locomotive_cms 2.0.0.rc12 → 2.0.0

data/features/api/accounts.feature

@@ -0,0 +1,25 @@
+Feature: Accounts
+  In order to manage accounts programmatically
+  As an API user
+  I will be able to create and update content entries
+
+  Background:
+    Given I have the site: "test site" set up with id: "4f832c2cb0d86d3f42fffffb"
+
+  Scenario: Creating a new account
+    Given I have an "admin" API token
+    When I do an API POST to accounts.json with:
+    """
+    {
+      "account": {
+        "name": "New User",
+        "email": "new-user4@a.com",
+        "password": "asimpleone",
+        "password_confirmation": "asimpleone"
+      }
+    }
+    """
+    When I do an API GET request to accounts.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    And the JSON response at "1/name" should be "New User"

data/features/api/authentication.feature

@@ -0,0 +1,19 @@
+Feature: Authentication
+  In order to consume the API
+  As an admin
+  I need to get an authentication token
+
+  Background:
+    Given I have the site: "test site" set up
+
+  Scenario: Fail to get a token without an email and a password
+    When I post to "/locomotive/api/tokens.json"
+    Then the JSON response at "message" should be "The request must contain the user email and password."
+
+  Scenario: Get a token
+    When I post to "/locomotive/api/tokens.json" with:
+    """
+    { "email": "admin@locomotiveapp.org", "password": "easyone" }
+    """
+    Then the JSON response at "token" should be a string
+    And the JSON response should not have "message"

data/features/api/authorization/accounts.feature

@@ -0,0 +1,125 @@
+Feature: Accounts
+  In order to ensure accounts are not tampered with
+  As an admin, designer or author
+  I will be restricted based on my role
+
+  Background:
+    Given I have the site: "test site" set up with id: "4f832c2cb0d86d3f42fffffb"
+    And I have a designer and an author
+    And I have accounts:
+      | email             | id                        |
+      | new-user1@a.com   | 4f832c2cb0d86d3f42fffffc  |
+      | new-user2@a.com   | 4f832c2cb0d86d3f42fffffd  |
+      | new-user3@a.com   | 4f832c2cb0d86d3f42fffffe  |
+
+  Scenario: As an unauthenticated user
+    Given I am not authenticated
+    When I do an API GET request to accounts.json
+    Then the JSON response at "error" should be "You need to sign in or sign up before continuing."
+
+  # listing accounts
+
+  Scenario: Accessing accounts as an Admin
+    Given I have an "admin" API token
+    When I do an API GET request to accounts.json
+    Then the JSON response should be an array
+    And the JSON response should have 6 entries
+
+  Scenario: Accessing accounts as a Designer
+    Given I have a "designer" API token
+    When I do an API GET request to accounts.json
+    Then an access denied error should occur
+
+  Scenario: Accessing accounts as an Author
+    Given I have an "author" API token
+    When I do an API GET request to accounts.json
+    Then an access denied error should occur
+ 
+  # showing account
+ 
+  Scenario: Accessing account as an Admin
+    Given I have an "admin" API token
+    When I do an API GET request to accounts/4f832c2cb0d86d3f42fffffc.json
+    Then the JSON response at "email" should be "new-user1@a.com"
+    When I do an API GET request to accounts/4f832c2cb0d86d3f42fffffd.json
+    Then the JSON response at "email" should be "new-user2@a.com"
+    When I do an API GET request to accounts/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "email" should be "new-user3@a.com"
+ 
+  Scenario: Accessing account as a Designer
+    Given I have a "designer" API token
+    When I do an API GET request to accounts/4f832c2cb0d86d3f42fffffc.json
+    Then an access denied error should occur
+ 
+  Scenario: Accessing account as an Author
+    Given I have an "author" API token
+    When I do an API GET request to accounts/4f832c2cb0d86d3f42fffffc.json
+    Then an access denied error should occur
+ 
+  # create account
+ 
+  Scenario: Creating new account as an Admin
+    Given I have an "admin" API token
+    When I do an API POST to accounts.json with:
+    """
+    {
+      "account": {
+        "name": "New User",
+        "email": "new-user4@a.com",
+        "password": "changeme"
+      }
+    }
+    """
+    When I do an API GET request to accounts.json
+    Then the JSON response should be an array
+    And the JSON response should have 7 entries
+ 
+  Scenario: Creating new account as a Designer
+    Given I have a "designer" API token
+    When I do an API POST to accounts.json with:
+    """
+    {
+      "account": {
+        "name": "New User",
+        "email": "new-user4@a.com",
+        "password": "changeme"
+      }
+    }
+    """
+    Then an access denied error should occur
+ 
+  Scenario: Creating new account as an Author
+    Given I have an "author" API token
+    When I do an API POST to accounts.json with:
+    """
+    {
+      "account": {
+        "name": "New User",
+        "email": "new-user4@a.com",
+        "password": "changeme"
+      }
+    }
+    """
+    Then an access denied error should occur
+ 
+  # destroy account
+ 
+  Scenario: Destroying account as an Admin
+    Given I have an "admin" API token
+    When I do an API GET request to accounts.json
+    Then the JSON response should be an array
+    And the JSON response should have 6 entries
+    When I do an API DELETE to accounts/4f832c2cb0d86d3f42fffffe.json
+    When I do an API GET request to accounts.json
+    Then the JSON response should be an array
+    And the JSON response should have 5 entries
+ 
+  Scenario: Destroying account as a Designer
+    Given I have a "designer" API token
+    When I do an API DELETE to accounts/4f832c2cb0d86d3f42fffffe.json
+    Then an access denied error should occur
+ 
+  Scenario: Deleting account as an Author
+    Given I have a "author" API token
+    When I do an API DELETE to accounts/4f832c2cb0d86d3f42fffffe.json
+    Then an access denied error should occur

