locomotivecms 3.0.0.rc3 → 3.0.0.rc4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +3 -3
- data/README.md +1 -1
- data/app/assets/stylesheets/locomotive/unauthorized/_public.scss +7 -4
- data/app/controllers/locomotive/errors_controller.rb +4 -0
- data/app/helpers/locomotive/errors_helper.rb +2 -4
- data/app/models/locomotive/concerns/content_entry/csv.rb +4 -0
- data/app/models/locomotive/concerns/content_entry/slug.rb +0 -2
- data/app/models/locomotive/concerns/content_type/sync.rb +2 -2
- data/app/models/locomotive/concerns/page/templatized.rb +1 -1
- data/app/models/locomotive/concerns/site/access_points.rb +3 -3
- data/app/models/locomotive/theme_asset.rb +0 -1
- data/app/views/locomotive/developers_documentation/_wagon.html.slim +2 -2
- data/app/views/locomotive/devise_mailer/reset_password_instructions.html.slim +1 -0
- data/app/views/locomotive/errors/no_site.json +1 -0
- data/app/views/locomotive/shared/_sidebar.html.slim +1 -1
- data/app/views/locomotive/shared/_sidebar_without_site.html.slim +1 -1
- data/app/views/locomotive/shared/header/_account_menu.html.slim +2 -2
- data/config/locales/en.yml +1 -1
- data/config/routes.rb +4 -2
- data/lib/generators/locomotive/install/install_generator.rb +9 -9
- data/lib/generators/locomotive/install/templates/carrierwave.rb +23 -12
- data/lib/generators/locomotive/install/templates/carrierwave_aws.rb +36 -0
- data/lib/generators/locomotive/install/templates/mongoid.yml +97 -35
- data/lib/locomotive/dependencies.rb +1 -1
- data/lib/locomotive/middlewares/site.rb +10 -4
- data/lib/locomotive/mongoid/patches.rb +1 -1
- data/lib/locomotive/steam_adaptor.rb +6 -4
- data/lib/locomotive/version.rb +1 -1
- data/spec/dummy/config/application.rb +0 -3
- data/spec/dummy/config/initializers/devise.rb +128 -58
- data/spec/dummy/config/mongoid.yml +95 -78
- data/spec/models/locomotive/content_entry_spec.rb +6 -6
- data/spec/requests/locomotive/steam/cache_spec.rb +1 -1
- data/spec/requests/site_spec.rb +25 -0
- data/spec/support/mongoid.rb +2 -0
- metadata +16 -189
- data/features/api/accounts.feature +0 -43
- data/features/api/authentication.feature +0 -41
- data/features/api/authorization/accounts.feature +0 -165
- data/features/api/authorization/content_assets.feature +0 -147
- data/features/api/authorization/content_entries.feature +0 -202
- data/features/api/authorization/content_types.feature +0 -237
- data/features/api/authorization/current_site.feature +0 -30
- data/features/api/authorization/memberships.feature +0 -225
- data/features/api/authorization/pages.feature +0 -189
- data/features/api/authorization/sites.feature +0 -212
- data/features/api/authorization/snippets.feature +0 -179
- data/features/api/authorization/theme_assets.feature +0 -185
- data/features/api/authorization/translations.feature +0 -253
- data/features/api/content_entries.feature +0 -184
- data/features/api/content_types.feature +0 -156
- data/features/api/editable_elements.feature +0 -190
- data/features/api/entries_custom_fields.feature +0 -150
- data/features/api/memberships.feature +0 -26
- data/features/api/pages.feature +0 -72
- data/features/backoffice/authorization/account_settings.feature +0 -28
- data/features/backoffice/authorization/content_type.feature +0 -35
- data/features/backoffice/authorization/current_site.feature +0 -53
- data/features/backoffice/authorization/inline_front_end_editing.feature +0 -46
- data/features/backoffice/authorization/pages.feature +0 -95
- data/features/backoffice/authorization/theme_assets.feature +0 -50
- data/features/backoffice/content_types/edit.feature +0 -20
- data/features/backoffice/content_types/email.feature +0 -26
- data/features/backoffice/content_types/has_many.feature +0 -80
- data/features/backoffice/content_types/integer.feature +0 -26
- data/features/backoffice/content_types/localized.feature +0 -63
- data/features/backoffice/content_types/many_to_many.feature +0 -70
