refactor invalid token, scope

spec/requests/api/users_spec.rb

@@ -1,33 +1,39 @@
 require 'swagger_helper'
 
 describe 'Users API', type: :request do
+  include ApiHelper
+
   path '/user' do
     get 'info about the currently logged-in user' do
-      # security [oauth2: []]
-      tags '1. User'
+      tags 'User'
       produces 'application/json'
-      let(:user) { create(:user) }
-      let(:api_access_token) { create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token }
-      let(:Authorization) { "Bearer #{api_access_token}" }
+      let(:api_scopes) { ['user:read'] }
+      let(:other_user_1) { create :user }
+      let(:user)         { create :user }
+      let(:other_user_2) { create :user }
 
       response '200', 'success' do
-        let(:api_scopes) { ['user:read'] }
         run_test! do |response|
           data = JSON.parse(response.body)
           expect(data['user']['id']).to eq(user.id)
         end
       end
 
-      response '403', 'missing scope' do
-        let(:api_scopes) { [] }
+      it_handles_invalid_token_and_scope
+    end
+  end
+
+  path '/user/financial_overview' do
+    get 'financial summary about the currently logged-in user' do
+      tags 'User', 'FinancialTransaction'
+      let!(:user) { create :user, :ordergroup }
+
+      response 200, 'success' do
+        let(:api_scopes) { ['finance:user'] }
         run_test!
       end
 
-
-      response '401', 'not logged-in' do
-        let(:Authorization) { "" }
-        run_test!
-      end
+      it_handles_invalid_token_and_scope
     end
   end
 end