diff --git a/spec/controllers/api/v1/endorsements_controller_spec.rb b/spec/controllers/api/v1/endorsements_controller_spec.rb deleted file mode 100644 index 738804bb7b..0000000000 --- a/spec/controllers/api/v1/endorsements_controller_spec.rb +++ /dev/null @@ -1,17 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' - -RSpec.describe Api::V1::EndorsementsController do - let(:user) { Fabricate(:user) } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:accounts') } - - describe 'GET #index' do - it 'returns 200' do - allow(controller).to receive(:doorkeeper_token) { token } - get :index - - expect(response).to have_http_status(200) - end - end -end diff --git a/spec/requests/api/v1/endorsements_spec.rb b/spec/requests/api/v1/endorsements_spec.rb new file mode 100644 index 0000000000..e267f2abd2 --- /dev/null +++ b/spec/requests/api/v1/endorsements_spec.rb @@ -0,0 +1,61 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe 'Endorsements' do + let(:user) { Fabricate(:user) } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } + let(:headers) { { 'Authorization' => "Bearer #{token.token}" } } + + describe 'GET /api/v1/endorsements' do + context 'when not authorized' do + it 'returns http unauthorized' do + get api_v1_endorsements_path + + expect(response) + .to have_http_status(401) + end + end + + context 'with wrong scope' do + before do + get api_v1_endorsements_path, headers: headers + end + + it_behaves_like 'forbidden for wrong scope', 'write write:accounts' + end + + context 'with correct scope' do + let(:scopes) { 'read:accounts' } + + context 'with endorsed accounts' do + let!(:account_pin) { Fabricate(:account_pin, account: user.account) } + + it 'returns http success and accounts json' do + get api_v1_endorsements_path, headers: headers + + expect(response) + .to have_http_status(200) + + expect(body_as_json) + .to be_present + .and have_attributes( + first: include(acct: account_pin.target_account.acct) + ) + end + end + + context 'without endorsed accounts without json' do + it 'returns http success' do + get api_v1_endorsements_path, headers: headers + + expect(response) + .to have_http_status(200) + + expect(body_as_json) + .to_not be_present + end + end + end + end +end