- data/features/backoffice/content_types/tags.feature +0 -22
- data/features/backoffice/content_types/uniqueness.feature +0 -29
- data/features/backoffice/contents.feature +0 -93
- data/features/backoffice/editable_elements.feature +0 -22
- data/features/backoffice/installation.feature +0 -33
- data/features/backoffice/login.feature +0 -33
- data/features/backoffice/mounting.feature +0 -13
- data/features/backoffice/my_account.feature +0 -22
- data/features/backoffice/pages.feature +0 -73
- data/features/backoffice/regressions.feature +0 -19
- data/features/backoffice/site.feature +0 -71
- data/features/backoffice/snippets.feature +0 -39
- data/features/backoffice/theme_assets.feature +0 -72
- data/features/backoffice/translations.feature +0 -50
- data/features/public/basic.feature +0 -30
- data/features/public/contact_form.feature +0 -98
- data/features/public/content_entries.feature +0 -69
- data/features/public/editable_elements.feature +0 -138
- data/features/public/has_many.feature +0 -8
- data/features/public/inheritance.feature +0 -157
- data/features/public/inline_front_end_editing.feature +0 -26
- data/features/public/many_to_many.feature +0 -64
- data/features/public/new_contact_form.feature +0 -95
- data/features/public/pages.feature +0 -116
- data/features/public/pagination.feature +0 -8
- data/features/public/robots.feature +0 -22
- data/features/public/session.feature +0 -40
- data/features/public/sitemap.feature +0 -74
- data/features/public/snippets.feature +0 -21
- data/features/public/tablerow.feature +0 -42
- data/features/public/tags.feature +0 -45
- data/features/step_definitions/api_steps.rb +0 -179
- data/features/step_definitions/backoffice/mounting_steps.rb +0 -22
- data/features/step_definitions/backoffice_steps.rb +0 -47
- data/features/step_definitions/content_assets_steps.rb +0 -12
- data/features/step_definitions/content_types_steps.rb +0 -135
- data/features/step_definitions/current_site_steps.rb +0 -43
- data/features/step_definitions/editable_elements_steps.rb +0 -24
- data/features/step_definitions/membership_steps.rb +0 -19
- data/features/step_definitions/more_web_steps.rb +0 -131
- data/features/step_definitions/page_steps.rb +0 -133
- data/features/step_definitions/pagination_steps.rb +0 -35
- data/features/step_definitions/pickle_steps.rb +0 -100
- data/features/step_definitions/relationships_steps.rb +0 -110
- data/features/step_definitions/site_steps.rb +0 -111
- data/features/step_definitions/snippet_steps.rb +0 -37
- data/features/step_definitions/theme_asset_steps.rb +0 -64
- data/features/step_definitions/translation_steps.rb +0 -7
- data/features/step_definitions/web_steps.rb +0 -225
- data/features/step_definitions/within_steps.rb +0 -14
- data/features/support/cleaner.rb +0 -4
- data/features/support/env.rb +0 -82
- data/features/support/factory_girl.rb +0 -2
- data/features/support/http.rb +0 -22
- data/features/support/locales.rb +0 -5
- data/features/support/paths.rb +0 -62
- data/features/support/pickle.rb +0 -24
- data/features/support/selectors.rb +0 -57
@@ -1,225 +0,0 @@
|
|
1
|
-
Feature: Memberships
|
2
|
-
In order to ensure memberships are not tampered with
|
3
|
-
As an admin, designer or author
|
4
|
-
I will be restricted based on my role
|
5
|
-
|
6
|
-
Background:
|
7
|
-
Given I have the site: "test site" set up with id: "4f832c2cb0d86d3f42fffffb"
|
8
|
-
And I have accounts:
|
9
|
-
| email | id |
|
10
|
-
| new-user@a.com | 4f832c2cb0d86d3f42fffffc |
|
11
|
-
And I have memberships:
|
12
|
-
| email | role | id |
|
13
|
-
| admin@a.com | admin | 4f832c2cb0d86d3f42fffffd |
|
14
|
-
| designer@a.com | designer | 4f832c2cb0d86d3f42fffffe |
|
15
|
-
| author@a.com | author | 4f832c2cb0d86d3f42ffffff |
|
16
|
-
|
17
|
-
Scenario: As an unauthenticated user
|
18
|
-
Given I am not authenticated
|
19
|
-
When I do an API GET to memberships.json
|
20
|
-
Then the JSON response at "error" should be "You need to sign in or sign up before continuing."
