Added auth feature for content_assets

This commit is contained in:
Alex Sanford 2012-04-26 16:14:23 -03:00
parent a921c44ce9
commit 96007174cb
5 changed files with 192 additions and 2 deletions

View File

@ -2,11 +2,18 @@ module Locomotive
module Api
class ContentAssetsController < BaseController
load_and_authorize_resource :class => Locomotive::ContentAsset
def index
@content_assets = current_site.content_assets
respond_with(@content_assets)
end
def show
@content_asset = current_site.content_assets.find(params[:id])
respond_with(@content_asset)
end
def create
@content_asset = current_site.content_assets.create(params[:content_asset])
respond_with @content_asset, :location => main_app.locomotive_api_content_assets_url
@ -18,6 +25,12 @@ module Locomotive
respond_with @content_asset, :location => main_app.locomotive_api_content_assets_url
end
def destroy
@content_asset = current_site.content_assets.find(params[:id])
@content_asset.destroy
respond_with @content_asset
end
end
end
end

View File

@ -0,0 +1,147 @@
Feature: Content Assets
In order to ensure content assets are not tampered with
As an admin, designer or author
I will be restricted based on my role
Background:
Given I have the site: "test site" set up
And I have the following content assets:
| id | file |
| 4f832c2cb0d86d3f42fffffe | 5k.png |
| 4f832c2cb0d86d3f42ffffff | 5k_2.png |
And I have a designer and an author
Scenario: As an unauthenticated user
Given I am not authenticated
When I do an API GET to content_assets.json
Then the JSON response at "error" should be "You need to sign in or sign up before continuing."
# listing content assets
Scenario: Accessing content assets as an Admin
Given I have an "admin" API token
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 2 entries
Scenario: Accessing content assets as a Designer
Given I have a "designer" API token
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 2 entries
Scenario: Accessing content assets as an Author
Given I have an "author" API token
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 2 entries
# showing content asset
Scenario: Accessing content asset as an Admin
Given I have an "admin" API token
When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
Then the JSON response at "filename" should be "5k.png"
Scenario: Accessing content asset as a Designer
Given I have a "designer" API token
When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
Then the JSON response at "filename" should be "5k.png"
Scenario: Accessing content asset as an Author
Given I have an "author" API token
When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
Then the JSON response at "filename" should be "5k.png"
# create content asset
Scenario: Creating new content asset as an Admin
Given I have an "admin" API token
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 2 entries
When I do a multipart API POST to content_assets.json with base key "content_asset" and:
| source | assets/application.js |
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 3 entries
And the JSON at "2/filename" should be "application.js"
Scenario: Creating new content asset as a Designer
Given I have a "designer" API token
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 2 entries
When I do a multipart API POST to content_assets.json with base key "content_asset" and:
| source | assets/application.js |
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 3 entries
And the JSON at "2/filename" should be "application.js"
Scenario: Creating new content asset as an Author
Given I have an "author" API token
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 2 entries
When I do a multipart API POST to content_assets.json with base key "content_asset" and:
| source | assets/application.js |
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 3 entries
And the JSON at "2/filename" should be "application.js"
# update content asset
Scenario: Updating content asset as an Admin
Given I have an "admin" API token
When I do a multipart API PUT to content_assets/4f832c2cb0d86d3f42fffffe.json with base key "content_asset" and:
| source | assets/main.css |
When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
Then the JSON response at "filename" should be "main.css"
Scenario: Updating content asset as a Designer
Given I have a "designer" API token
When I do a multipart API PUT to content_assets/4f832c2cb0d86d3f42fffffe.json with base key "content_asset" and:
| source | assets/main.css |
When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
Then the JSON response at "filename" should be "main.css"
Scenario: Updating content asset as an Author
Given I have a "author" API token
When I do a multipart API PUT to content_assets/4f832c2cb0d86d3f42fffffe.json with base key "content_asset" and:
| source | assets/main.css |
When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
Then the JSON response at "filename" should be "main.css"
# destroy content asset
Scenario: Destroying content asset as an Admin
Given I have an "admin" API token
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 2 entries
When I do an API DELETE to content_assets/4f832c2cb0d86d3f42fffffe.json
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 1 entry
Scenario: Destroying content asset as a Designer
Given I have a "designer" API token
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 2 entries
When I do an API DELETE to content_assets/4f832c2cb0d86d3f42fffffe.json
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 1 entry
Scenario: Deleting content asset as an Author
Given I have a "author" API token
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 2 entries
When I do an API DELETE to content_assets/4f832c2cb0d86d3f42fffffe.json
When I do an API GET request to content_assets.json
Then the JSON response should be an array
And the JSON response should have 1 entry

View File

@ -3,9 +3,17 @@ def api_base_url
"http://#{@site.domains.first}/locomotive/api/"
end
def do_api_request(type, url, param_string = nil)
def do_api_request(type, url, param_string_or_hash = nil)
begin
params = param_string && JSON.parse(param_string) || {}
if param_string_or_hash
if param_string_or_hash.is_a? Hash
params = param_string_or_hash
else
params = JSON.parse(param_string_or_hash)
end
else
params = {}
end
@json_response = do_request(type, api_base_url, url,
params.merge({ 'CONTENT_TYPE' => 'application/json' }))
rescue CanCan::AccessDenied
@ -67,3 +75,13 @@ Then /^an access denied error should occur$/ do
@error.should_not be_nil
@error.is_a?(CanCan::AccessDenied).should be_true
end
When /^I do a multipart API (\w+) (?:request )?to ([\w.\/]+) with base key "([^"]*)" and:$/ \
do |request_type, url, base_key, table|
params = {}
params = table.rows_hash
params.each do |key, filename|
params[key] = Rack::Test::UploadedFile.new(Rails.root.join('..', 'fixtures', filename))
end
do_api_request(request_type, url, { base_key => params })
end

View File

@ -0,0 +1,12 @@
Given /^I have the following content assets:$/ do |table|
site = Locomotive::Site.first
table.hashes.each do |asset_hash|
asset_hash['site'] = site
asset_hash['source'] = FixturedAsset.open(asset_hash['file'])
asset_hash.delete('file')
asset = FactoryGirl.build(:asset, asset_hash)
asset.save.should be_true
end
end

BIN
spec/fixtures/assets/5k_2.png vendored Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.3 KiB