207 lines
6.5 KiB
Gherkin
207 lines
6.5 KiB
Gherkin
Feature: Sites
|
|
In order to ensure sites are not tampered with
|
|
As an admin, designer or author
|
|
I will be restricted based on my role
|
|
|
|
Background:
|
|
Given I have the site: "test site" set up with id: "4f832c2cb0d86d3f42fffffe"
|
|
And I have the site: "another site" set up with id: "4f832c2cb0d86d3f42ffffff"
|
|
And I have a designer and an author
|
|
|
|
Scenario: As an unauthenticated user
|
|
Given I am not authenticated
|
|
When I do an API GET to sites.json
|
|
Then the JSON response at "error" should be "You need to sign in or sign up before continuing."
|
|
|
|
# listing sites
|
|
|
|
Scenario: Accessing sites as an Admin
|
|
Given I have an "admin" API token
|
|
When I do an API GET request to sites.json
|
|
Then the JSON response should be an array
|
|
And the JSON response should have 2 entries
|
|
|
|
Scenario: Accessing sites as a Designer
|
|
Given I have a "designer" API token
|
|
When I do an API GET request to sites.json
|
|
Then an access denied error should occur
|
|
|
|
Scenario: Accessing sites as an Author
|
|
Given I have an "author" API token
|
|
When I do an API GET request to sites.json
|
|
Then an access denied error should occur
|
|
|
|
# showing site
|
|
|
|
Scenario: Accessing site as an Admin
|
|
Given I have an "admin" API token
|
|
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
|
Then the JSON response at "name" should be "Locomotive test website"
|
|
|
|
Scenario: Accessing my site as a Designer
|
|
Given I have a "designer" API token
|
|
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
|
Then the JSON response at "name" should be "Locomotive test website"
|
|
|
|
Scenario: Accessing other site as a Designer
|
|
Given I have a "designer" API token
|
|
When I do an API GET request to sites/4f832c2cb0d86d3f42ffffff.json
|
|
Then an access denied error should occur
|
|
|
|
Scenario: Accessing my site as an Author
|
|
Given I have an "author" API token
|
|
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
|
Then the JSON response at "name" should be "Locomotive test website"
|
|
|
|
Scenario: Accessing other site as an Author
|
|
Given I have an "author" API token
|
|
When I do an API GET request to sites/4f832c2cb0d86d3f42ffffff.json
|
|
Then an access denied error should occur
|
|
|
|
# create site
|
|
|
|
Scenario: Creating new site as an Admin
|
|
Given I have an "admin" API token
|
|
When I do an API GET request to sites.json
|
|
Then the JSON response should be an array
|
|
And the JSON response should have 2 entries
|
|
When I do an API POST to sites.json with:
|
|
"""
|
|
{
|
|
"site": {
|
|
"name": "New site",
|
|
"subdomain": "new-site"
|
|
}
|
|
}
|
|
"""
|
|
When I do an API GET request to sites.json
|
|
Then the JSON response should be an array
|
|
And the JSON response should have 3 entries
|
|
|
|
Scenario: Creating new site as a Designer
|
|
Given I have a "designer" API token
|
|
When I do an API POST to sites.json with:
|
|
"""
|
|
{
|
|
"site": {
|
|
"name": "New site",
|
|
"subdomain": "new-site"
|
|
}
|
|
}
|
|
"""
|
|
Then an access denied error should occur
|
|
|
|
Scenario: Creating new site as an Author
|
|
Given I have an "author" API token
|
|
When I do an API POST to sites.json with:
|
|
"""
|
|
{
|
|
"site": {
|
|
"name": "New site",
|
|
"subdomain": "new-site"
|
|
}
|
|
}
|
|
"""
|
|
Then an access denied error should occur
|
|
|
|
# update site
|
|
|
|
Scenario: Updating site as an Admin
|
|
Given I have an "admin" API token
|
|
When I do an API PUT to sites/4f832c2cb0d86d3f42fffffe.json with:
|
|
"""
|
|
{
|
|
"site": {
|
|
"name": "Brand new updated name"
|
|
}
|
|
}
|
|
"""
|
|
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
|
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
|
And the JSON response at "name" should be "Brand new updated name"
|
|
|
|
Scenario: Updating my site as a Designer
|
|
Given I have a "designer" API token
|
|
When I do an API PUT to sites/4f832c2cb0d86d3f42fffffe.json with:
|
|
"""
|
|
{
|
|
"site": {
|
|
"name": "Brand new updated name"
|
|
}
|
|
}
|
|
"""
|
|
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
|
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
|
And the JSON response at "name" should be "Brand new updated name"
|
|
|
|
Scenario: Updating other site as a Designer
|
|
Given I have a "designer" API token
|
|
When I do an API PUT to sites/4f832c2cb0d86d3f42ffffff.json with:
|
|
"""
|
|
{
|
|
"site": {
|
|
"name": "Brand new updated name"
|
|
}
|
|
}
|
|
"""
|
|
Then an access denied error should occur
|
|
|
|
Scenario: Updating my site as an Author
|
|
Given I have a "author" API token
|
|
When I do an API PUT to sites/4f832c2cb0d86d3f42fffffe.json with:
|
|
"""
|
|
{
|
|
"site": {
|
|
"name": "Brand new updated name"
|
|
}
|
|
}
|
|
"""
|
|
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
|
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
|
And the JSON response at "name" should be "Brand new updated name"
|
|
|
|
Scenario: Updating other site as an Author
|
|
Given I have a "author" API token
|
|
When I do an API PUT to sites/4f832c2cb0d86d3f42ffffff.json with:
|
|
"""
|
|
{
|
|
"site": {
|
|
"name": "Brand new updated name"
|
|
}
|
|
}
|
|
"""
|
|
Then an access denied error should occur
|
|
|
|
# destroy site
|
|
|
|
Scenario: Destroying site as an Admin
|
|
Given I have an "admin" API token
|
|
When I do an API GET request to sites.json
|
|
Then the JSON response should be an array
|
|
And the JSON response should have 2 entries
|
|
When I do an API DELETE to sites/4f832c2cb0d86d3f42fffffe.json
|
|
When I do an API GET request to sites.json
|
|
Then the JSON response should be an array
|
|
And the JSON response should have 1 entries
|
|
|
|
Scenario: Destroying my site as a Designer
|
|
Given I have a "designer" API token
|
|
When I do an API DELETE to sites/4f832c2cb0d86d3f42fffffe.json
|
|
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
|
Then it should not exist
|
|
|
|
Scenario: Deleting other site as a Designer
|
|
Given I have a "designer" API token
|
|
When I do an API DELETE to sites/4f832c2cb0d86d3f42ffffff.json
|
|
Then an access denied error should occur
|
|
|
|
Scenario: Deleting my site as an Author
|
|
Given I have a "author" API token
|
|
When I do an API DELETE to sites/4f832c2cb0d86d3f42fffffe.json
|
|
Then an access denied error should occur
|
|
|
|
Scenario: Deleting other site as an Author
|
|
Given I have a "author" API token
|
|
When I do an API DELETE to sites/4f832c2cb0d86d3f42ffffff.json
|
|
Then an access denied error should occur
|