|
21
|
-
|
22
|
-
# listing memberships
|
23
|
-
|
24
|
-
Scenario: Accessing memberships as an Admin
|
25
|
-
Given I have an "admin" API token
|
26
|
-
When I do an API GET request to memberships.json
|
27
|
-
Then the JSON response should be an array
|
28
|
-
And the JSON response should have 4 entries
|
29
|
-
|
30
|
-
Scenario: Accessing memberships as a Designer
|
31
|
-
Given I have a "designer" API token
|
32
|
-
When I do an API GET request to memberships.json
|
33
|
-
Then the JSON response should be an array
|
34
|
-
And the JSON response should have 4 entries
|
35
|
-
|
36
|
-
Scenario: Accessing memberships as an Author
|
37
|
-
Given I have an "author" API token
|
38
|
-
When I do an API GET request to memberships.json
|
39
|
-
Then an access denied error should occur
|
40
|
-
|
41
|
-
# showing membership
|
42
|
-
|
43
|
-
Scenario: Accessing membership as an Admin
|
44
|
-
Given I have an "admin" API token
|
45
|
-
When I do an API GET request to memberships/4f832c2cb0d86d3f42fffffd.json
|
46
|
-
Then the JSON response at "email" should be "admin@a.com"
|
47
|
-
When I do an API GET request to memberships/4f832c2cb0d86d3f42fffffe.json
|
48
|
-
Then the JSON response at "email" should be "designer@a.com"
|
49
|
-
When I do an API GET request to memberships/4f832c2cb0d86d3f42ffffff.json
|
50
|
-
Then the JSON response at "email" should be "author@a.com"
|
51
|
-
|
52
|
-
Scenario: Accessing membership as a Designer
|
53
|
-
Given I have a "designer" API token
|
54
|
-
When I do an API GET request to memberships/4f832c2cb0d86d3f42fffffd.json
|
55
|
-
Then the JSON response at "email" should be "admin@a.com"
|
56
|
-
When I do an API GET request to memberships/4f832c2cb0d86d3f42fffffe.json
|
57
|
-
Then the JSON response at "email" should be "designer@a.com"
|
58
|
-
When I do an API GET request to memberships/4f832c2cb0d86d3f42ffffff.json
|
59
|
-
Then the JSON response at "email" should be "author@a.com"
|
60
|
-
|
61
|
-
Scenario: Accessing membership as an Author
|
62
|
-
Given I have an "author" API token
|
63
|
-
When I do an API GET request to memberships/4f832c2cb0d86d3f42fffffe.json
|
64
|
-
Then an access denied error should occur
|
65
|
-
|
66
|
-
# create membership
|
67
|
-
|
68
|
-
Scenario: Creating new membership as an Admin
|
69
|
-
Given I have an "admin" API token
|
70
|
-
When I do an API POST to memberships.json with:
|
71
|
-
"""
|
72
|
-
{
|
73
|
-
"membership": {
|
74
|
-
"site_id": "4f832c2cb0d86d3f42fffffb",
|
75
|
-
"account_id": "4f832c2cb0d86d3f42fffffc"
|
76
|
-
}
|
77
|
-
}
|
78
|
-
"""
|
79
|
-
When I do an API GET request to memberships.json
|
80
|
-
Then the JSON response should be an array
|
81
|
-
And the JSON response should have 5 entries
|
82
|
-
|
83
|
-
Scenario: Creating new membership as a Designer
|
84
|
-
Given I have a "designer" API token
|
85
|
-
When I do an API POST to memberships.json with:
|
86
|
-
