Change: require method for authz

author: Lars Wirzenius <liw@liw.fi> 2018-10-27 10:37:28 +0300
committer: Lars Wirzenius <liw@liw.fi> 2018-10-27 10:37:28 +0300
commit: cc2d1b21e67643e237d968793d31b7b9437a1640 (patch)
tree: 538e35e25bbec03167063f7cfda2679e2232676c /muck/authz_tests.py
parent: 7ed16628456d3c9946e4288bacda7a4195b61730 (diff)
download: muck-poc-cc2d1b21e67643e237d968793d31b7b9437a1640.tar.gz
1 files changed, 7 insertions, 3 deletions
diff --git a/muck/authz_tests.py b/muck/authz_tests.py
index 0128c6b..fffb96b 100644
--- a/muck/authz_tests.py
+++ b/muck/authz_tests.py
@@ -39,12 +39,16 @@ class AuthorizationCheckerTests(unittest.TestCase):
 
     def test_denies_if_token_parsing_fails(self):
         r = muck.Request(method='GET')
-        self.assertFalse(self.ac.request_is_allowed(r, []))
+        self.assertFalse(self.ac.request_is_allowed(r, 'GET', []))
 
     def test_denies_if_token_lacks_required_scope(self):
         r = self.create_request([])
-        self.assertFalse(self.ac.request_is_allowed(r, ['foo']))
+        self.assertFalse(self.ac.request_is_allowed(r, 'GET', ['foo']))
+
+    def test_denies_if_method_is_wrong(self):
+        r = self.create_request(['foo'])
+        self.assertFalse(self.ac.request_is_allowed(r, 'DELETE', ['foo']))
 
     def test_allows_for_acceptable_request(self):
         r = self.create_request(['foo'])
-        self.assertTrue(self.ac.request_is_allowed(r, ['foo']))
+        self.assertTrue(self.ac.request_is_allowed(r, 'GET', ['foo']))
author	Lars Wirzenius <liw@liw.fi>	2018-10-27 10:37:28 +0300
committer	Lars Wirzenius <liw@liw.fi>	2018-10-27 10:37:28 +0300
commit	cc2d1b21e67643e237d968793d31b7b9437a1640 (patch)
tree	538e35e25bbec03167063f7cfda2679e2232676c /muck/authz_tests.py
parent	7ed16628456d3c9946e4288bacda7a4195b61730 (diff)
download	muck-poc-cc2d1b21e67643e237d968793d31b7b9437a1640.tar.gz