderator_user))
-    ability = ApiAbility.new token
+    user = create(:moderator_user)
+    token = create(:oauth_access_token, :user => user)
+    ability = ApiAbility.new user, token
 
     [:create, :destroy, :restore].each do |action|
       assert ability.cannot? action, ChangesetComment
@@ -35,8 +38,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
   end
 
   test "as a moderator with write_api token" do
-    token = create(:oauth_access_token, :user => create(:moderator_user), :scopes => %w[write_api])
-    ability = ApiAbility.new token
+    user = create(:moderator_user)
+    token = create(:oauth_access_token, :user => user, :scopes => %w[write_api])
+    ability = ApiAbility.new user, token
 
     [:create, :destroy, :restore].each do |action|
       assert ability.can? action, ChangesetComment
@@ -46,8 +50,9 @@ end
 
 class NoteApiCapabilityTest < ActiveSupport::TestCase
   test "as a normal user with permissionless token" do
-    token = create(:oauth_access_token)
-    ability = ApiAbility.new token
+    user = create(:user)
+    token = create(:oauth_access_token, :user => user)
+    ability = ApiAbility.new user, token
 
     [:create, :comment, :close, :reopen, :destroy].each do |action|
       assert ability.cannot? action, Note
@@ -55,8 +60,9 @@ class NoteApiCapabilityTest < ActiveSupport::TestCase
   end
 
   test "as a normal user with write_notes token" do
-    token = create(:oauth_access_token, :scopes => %w[write_notes])
-    ability = ApiAbility.new token
+    user = create(:user)
+    token = create(:oauth_access_token, :user => user, :scopes => %w[write_notes])
+    ability = ApiAbility.new user, token
 
     [:destroy].each do |action|
       assert ability.cannot? action, Note
@@ -68,8 +74,9 @@ class NoteApiCapabilityTest < ActiveSupport::TestCase
   end
 
   test "as a moderator with permissionless token" do
-    token = create(:oauth_access_token, :user => create(:moderator_user))
-    ability = ApiAbility.new token
+    user = create(:moderator_user)
+    token = create(:oauth_access_token, :user => user)
+    ability = ApiAbility.new user, token
 
     [:destroy].each do |action|
       assert ability.cannot? action, Note
@@ -77,8 +84,9 @@ class NoteApiCapabilityTest < ActiveSupport::TestCase
   end
 
   test "as a moderator with write_notes token" do
-    token = create(:oauth_access_token, :user => create(:moderator_user), :scopes => %w[write_notes])
-    ability = ApiAbility.new token
+    user = create(:moderator_user)
+    token = create(:oauth_access_token, :user => user, :scopes => %w[write_notes])
+    ability = ApiAbility.new user, token
 
     [:destroy].each do |action|
       assert ability.can? action, Note
@@ -89,15 +97,16 @@ end
 class UserApiCapabilityTest < ActiveSupport::TestCase
   test "user preferences" do
     # A user with empty tokens
-    token = create(:oauth_access_token)
-    ability = ApiAbility.new token
+    user = create(:user)
+    token = create(:oauth_access_token, :user => user)
+    ability = ApiAbility.new user, token
 
     [:index, :show, :update_all, :update, :destroy].each do |act|
       assert ability.cannot? act, UserPreference
     end
 
-    token = create(:oauth_access_token, :scopes => %w[read_prefs])
-    ability = ApiAbility.new token
+    token = create(:oauth_access_token, :user => user, :scopes => %w[read_prefs])
+    ability = ApiAbility.new user, token
 
     [:update_all, :update, :destroy].each do |act|
       assert ability.cannot? act, UserPreference
@@ -107,8 +116,8 @@ class UserApiCapabilityTest < ActiveSupport::TestCase
       assert ability.can? act, UserPreference
     end
 
-    token = create(:oauth_access_token, :scopes => %w[write_prefs])
-    ability = ApiAbility.new token
+    token = create(:oauth_access_token, :user => user, :scopes => %w[write_prefs])
+    ability = ApiAbility.new user, token
 
     [:index, :show].each do |act|
       assert ability.cannot? act, UserPreference