"""
|
87
|
-
{
|
88
|
-
"membership": {
|
89
|
-
"site_id": "4f832c2cb0d86d3f42fffffb",
|
90
|
-
"account_id": "4f832c2cb0d86d3f42fffffc"
|
91
|
-
}
|
92
|
-
}
|
93
|
-
"""
|
94
|
-
When I do an API GET request to memberships.json
|
95
|
-
Then the JSON response should be an array
|
96
|
-
And the JSON response should have 5 entries
|
97
|
-
|
98
|
-
Scenario: Creating new membership as an Author
|
99
|
-
Given I have an "author" API token
|
100
|
-
When I do an API POST to memberships.json with:
|
101
|
-
"""
|
102
|
-
{
|
103
|
-
"membership": {
|
104
|
-
"site_id": "4f832c2cb0d86d3f42fffffb",
|
105
|
-
"account_id": "4f832c2cb0d86d3f42fffffc"
|
106
|
-
}
|
107
|
-
}
|
108
|
-
"""
|
109
|
-
Then an access denied error should occur
|
110
|
-
|
111
|
-
Scenario: Created membership should always be Author
|
112
|
-
Given I have an "admin" API token
|
113
|
-
When I do an API POST to memberships.json with:
|
114
|
-
"""
|
115
|
-
{
|
116
|
-
"membership": {
|
117
|
-
"site_id": "4f832c2cb0d86d3f42fffffb",
|
118
|
-
"account_id": "4f832c2cb0d86d3f42fffffc",
|
119
|
-
"role": "admin"
|
120
|
-
}
|
121
|
-
}
|
122
|
-
"""
|
123
|
-
When I do an API GET request to memberships.json
|
124
|
-
Then the JSON response should be an array
|
125
|
-
And the JSON response should have 5 entries
|
126
|
-
And the JSON at "4/role" should be "author"
|
127
|
-
|
128
|
-
# update membership
|
129
|
-
|
130
|
-
Scenario: Updating membership as an Admin
|
131
|
-
Given I have an "admin" API token
|
132
|
-
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
133
|
-
"""
|
134
|
-
{
|
135
|
-
"membership": {
|
136
|
-
"role": "admin"
|
137
|
-
}
|
138
|
-
}
|
139
|
-
"""
|
140
|
-
When I do an API GET request to memberships/4f832c2cb0d86d3f42ffffff.json
|
141
|
-
Then the JSON response at "role" should be "admin"
|
142
|
-
|
143
|
-
Scenario: Updating membership as a Designer
|
144
|
-
Given I have a "designer" API token
|
145
|
-
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
146
|
-
"""
|
147
|
-
{
|
148
|
-
"membership": {
|
149
|
-
"role": "admin"
|
150
|
-
}
|
151
|
-
}
|
152
|
-
"""
|
153
|
-
When I do an API GET request to memberships/4f832c2cb0d86d3f42ffffff.json
|
154
|
-
Then the JSON response at "role" should be "author"
|
155
|
-
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
156
|
-
"""
|
157
|
-
{
|
158
|
-
"membership": {
|
159
|
-
"role": "designer"
|
160
|
-
}
|
161
|
-
}
|
162
|
-
"""
|
163
|
-
When I do an API GET request to memberships/4f832c2cb0d86d3f42ffffff.json
|
164
|
-
Then the JSON response at "role" should be "designer"
|
165
|
-
|
166
|
-
Scenario: Updating membership as an Author
|
167
|
-
Given I have a "author" API token
|
168
|
-
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
169
|
-
"""
|
170
|
-
{
|
171
|
-
"membership": {
|
172
|
-
"role": "admin"
|
173
|
-
}
|
174
|
-
}
|
175
|
-
"""
|
176
|
-
Then an access denied error should occur
