diff --git a/features/api/authorization/content_assets.feature b/features/api/authorization/content_assets.feature deleted file mode 100644 index e86f0ab5..00000000 --- a/features/api/authorization/content_assets.feature +++ /dev/null @@ -1,212 +0,0 @@ -Feature: Content Assets - In order to ensure content assets are not tampered with - As an admin, designer or author - I will be restricted based on my role - - Background: - Given I have the site: "test site" set up - And I have a designer and an author - And a page named "hello-world" with id "4f832c2cb0d86d3f42fffffe" - And a page named "goodbye-world" with id "4f832c2cb0d86d3f42ffffff" - - # unauthenticated - - Scenario: As an unauthenticated user - Given I am not authenticated - When I do an API GET to pages.json - Then the JSON response should be the following: - """ - { - "error": "You need to sign in or sign up before continuing." - } - """ - - # listing pages - - Scenario: Accessing pages as an Admin - Given I have an "admin" token - When I do an API GET request to pages.json - Then the JSON response should contain all pages - - Scenario: Accessing pages as a Designer - Given I have a "designer" token - When I do an API GET request to pages.json - Then the JSON response should contain all pages - - Scenario: Accessing pages as an Author - Given I have an "author" token - When I do an API GET request to pages.json - Then the JSON response should contain all pages - - # showing page - - Scenario: Accessing page as an Admin - Given I have an "admin" token - When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "slug": "hello-world" - } - """ - - Scenario: Accessing page as a Designer - Given I have a "designer" token - When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "slug": "hello-world" - } - """ - - Scenario: Accessing page as an Author - Given I have an "author" token - When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "slug": "hello-world" - } - """ - - # create page - - Scenario: Creating new page as an Admin - Given I have an "admin" token - When I do an API GET request to pages.json - Then the JSON response should contain 4 pages - And the JSON response should contain all pages - When I do an API POST to pages.json with: - """ - { - "page": { - "title": "New Page", - "slug": "new-page", - "parent_id": "4f832c2cb0d86d3f42fffffe" - } - } - """ - When I do an API GET request to pages.json - Then the JSON response should contain 5 pages - And the JSON response should contain all pages - - Scenario: Creating new page as a Designer - Given I have a "designer" token - When I do an API GET request to pages.json - Then the JSON response should contain 4 pages - And the JSON response should contain all pages - When I do an API POST to pages.json with: - """ - { - "page": { - "title": "New Page", - "slug": "new-page", - "parent_id": "4f832c2cb0d86d3f42fffffe" - } - } - """ - When I do an API GET request to pages.json - Then the JSON response should contain 5 pages - And the JSON response should contain all pages - - Scenario: Creating new page as an Author - Given I have an "author" token - When I do an API POST to pages.json with: - """ - { - "page": { - "title": "New Page", - "slug": "new-page", - "parent_id": "4f832c2cb0d86d3f42fffffe" - } - } - """ - Then the JSON response should be an access denied error - - # update page - - Scenario: Updating page as an Admin - Given I have an "admin" token - When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with: - """ - { - "page": { - "title": "Brand new updated title" - } - } - """ - When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "title": "Brand new updated title" - } - """ - - Scenario: Updating page as a Designer - Given I have a "designer" token - When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with: - """ - { - "page": { - "title": "Brand new updated title" - } - } - """ - When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "title": "Brand new updated title" - } - """ - - Scenario: Updating page as an Author - Given I have a "author" token - When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with: - """ - { - "page": { - "title": "Brand new updated title" - } - } - """ - When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "title": "Brand new updated title" - } - """ - - # destroy page - - Scenario: Destroying page as an Admin - Given I have an "admin" token - When I do an API GET request to pages.json - Then the JSON response should contain 4 pages - When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json - When I do an API GET request to pages.json - Then the JSON response should contain 3 pages - - Scenario: Destroying page as a Designer - Given I have a "designer" token - When I do an API GET request to pages.json - Then the JSON response should contain 4 pages - When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json - When I do an API GET request to pages.json - Then the JSON response should contain 3 pages - - Scenario: Deleting page as an Author - Given I have a "author" token - When I do an API GET request to pages.json - Then the JSON response should contain 4 pages - When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response should be an access denied error diff --git a/features/api/authorization/pages.feature b/features/api/authorization/pages.feature index 14b3170e..2cc7d855 100644 --- a/features/api/authorization/pages.feature +++ b/features/api/authorization/pages.feature @@ -16,72 +16,55 @@ Feature: Pages Scenario: As an unauthenticated user Given I am not authenticated When I do an API GET to pages.json - Then the JSON response should be the following: - """ - { - "error": "You need to sign in or sign up before continuing." - } - """ + Then the JSON response at "error" should be "You need to sign in or sign up before continuing." # listing pages Scenario: Accessing pages as an Admin - Given I have an "admin" token + Given I have an "admin" API token When I do an API GET request to pages.json - Then the JSON response should contain all pages + Then the JSON response should be an array + And the JSON response should have 4 entries Scenario: Accessing pages as a Designer - Given I have a "designer" token + Given I have a "designer" API token When I do an API GET request to pages.json - Then the JSON response should contain all pages + Then the JSON response should be an array + And the JSON response should have 4 entries Scenario: Accessing pages as an Author - Given I have an "author" token + Given I have an "author" API token When I do an API GET request to pages.json - Then the JSON response should contain all pages + Then the JSON response should be an array + And the JSON response should have 4 entries # showing page Scenario: Accessing page as an Admin - Given I have an "admin" token + Given I have an "admin" API token When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "slug": "hello-world" - } - """ + Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe" + And the JSON response at "slug" should be "hello-world" Scenario: Accessing page as a Designer - Given I have a "designer" token + Given I have a "designer" API token When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "slug": "hello-world" - } - """ + Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe" + And the JSON response at "slug" should be "hello-world" Scenario: Accessing page as an Author - Given I have an "author" token + Given I have an "author" API token When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "slug": "hello-world" - } - """ + Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe" + And the JSON response at "slug" should be "hello-world" # create page Scenario: Creating new page as an Admin - Given I have an "admin" token + Given I have an "admin" API token When I do an API GET request to pages.json - Then the JSON response should contain 4 pages - And the JSON response should contain all pages + Then the JSON response should be an array + And the JSON response should have 4 entries When I do an API POST to pages.json with: """ { @@ -93,14 +76,14 @@ Feature: Pages } """ When I do an API GET request to pages.json - Then the JSON response should contain 5 pages - And the JSON response should contain all pages + Then the JSON response should be an array + And the JSON response should have 5 entries Scenario: Creating new page as a Designer - Given I have a "designer" token + Given I have a "designer" API token When I do an API GET request to pages.json - Then the JSON response should contain 4 pages - And the JSON response should contain all pages + Then the JSON response should be an array + And the JSON response should have 4 entries When I do an API POST to pages.json with: """ { @@ -112,11 +95,11 @@ Feature: Pages } """ When I do an API GET request to pages.json - Then the JSON response should contain 5 pages - And the JSON response should contain all pages + Then the JSON response should be an array + And the JSON response should have 5 entries Scenario: Creating new page as an Author - Given I have an "author" token + Given I have an "author" API token When I do an API POST to pages.json with: """ { @@ -127,12 +110,12 @@ Feature: Pages } } """ - Then the JSON response should be an access denied error + Then an access denied error should occur # update page Scenario: Updating page as an Admin - Given I have an "admin" token + Given I have an "admin" API token When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with: """ { @@ -142,16 +125,11 @@ Feature: Pages } """ When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "title": "Brand new updated title" - } - """ + Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe" + And the JSON response at "title" should be "Brand new updated title" Scenario: Updating page as a Designer - Given I have a "designer" token + Given I have a "designer" API token When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with: """ { @@ -161,16 +139,11 @@ Feature: Pages } """ When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "title": "Brand new updated title" - } - """ + Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe" + And the JSON response at "title" should be "Brand new updated title" Scenario: Updating page as an Author - Given I have a "author" token + Given I have a "author" API token When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with: """ { @@ -180,35 +153,35 @@ Feature: Pages } """ When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response hash should contain: - """ - { - "id": "4f832c2cb0d86d3f42fffffe", - "title": "Brand new updated title" - } - """ + Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe" + And the JSON response at "title" should be "Brand new updated title" # destroy page Scenario: Destroying page as an Admin - Given I have an "admin" token + Given I have an "admin" API token When I do an API GET request to pages.json - Then the JSON response should contain 4 pages + Then the JSON response should be an array + And the JSON response should have 4 entries When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json When I do an API GET request to pages.json - Then the JSON response should contain 3 pages + Then the JSON response should be an array + And the JSON response should have 3 entries Scenario: Destroying page as a Designer - Given I have a "designer" token + Given I have a "designer" API token When I do an API GET request to pages.json - Then the JSON response should contain 4 pages + Then the JSON response should be an array + And the JSON response should have 4 entries When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json When I do an API GET request to pages.json - Then the JSON response should contain 3 pages + Then the JSON response should be an array + And the JSON response should have 3 entries Scenario: Deleting page as an Author - Given I have a "author" token + Given I have a "author" API token When I do an API GET request to pages.json - Then the JSON response should contain 4 pages + Then the JSON response should be an array + And the JSON response should have 4 entries When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json - Then the JSON response should be an access denied error + Then an access denied error should occur diff --git a/features/step_definitions/api_steps.rb b/features/step_definitions/api_steps.rb index 6b3d82b9..42a428c1 100644 --- a/features/step_definitions/api_steps.rb +++ b/features/step_definitions/api_steps.rb @@ -17,10 +17,6 @@ def last_json @json_response.try(:body) || page.source end -def parsed_response - @parsed_response ||= JSON.parse(last_json) -end - Given /^I have an? "([^"]*)" API token$/ do |role| @membership = Locomotive::Site.first.memberships.where(:role => role.downcase).first \ || FactoryGirl.create(role.downcase.to_sym, :site => Locomotive::Site.first) @@ -67,28 +63,7 @@ When /^I do an API (\w+) (?:request )?to ([\w.\/]+) with:$/ do |request_type, ur do_api_request(request_type, url, param_string) end -Then /^the JSON response should contain all pages$/ do - page_ids_in_response = parsed_response.collect { |page| page['id'].to_s }.sort - all_page_ids = Locomotive::Page.all.collect { |page| page.id.to_s }.sort - page_ids_in_response.should == all_page_ids -end - -Then /^the JSON response should contain (\d+) pages$/ do |n| - parsed_response.count.should == n.to_i -end - Then /^an access denied error should occur$/ do @error.should_not be_nil @error.message.should == 'You are not authorized to access this page.' end - -=begin -Then /^the JSON response hash should contain:$/ do |json| - sub_response = {} - parsed_json = JSON.parse(json) - parsed_json.each do |k, v| - sub_response[k] = @response[k] - end - sub_response.should == parsed_json -end -=end diff --git a/features/support/http.rb b/features/support/http.rb index 3cc44ce2..5c08e0ee 100644 --- a/features/support/http.rb +++ b/features/support/http.rb @@ -8,7 +8,7 @@ module HTTPHelpers def do_request(type, base_url, url, params) request_method = type.downcase.to_sym - page.driver.send(request_method, "#{base_url}/#{url}", default_params.merge(params)) + send(request_method, "#{base_url}/#{url}", default_params.merge(params)) end protected