engine/features/api/authorization/content_assets.feature
2012-04-24 12:47:32 -03:00

213 lines
5.9 KiB
Gherkin

Feature: Content Assets
In order to ensure content assets are not tampered with
As an admin, designer or author
I will be restricted based on my role
Background:
Given I have the site: "test site" set up
And I have a designer and an author
And a page named "hello-world" with id "4f832c2cb0d86d3f42fffffe"
And a page named "goodbye-world" with id "4f832c2cb0d86d3f42ffffff"
# unauthenticated
Scenario: As an unauthenticated user
Given I am not authenticated
When I do an API GET to pages.json
Then the JSON response should be the following:
"""
{
"error": "You need to sign in or sign up before continuing."
}
"""
# listing pages
Scenario: Accessing pages as an Admin
Given I have an "admin" token
When I do an API GET request to pages.json
Then the JSON response should contain all pages
Scenario: Accessing pages as a Designer
Given I have a "designer" token
When I do an API GET request to pages.json
Then the JSON response should contain all pages
Scenario: Accessing pages as an Author
Given I have an "author" token
When I do an API GET request to pages.json
Then the JSON response should contain all pages
# showing page
Scenario: Accessing page as an Admin
Given I have an "admin" token
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"slug": "hello-world"
}
"""
Scenario: Accessing page as a Designer
Given I have a "designer" token
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"slug": "hello-world"
}
"""
Scenario: Accessing page as an Author
Given I have an "author" token
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"slug": "hello-world"
}
"""
# create page
Scenario: Creating new page as an Admin
Given I have an "admin" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
And the JSON response should contain all pages
When I do an API POST to pages.json with:
"""
{
"page": {
"title": "New Page",
"slug": "new-page",
"parent_id": "4f832c2cb0d86d3f42fffffe"
}
}
"""
When I do an API GET request to pages.json
Then the JSON response should contain 5 pages
And the JSON response should contain all pages
Scenario: Creating new page as a Designer
Given I have a "designer" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
And the JSON response should contain all pages
When I do an API POST to pages.json with:
"""
{
"page": {
"title": "New Page",
"slug": "new-page",
"parent_id": "4f832c2cb0d86d3f42fffffe"
}
}
"""
When I do an API GET request to pages.json
Then the JSON response should contain 5 pages
And the JSON response should contain all pages
Scenario: Creating new page as an Author
Given I have an "author" token
When I do an API POST to pages.json with:
"""
{
"page": {
"title": "New Page",
"slug": "new-page",
"parent_id": "4f832c2cb0d86d3f42fffffe"
}
}
"""
Then the JSON response should be an access denied error
# update page
Scenario: Updating page as an Admin
Given I have an "admin" token
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"page": {
"title": "Brand new updated title"
}
}
"""
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"title": "Brand new updated title"
}
"""
Scenario: Updating page as a Designer
Given I have a "designer" token
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"page": {
"title": "Brand new updated title"
}
}
"""
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"title": "Brand new updated title"
}
"""
Scenario: Updating page as an Author
Given I have a "author" token
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
"""
{
"page": {
"title": "Brand new updated title"
}
}
"""
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response hash should contain:
"""
{
"id": "4f832c2cb0d86d3f42fffffe",
"title": "Brand new updated title"
}
"""
# destroy page
Scenario: Destroying page as an Admin
Given I have an "admin" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json
When I do an API GET request to pages.json
Then the JSON response should contain 3 pages
Scenario: Destroying page as a Designer
Given I have a "designer" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json
When I do an API GET request to pages.json
Then the JSON response should contain 3 pages
Scenario: Deleting page as an Author
Given I have a "author" token
When I do an API GET request to pages.json
Then the JSON response should contain 4 pages
When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json
Then the JSON response should be an access denied error