|
177
|
-
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
178
|
-
"""
|
179
|
-
{
|
180
|
-
"membership": {
|
181
|
-
"role": "designer"
|
182
|
-
}
|
183
|
-
}
|
184
|
-
"""
|
185
|
-
Then an access denied error should occur
|
186
|
-
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
187
|
-
"""
|
188
|
-
{
|
189
|
-
"membership": {
|
190
|
-
"role": "author"
|
191
|
-
}
|
192
|
-
}
|
193
|
-
"""
|
194
|
-
Then an access denied error should occur
|
195
|
-
|
196
|
-
# destroy membership
|
197
|
-
|
198
|
-
Scenario: Destroying membership as an Admin
|
199
|
-
Given I have an "admin" API token
|
200
|
-
When I do an API GET request to memberships.json
|
201
|
-
Then the JSON response should be an array
|
202
|
-
And the JSON response should have 4 entries
|
203
|
-
When I do an API DELETE to memberships/4f832c2cb0d86d3f42ffffff.json
|
204
|
-
When I do an API GET request to memberships.json
|
205
|
-
Then the JSON response should be an array
|
206
|
-
And the JSON response should have 3 entries
|
207
|
-
|
208
|
-
Scenario: Destroying membership as a Designer
|
209
|
-
Given I have a "designer" API token
|
210
|
-
When I do an API GET request to memberships.json
|
211
|
-
Then the JSON response should be an array
|
212
|
-
And the JSON response should have 4 entries
|
213
|
-
When I do an API DELETE to memberships/4f832c2cb0d86d3f42ffffff.json
|
214
|
-
When I do an API GET request to memberships.json
|
215
|
-
Then the JSON response should be an array
|
216
|
-
And the JSON response should have 3 entries
|
217
|
-
When I do an API DELETE to memberships/4f832c2cb0d86d3f42fffffe.json
|
218
|
-
Then an access denied error should occur
|
219
|
-
When I do an API DELETE to memberships/4f832c2cb0d86d3f42fffffd.json
|
220
|
-
Then an access denied error should occur
|
221
|
-
|
222
|
-
Scenario: Deleting membership as an Author
|
223
|
-
Given I have a "author" API token
|
224
|
-
When I do an API DELETE to memberships/4f832c2cb0d86d3f42fffffe.json
|
225
|
-
Then an access denied error should occur
|
@@ -1,189 +0,0 @@
|
|
1
|
-
Feature: Pages
|
2
|
-
In order to ensure pages are not tampered with
|
3
|
-
As an admin, designer or author
|
4
|
-
I will be restricted based on my role
|
5
|
-
|
6
|
-
Background:
|
7
|
-
Given I have the site: "test site" set up
|
8
|
-
And I have a custom model named "Projects" with
|
9
|
-
| label | type | required |
|
10
|
-
| Name | string | true |
|
11
|
-
| Description | text | false |
|
12
|
-
And I have a designer and an author
|
13
|
-
And a page named "hello-world" with id "4f832c2cb0d86d3f42fffffe"
|
14
|
-
And a page named "goodbye-world" with id "4f832c2cb0d86d3f42ffffff"
|
15
|
-
|
16
|
-
Scenario: As an unauthenticated user
|
17
|
-
Given I am not authenticated
|
18
|
-
When I do an API GET to pages.json
|
19
|
-
Then the JSON response at "error" should be "You need to sign in or sign up before continuing."