data/features/api/authorization/content_assets.feature

@@ -0,0 +1,147 @@
+Feature: Content Assets
+  In order to ensure content assets are not tampered with
+  As an admin, designer or author
+  I will be restricted based on my role
+
+  Background:
+    Given I have the site: "test site" set up
+    And I have the following content assets:
+      | id                          | file      |
+      | 4f832c2cb0d86d3f42fffffe    | 5k.png    |
+      | 4f832c2cb0d86d3f42ffffff    | 5k_2.png  |
+    And I have a designer and an author
+
+  Scenario: As an unauthenticated user
+    Given I am not authenticated
+    When I do an API GET to content_assets.json
+    Then the JSON response at "error" should be "You need to sign in or sign up before continuing."
+
+  # listing content assets
+
+  Scenario: Accessing content assets as an Admin
+    Given I have an "admin" API token
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+
+  Scenario: Accessing content assets as a Designer
+    Given I have a "designer" API token
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+
+  Scenario: Accessing content assets as an Author
+    Given I have an "author" API token
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+
+  # showing content asset
+
+  Scenario: Accessing content asset as an Admin
+    Given I have an "admin" API token
+    When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "filename" should be "5k.png"
+
+  Scenario: Accessing content asset as a Designer
+    Given I have a "designer" API token
+    When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "filename" should be "5k.png"
+
+  Scenario: Accessing content asset as an Author
+    Given I have an "author" API token
+    When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "filename" should be "5k.png"
+
+  # create content asset
+
+  Scenario: Creating new content asset as an Admin
+    Given I have an "admin" API token
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do a multipart API POST to content_assets.json with base key "content_asset" and:
+      | source  | assets/application.js     |
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 3 entries
+    And the JSON at "2/filename" should be "application.js"
+
+  Scenario: Creating new content asset as a Designer
+    Given I have a "designer" API token
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do a multipart API POST to content_assets.json with base key "content_asset" and:
+      | source  | assets/application.js     |
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 3 entries
+    And the JSON at "2/filename" should be "application.js"
+
+  Scenario: Creating new content asset as an Author
+    Given I have an "author" API token
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do a multipart API POST to content_assets.json with base key "content_asset" and:
+      | source  | assets/application.js     |
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 3 entries
+    And the JSON at "2/filename" should be "application.js"
+
+  # update content asset
+
+  Scenario: Updating content asset as an Admin
+    Given I have an "admin" API token
+    When I do a multipart API PUT to content_assets/4f832c2cb0d86d3f42fffffe.json with base key "content_asset" and:
+      | source  | assets/main.css   |
+    When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "filename" should be "main.css"
+
+  Scenario: Updating content asset as a Designer
+    Given I have a "designer" API token
+    When I do a multipart API PUT to content_assets/4f832c2cb0d86d3f42fffffe.json with base key "content_asset" and:
+      | source  | assets/main.css   |
+    When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "filename" should be "main.css"
+
+  Scenario: Updating content asset as an Author
+    Given I have a "author" API token
+    When I do a multipart API PUT to content_assets/4f832c2cb0d86d3f42fffffe.json with base key "content_asset" and:
+      | source  | assets/main.css   |
+    When I do an API GET request to content_assets/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "filename" should be "main.css"
+
+  # destroy content asset
+
+  Scenario: Destroying content asset as an Admin
+    Given I have an "admin" API token
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do an API DELETE to content_assets/4f832c2cb0d86d3f42fffffe.json
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 1 entry
+
+  Scenario: Destroying content asset as a Designer
+    Given I have a "designer" API token
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do an API DELETE to content_assets/4f832c2cb0d86d3f42fffffe.json
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 1 entry
+
+  Scenario: Deleting content asset as an Author
+    Given I have a "author" API token
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do an API DELETE to content_assets/4f832c2cb0d86d3f42fffffe.json
+    When I do an API GET request to content_assets.json
+    Then the JSON response should be an array
+    And the JSON response should have 1 entry

