github-migration
/
engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleaned up features

This commit is contained in:
Alex Sanford 2012-04-24 12:47:32 -03:00
parent bf65fa47f3
commit 1344463222
3 changed files with 227 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

212
features/api/authorization/content_assets.feature Normal file
View File

@ -0,0 +1,212 @@
Feature: Content Assets
In order to ensure content assets are not tampered with
As an admin, designer or author
I will be restricted based on my role
Background:
Given I have the site: "test site" set up
And I have a designer and an author
And a page named "hello-world" with id "4f832c2cb0d86d3f42fffffe"
And a page named "goodbye-world" with id "4f832c2cb0d86d3f42ffffff"
# unauthenticated
Scenario: As an unauthenticated user
Given I am not authenticated
When I do an API GET to pages.json
Then the JSON response should be the following:
"""
{
"error": "You need to sign in or sign up before continuing."
}
"""
# listing pages
Scenario: Accessing pages as an Admin
Given I have an "admin" token
When I do an API GET request to pages.json
Then the JSON response should contain all pages
Scenario: Accessing pages as a Designer
Given I have a "designer" token
When I do an API GET request to pages.json
Then the JSON response should contain all pages
Scenario: Accessing pages as an Author
Given I have an "author" token
When I do an API GET request to pages.json
Then the JSON response should contain all pages
# showing page
Scenario: Accessing page as an Admin
Given I have an "admin" token
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"slug": "hello-world"
}
"""
Scenario: Accessing page as a Designer
Given I have a "designer" token
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"slug": "hello-world"
}
"""
Scenario: Accessing page as an Author
Given I have an "author" token
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"slug": "hello-world"
}
"""
# create page
Scenario: Creating new page as an Admin
Given I have an "admin" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
And the JSON response should contain all pages
When I do an API POST to pages.json with:
"""
{
"page": {
"title": "New Page",
"slug": "new-page",
"parent_id": "4f832c2cb0d86d3f42fffffe"
}
}
"""
When I do an API GET request to pages.json
Then the JSON response should contain 5 pages
And the JSON response should contain all pages
Scenario: Creating new page as a Designer
Given I have a "designer" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
And the JSON response should contain all pages
When I do an API POST to pages.json with:
"""
{
"page": {
"title": "New Page",
"slug": "new-page",
"parent_id": "4f832c2cb0d86d3f42fffffe"
}
}
"""
When I do an API GET request to pages.json
Then the JSON response should contain 5 pages
And the JSON response should contain all pages
Scenario: Creating new page as an Author
Given I have an "author" token
When I do an API POST to pages.json with:
"""
{
"page": {
"title": "New Page",
"slug": "new-page",
"parent_id": "4f832c2cb0d86d3f42fffffe"
}
}
"""
Then the JSON response should be an access denied error
# update page
Scenario: Updating page as an Admin
Given I have an "admin" token
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"page": {
"title": "Brand new updated title"
}
}
"""
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"title": "Brand new updated title"
}
"""
Scenario: Updating page as a Designer
Given I have a "designer" token
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"page": {
"title": "Brand new updated title"
}
}
"""
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"title": "Brand new updated title"
}
"""
Scenario: Updating page as an Author
Given I have a "author" token
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"page": {
"title": "Brand new updated title"
}
}
"""
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"title": "Brand new updated title"
}
"""
# destroy page
Scenario: Destroying page as an Admin
Given I have an "admin" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json
When I do an API GET request to pages.json
Then the JSON response should contain 3 pages
Scenario: Destroying page as a Designer
Given I have a "designer" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json
When I do an API GET request to pages.json
Then the JSON response should contain 3 pages
Scenario: Deleting page as an Author
Given I have a "author" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response should be an access denied error

13
features/step_definitions/api_steps.rb
View File

@ -1,11 +1,4 @@
def new_content_page(page_slug, page_contents = '', template = '')
@home = @site.pages.where(:slug => 'index').first || FactoryGirl.create(:page)
page = @site.pages.build(:slug => page_slug, :body => page_contents, :parent => @home, :title => "some title", :published => true, :raw_template => template)
page.should be_valid
page
end
def api_base_url
'/locomotive/api'
end
@ -20,12 +13,6 @@ def do_api_request(type, url, param_string = nil)
end
end
Given /^a page named "([^"]*)" with id "([^"]*)"$/ do |name, id|
@page = new_content_page(name)
@page.id = BSON::ObjectId(id)
@page.save!
end
Given /^I have an? "([^"]*)" token$/ do |role|
@membership = Locomotive::Site.first.memberships.where(:role => role.downcase).first \
|| FactoryGirl.create(role.downcase.to_sym, :site => Locomotive::Site.first)

17
features/step_definitions/page_steps.rb
View File

@ -2,9 +2,16 @@
# helps create a simple content page (parent: "index") with a slug, contents, and template
def create_content_page(page_slug, page_contents, template = nil)
@home = @site.pages.where(:slug => "index").first || FactoryGirl.create(:page)
page = @site.pages.create(:slug => page_slug, :body => page_contents, :parent => @home, :title => "some title", :published => true, :raw_template => template)
page = new_content_page(page_slug, page_contents, template)
page.should be_valid
page.save!
page
end
# build page without saving
def new_content_page(page_slug, page_contents, template = nil)
@home = @site.pages.where(:slug => "index").first || FactoryGirl.create(:page)
page = @site.pages.new(:slug => page_slug, :body => page_contents, :parent => @home, :title => "some title", :published => true, :raw_template => template)
page
end
@ -17,6 +24,12 @@ Given /^a page named "([^"]*)" with the template:$/ do |page_slug, template|
@page = create_content_page(page_slug, '', template)
end
Given /^a page named "([^"]*)" with id "([^"]*)"$/ do |page_slug, id|
@page = new_content_page(page_slug, '')
@page.id = BSON::ObjectId(id)
@page.save!
end
# change the title
When /^I change the page title to "([^"]*)"$/ do |page_title|
page.evaluate_script "window.prompt = function() { return '#{page_title}'; }"