pass if scope does not match

2013-01-13 20:08:56 +01:00 · 2013-01-13 20:08:56 +01:00 · 01fe983a0c
commit 01fe983a0c
parent cc2a1cd50e
2 changed files with 15 additions and 2 deletions
--- a/lib/travis/api/app/extensions/scoping.rb
+++ b/lib/travis/api/app/extensions/scoping.rb
@ -31,9 +31,9 @@ class Travis::Api::App
            headers['Vary'] << ', Authorization' unless public?
            true
          elsif env['travis.access_token']
-            halt 403, "insufficient access"
+            pass { halt 403, "insufficient access" }
          else
-            halt 401, "no access token supplied"
+            pass { halt 401, "no access token supplied" }
          end
        end
      end
--- a/spec/unit/extensions/scoping_spec.rb
+++ b/spec/unit/extensions/scoping_spec.rb
@ -8,6 +8,8 @@ describe Travis::Api::App::Extensions::Scoping do
      register Travis::Api::App::Extensions::Scoping
      get('/') { 'ok' }
      get('/private', scope: :private) { 'ok' }
+      get('/pass_me', scope: :private) { 'first' }
+      get('/pass_me') { 'second' }
    end

    User.stubs(:find).with(user.id).returns(user)
@ -62,4 +64,15 @@ describe Travis::Api::App::Extensions::Scoping do
    headers['X-Accepted-OAuth-Scopes'].should == 'private'
    headers['X-OAuth-Scopes'].should == 'foo,bar'
  end
+
+  it 'passes on to unscoped routes' do
+    get('/pass_me').should be_ok
+    body.should == 'second'
+  end
+
+
+  it 'does not pass if scope matches' do
+    with_scopes('/pass_me', :private).should be_ok
+    body.should == 'first'
+  end
 end