Add shared example for testing api admin mode
What does this MR do and why?
As you surley know api admin mode. You can find the issue with all informations here
The implementation plan is here
This MR is a follow up of !108690 (merged)
This MR includes the addition of a shared example which is used to check access to resources via api calls. Four HTTP methods get, put, delete and post are covered. Additionally two tests are adapted as an example.
The following table shows all possible cases for a user authorized as regular user
| admin mode | http method | outcome (status) |
|---|---|---|
| true | GET | :forbidden |
| false | GET | :forbidden |
| true | POST | :forbidden |
| false | POST | :forbidden |
| true | PUT | :forbidden |
| false | PUT | :forbidden |
| true | DELETE | :forbidden |
| false | DELETE | :forbidden |
Now all possible cases for a user authorized as admin
| admin mode | http method | outcome (status) |
|---|---|---|
| true | GET | :ok |
| false | GET | :forbidden |
| true | POST | :created |
| false | POST | :forbidden |
| true | PUT | :ok |
| false | PUT | :forbidden |
| true | DELETE | :no_content |
| false | DELETE | :forbidden |
A simple example would be:
get api("/application/appearance", admin, admin_mode: false) Resulting in :forbidden
In spec/spec_helper.rb is an array named admin_mode_for_api_feature_flag_paths. There are all tests listed which have to be adjusted to fit api admin mode
How to set up and validate locally
- Run
bin/rspec spec/requests/api/appearance_spec.rb=> green - Run
bin/rspec spec/requests/api/applications_spec.rb=> green
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.