data/features/api/authorization/content_entries.feature

@@ -0,0 +1,202 @@
+Feature: Content Entries
+  In order to ensure content entries are not tampered with
+  As an admin, designer or author
+  I will be restricted based on my role
+
+  Background:
+    Given I have the site: "test site" set up
+    And I have a custom model named "Projects" with
+      | label       | type      | required        |
+      | Name        | string    | true            |
+      | Description | text      | false           |
+    And I have entries for "Projects" with
+      | id                          | name        | description           |
+      | 4f832c2cb0d86d3f42fffffe    | Project 1   | The first project     |
+      | 4f832c2cb0d86d3f42ffffff    | Project 2   | The second project    |
+    And I have a designer and an author
+
+  Scenario: As an unauthenticated user
+    Given I am not authenticated
+    When I do an API GET to content_types/projects/entries.json
+    Then the JSON response at "error" should be "You need to sign in or sign up before continuing."
+
+  # listing content entries
+
+  Scenario: Accessing content entries as an Admin
+    Given I have an "admin" API token
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+
+  Scenario: Accessing content entries as a Designer
+    Given I have a "designer" API token
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+
+  Scenario: Accessing content entries as an Author
+    Given I have an "author" API token
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+
+  # showing content entry
+
+  Scenario: Accessing content entry as an Admin
+    Given I have an "admin" API token
+    When I do an API GET request to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
+    And the JSON response at "name" should be "Project 1"
+
+  Scenario: Accessing content entry as a Designer
+    Given I have a "designer" API token
+    When I do an API GET request to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
+    And the JSON response at "name" should be "Project 1"
+
+  Scenario: Accessing content entry as an Author
+    Given I have an "author" API token
+    When I do an API GET request to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
+    And the JSON response at "name" should be "Project 1"
+
+  # create content entry
+
+  Scenario: Creating new content entry as an Admin
+    Given I have an "admin" API token
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do an API POST to content_types/projects/entries.json with:
+    """
+    {
+      "content_entry": {
+        "name": "Project 3",
+        "description": "The third..."
+      }
+    }
+    """
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 3 entries
+    And the JSON should have the following:
+      | 2/name          | "Project 3"       |
+      | 2/description   | "The third..."    |
+
+  Scenario: Creating new content entry as a Designer
+    Given I have a "designer" API token
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do an API POST to content_types/projects/entries.json with:
+    """
+    {
+      "content_entry": {
+        "name": "Project 3",
+        "description": "The third..."
+      }
+    }
+    """
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 3 entries
+    And the JSON should have the following:
+      | 2/name          | "Project 3"       |
+      | 2/description   | "The third..."    |
+
+  Scenario: Creating new content entry as an Author
+    Given I have an "author" API token
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do an API POST to content_types/projects/entries.json with:
+    """
+    {
+      "content_entry": {
+        "name": "Project 3",
+        "description": "The third..."
+      }
+    }
+    """
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 3 entries
+    And the JSON should have the following:
+      | 2/name          | "Project 3"       |
+      | 2/description   | "The third..."    |
+
+  # update content entry
+
+  Scenario: Updating content entry as an Admin
+    Given I have an "admin" API token
+    When I do an API PUT to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json with:
+    """
+    {
+      "content_entry": {
+        "description": "The awesomest project ever!"
+      }
+    }
+    """
+    When I do an API GET request to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "name" should be "Project 1"
+    And the JSON response at "description" should be "The awesomest project ever!"
+
+  Scenario: Updating content entry as a Designer
+    Given I have a "designer" API token
+    When I do an API PUT to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json with:
+    """
+    {
+      "content_entry": {
+        "description": "The awesomest project ever!"
+      }
+    }
+    """
+    When I do an API GET request to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "name" should be "Project 1"
+    And the JSON response at "description" should be "The awesomest project ever!"
+
+  Scenario: Updating content entry as an Author
+    Given I have a "author" API token
+    When I do an API PUT to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json with:
+    """
+    {
+      "content_entry": {
+        "description": "The awesomest project ever!"
+      }
+    }
+    """
+    When I do an API GET request to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json
+    Then the JSON response at "name" should be "Project 1"
+    And the JSON response at "description" should be "The awesomest project ever!"
+
+  # destroy content entry
+
+  Scenario: Destroying content entry as an Admin
+    Given I have an "admin" API token
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do an API DELETE to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 1 entry
+
+  Scenario: Destroying content entry as a Designer
+    Given I have a "designer" API token
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do an API DELETE to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 1 entry
+
+  Scenario: Deleting content entry as an Author
+    Given I have a "author" API token
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 2 entries
+    When I do an API DELETE to content_types/projects/entries/4f832c2cb0d86d3f42fffffe.json
+    When I do an API GET request to content_types/projects/entries.json
+    Then the JSON response should be an array
+    And the JSON response should have 1 entry