github-migration/engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added auth feature for content_types

Browse Source
This commit is contained in:
Alex Sanford 2012-04-24 15:40:54 -03:00
parent 75e694a6f0
commit 44aadb8926
4 changed files with 270 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/controllers/locomotive/api/content_types_controller.rb
View File

@ -2,11 +2,18 @@ module Locomotive
module Api
class ContentTypesController < BaseController
load_and_authorize_resource :class => Locomotive::ContentType
def index
@content_types = current_site.content_types
respond_with(@content_types)
end
def show
@content_type = current_site.content_types.find(params[:id])
respond_with @content_type
end
def create
@content_type = current_site.content_types.create(params[:content_type])
respond_with @content_type, :location => main_app.locomotive_api_content_types_url
@ -18,6 +25,12 @@ module Locomotive
respond_with @content_type, :location => main_app.locomotive_api_content_types_url
end
def destroy
@content_type = current_site.content_types.find(params[:id])
@content_type.destroy
respond_with @content_type
end
end
end
end

2
app/models/locomotive/ability.rb
View File

@ -37,6 +37,8 @@ module Locomotive
can :touch, Site do |site|
site == @site
end
can :read, ContentType
end
def setup_designer_permissions!

237
features/api/authorization/content_types.feature Normal file
View File

@ -0,0 +1,237 @@
Feature: Content Types
In order to ensure content types are not tampered with
As an admin, designer or author
I will be restricted based on my role
Background:
Given I have the site: "test site" set up
And I have a custom model named "Projects" with id "4f832c2cb0d86d3f42fffffe" and
| label | type | required |
| Name | string | true |
| Description | text | false |
And I have a designer and an author
Scenario: As an unauthenticated user
Given I am not authenticated
When I do an API GET to content_types.json
Then the JSON response at "error" should be "You need to sign in or sign up before continuing."
# listing content types
Scenario: Accessing content types as an Admin
Given I have an "admin" API token
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 1 entry
Scenario: Accessing content types as a Designer
Given I have a "designer" API token
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 1 entry
Scenario: Accessing content types as an Author
Given I have an "author" API token
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 1 entry
# showing content type
Scenario: Accessing content type as an Admin
Given I have an "admin" API token
When I do an API GET request to content_types/4f832c2cb0d86d3f42fffffe.json
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
And the JSON response at "name" should be "Projects"
Scenario: Accessing content type as a Designer
Given I have a "designer" API token
When I do an API GET request to content_types/4f832c2cb0d86d3f42fffffe.json
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
And the JSON response at "name" should be "Projects"
Scenario: Accessing content type as an Author
Given I have an "author" API token
When I do an API GET request to content_types/4f832c2cb0d86d3f42fffffe.json
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
And the JSON response at "name" should be "Projects"
# create content type
Scenario: Creating new content type as an Admin
Given I have an "admin" API token
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 1 entry
When I do an API POST to content_types.json with:
"""
{
"content_type": {
"name": "Employees",
"slug": "employees",
"entries_custom_fields": [
{
"label": "Name",
"name": "name",
"type": "string"
},
{
"label": "Position",
"name": "position",
"type": "string"
}
]
}
}
"""
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 2 entries
And the JSON should have the following:
| 1/name | "Employees" |
| 1/slug | "employees" |
| 1/entries_custom_fields/0/label | "Name" |
| 1/entries_custom_fields/0/name | "name" |
| 1/entries_custom_fields/0/type | "string" |
| 1/entries_custom_fields/1/label | "Position" |
| 1/entries_custom_fields/1/name | "position" |
| 1/entries_custom_fields/1/type | "string" |
Scenario: Creating new content type as a Designer
Given I have a "designer" API token
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 1 entry
When I do an API POST to content_types.json with:
"""
{
"content_type": {
"name": "Employees",
"slug": "employees",
"entries_custom_fields": [
{
"label": "Name",
"name": "name",
"type": "string"
},
{
"label": "Position",
"name": "position",
"type": "string"
}
]
}
}
"""
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 2 entries
And the JSON should have the following:
| 1/name | "Employees" |
| 1/slug | "employees" |
| 1/entries_custom_fields/0/label | "Name" |
| 1/entries_custom_fields/0/name | "name" |
| 1/entries_custom_fields/0/type | "string" |
| 1/entries_custom_fields/1/label | "Position" |
| 1/entries_custom_fields/1/name | "position" |
| 1/entries_custom_fields/1/type | "string" |
Scenario: Creating new content type as an Author
Given I have an "author" API token
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 1 entry
When I do an API POST to content_types.json with:
"""
{
"content_type": {
"name": "Employees",
"slug": "employees",
"entries_custom_fields": [
{
"label": "Name",
"name": "name",
"type": "string"
},
{
"label": "Position",
"name": "position",
"type": "string"
}
]
}
}
"""
Then an access denied error should occur
# update content type
Scenario: Updating content type as an Admin
Given I have an "admin" API token
When I do an API PUT to content_types/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"content_type": {
"name": "Brand new updated name"
}
}
"""
When I do an API GET request to content_types/4f832c2cb0d86d3f42fffffe.json
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
And the JSON response at "name" should be "Brand new updated name"
Scenario: Updating content type as a Designer
Given I have a "designer" API token
When I do an API PUT to content_types/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"content_type": {
"name": "Brand new updated name"
}
}
"""
When I do an API GET request to content_types/4f832c2cb0d86d3f42fffffe.json
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
And the JSON response at "name" should be "Brand new updated name"
Scenario: Updating content type as an Author
Given I have a "author" API token
When I do an API PUT to content_types/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"content_type": {
"name": "Brand new updated name"
}
}
"""
Then an access denied error should occur
# destroy content type
Scenario: Destroying content type as an Admin
Given I have an "admin" API token
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 1 entry
When I do an API DELETE to content_types/4f832c2cb0d86d3f42fffffe.json
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 0 entries
Scenario: Destroying content type as a Designer
Given I have a "designer" API token
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 1 entry
When I do an API DELETE to content_types/4f832c2cb0d86d3f42fffffe.json
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 0 entries
Scenario: Deleting content type as an Author
Given I have a "author" API token
When I do an API GET request to content_types.json
Then the JSON response should be an array
And the JSON response should have 1 entries
When I do an API DELETE to content_types/4f832c2cb0d86d3f42fffffe.json
Then an access denied error should occur

20
features/step_definitions/content_types_steps.rb
View File

@ -1,6 +1,9 @@
Given %r{^I have a custom model named "([^"]*)" with$} do |name, fields|
def build_content_type(name)
site = Locomotive::Site.first
content_type = FactoryGirl.build(:content_type, :site => site, :name => name, :order_by => '_position')
FactoryGirl.build(:content_type, :site => site, :name => name, :order_by => '_position')
end
def set_custom_fields_from_table(content_type, fields)
fields.hashes.each do |field|
# found a belongs_to association
if field['type'] == 'belongs_to'
@ -12,6 +15,19 @@ Given %r{^I have a custom model named "([^"]*)" with$} do |name, fields|
content_type.entries_custom_fields.build field
end
end
Given %r{^I have a custom model named "([^"]*)" with id "([^"]*)" and$} do |name, id, fields|
content_type = build_content_type(name)
content_type.id = BSON::ObjectId(id)
set_custom_fields_from_table(content_type, fields)
content_type.valid?
content_type.save.should be_true
end
Given %r{^I have a custom model named "([^"]*)" with$} do |name, fields|
content_type = build_content_type(name)
set_custom_fields_from_table(content_type, fields)
content_type.valid?
content_type.save.should be_true
end