From 0931221d2ac201e2ee02be78821d264aafa66d51 Mon Sep 17 00:00:00 2001
From: Anton Khorev <tony29@yandex.ru>
Date: Wed, 30 Apr 2025 07:08:02 +0300
Subject: [PATCH] Test scopes for api changeset close actions

---
 .../api/changesets/closes_controller_test.rb      | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/test/controllers/api/changesets/closes_controller_test.rb b/test/controllers/api/changesets/closes_controller_test.rb
index 350762550..78e11d0f7 100644
--- a/test/controllers/api/changesets/closes_controller_test.rb
+++ b/test/controllers/api/changesets/closes_controller_test.rb
@@ -62,10 +62,21 @@ module Api
         assert_predicate changeset.reload, :open?
       end
 
-      def test_update_by_changeset_creator
+      def test_update_without_required_scope
         user = create(:user)
         changeset = create(:changeset, :user => user)
-        auth_header = bearer_authorization_header user
+        auth_header = bearer_authorization_header user, :scopes => %w[read_prefs]
+
+        put api_changeset_close_path(changeset), :headers => auth_header
+
+        assert_response :forbidden
+        assert_predicate changeset.reload, :open?
+      end
+
+      def test_update_by_changeset_creator_with_required_scope
+        user = create(:user)
+        changeset = create(:changeset, :user => user)
+        auth_header = bearer_authorization_header user, :scopes => %w[write_api]
 
         put api_changeset_close_path(changeset), :headers => auth_header
 
-- 
2.39.5