Got authorization working for pages

This commit is contained in:
Alex Sanford 2012-04-17 10:12:42 -03:00
parent 97edb0e4b7
commit edd236b202
3 changed files with 12 additions and 7 deletions

View File

@ -7,8 +7,6 @@ module Locomotive
skip_before_filter :verify_authenticity_token skip_before_filter :verify_authenticity_token
skip_load_and_authorize_resource
before_filter :require_account before_filter :require_account
before_filter :require_site before_filter :require_site

View File

@ -2,6 +2,8 @@ module Locomotive
module Api module Api
class PagesController < BaseController class PagesController < BaseController
load_and_authorize_resource :class => Locomotive::Page
def index def index
@pages = current_site.pages.all @pages = current_site.pages.all
respond_with(@pages) respond_with(@pages)

View File

@ -11,9 +11,13 @@ def api_base_url
end end
def do_api_request(type, url, param_string = nil) def do_api_request(type, url, param_string = nil)
begin
params = param_string && JSON.parse(param_string) || {} params = param_string && JSON.parse(param_string) || {}
@raw_response = do_request(type, api_base_url, url, params) @raw_response = do_request(type, api_base_url, url, params)
@response = JSON.parse(@raw_response.body) @response = JSON.parse(@raw_response.body)
rescue Exception
@error = $!
end
end end
Given /^a page named "([^"]*)" with id "([^"]*)"$/ do |name, id| Given /^a page named "([^"]*)" with id "([^"]*)"$/ do |name, id|
@ -64,7 +68,8 @@ Then /^the JSON response should contain (\d+) pages$/ do |n|
end end
Then /^the JSON response should be an access denied error$/ do Then /^the JSON response should be an access denied error$/ do
@response['message'].should == 'You are not authorized to access this page' @error.should_not be_nil
@error.message.should == 'You are not authorized to access this page.'
end end
Then /^the JSON response hash should contain:$/ do |json| Then /^the JSON response hash should contain:$/ do |json|