|
20
|
-
|
21
|
-
# listing pages
|
22
|
-
|
23
|
-
Scenario: Accessing pages as an Admin
|
24
|
-
Given I have an "admin" API token
|
25
|
-
When I do an API GET request to pages.json
|
26
|
-
Then the JSON response should be an array
|
27
|
-
And the JSON response should have 4 entries
|
28
|
-
|
29
|
-
Scenario: Accessing pages as a Designer
|
30
|
-
Given I have a "designer" API token
|
31
|
-
When I do an API GET request to pages.json
|
32
|
-
Then the JSON response should be an array
|
33
|
-
And the JSON response should have 4 entries
|
34
|
-
|
35
|
-
Scenario: Accessing pages as an Author
|
36
|
-
Given I have an "author" API token
|
37
|
-
When I do an API GET request to pages.json
|
38
|
-
Then the JSON response should be an array
|
39
|
-
And the JSON response should have 4 entries
|
40
|
-
|
41
|
-
# showing page
|
42
|
-
|
43
|
-
Scenario: Accessing page as an Admin
|
44
|
-
Given I have an "admin" API token
|
45
|
-
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
|
46
|
-
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
47
|
-
And the JSON response at "slug" should be "hello-world"
|
48
|
-
|
49
|
-
Scenario: Accessing page as a Designer
|
50
|
-
Given I have a "designer" API token
|
51
|
-
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
|
52
|
-
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
53
|
-
And the JSON response at "slug" should be "hello-world"
|
54
|
-
|
55
|
-
Scenario: Accessing page as an Author
|
56
|
-
Given I have an "author" API token
|
57
|
-
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
|
58
|
-
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
59
|
-
And the JSON response at "slug" should be "hello-world"
|
60
|
-
|
61
|
-
# create page
|
62
|
-
|
63
|
-
Scenario: Creating new page as an Admin
|
64
|
-
Given I have an "admin" API token
|
65
|
-
When I do an API GET request to pages.json
|
66
|
-
Then the JSON response should be an array
|
67
|
-
And the JSON response should have 4 entries
|
68
|
-
When I do an API POST to pages.json with:
|
69
|
-
"""
|
70
|
-
{
|
71
|
-
"page": {
|
72
|
-
"title": "New Page",
|
73
|
-
"slug": "new-page",
|
74
|
-
"parent_fullpath": "index"
|
75
|
-
}
|
76
|
-
}
|
77
|
-
"""
|
78
|
-
When I do an API GET request to pages.json
|
79
|
-
Then the JSON response should be an array
|
80
|
-
And the JSON response should have 5 entries
|
81
|
-
|
82
|
-
Scenario: Creating new page as a Designer
|
83
|
-
Given I have a "designer" API token
|
84
|
-
When I do an API GET request to pages.json
|
85
|
-
Then the JSON response should be an array
|
86
|
-
And the JSON response should have 4 entries
|
87
|
-
When I do an API POST to pages.json with:
|
88
|
-
"""
|
89
|
-
{
|
90
|
-
"page": {
|
91
|
-
"title": "New Page",
|
92
|
-
"slug": "new-page",
|
93
|
-
"parent_fullpath": "index"
|
94
|
-
}
|
95
|
-
}
|
96
|
-
"""
|
97
|
-
When I do an API GET request to pages.json
|
98
|
-
Then the JSON response should be an array
|
99
|
-
And the JSON response should have 5 entries
|
100
|
-
|
101
|
-
Scenario: Creating new page as an Author
|
102
|
-
Given I have an "author" API token
|
103
|
-
When I do an API POST to pages.json with:
|
104
|
-
"""
|
105
|
-
{
|
106
|
-
"page": {
|
107
|
-
"title": "New Page",
|
108
|
-
"slug": "new-page",
|
109
|
-
"parent_fullpath": "index"
|
110
|
-
}
|
111
|
-
}
|
112
|
-
"""
|
113
|
-
When I do an API GET request to pages.json
|
114
|
-
Then the JSON response should be an array
|
115
|
-
And the JSON response should have 5 entries
|
116
|
-
|
117
|
-
# update page
|
118
|
-
|
119
|
-
Scenario: Updating page as an Admin
|
120
|
-
Given I have an "admin" API token
|
121
|
-
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
|
122
|
-
"""
|
123
|
-
{
|
124
|
-
"page": {
|
125
|
-
"title": "Brand new updated title"
|
126
|
-
}
|
127
|
-
}
|
128
|
-
"""
|
129
|
-
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
|
130
|
-
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
131
|
-
And the JSON response at "title" should be "Brand new updated title"
|
132
|
-
|
133
|
-
Scenario: Updating page as a Designer
|
134
|
-
Given I have a "designer" API token
|
135
|
-
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
|
136
|
-
"""
|
137
|
-
{
|
138
|
-
"page": {
|
139
|
-
"title": "Brand new updated title"
|
140
|
-
}
|
141
|
-
}
|
142
|
-
"""
|
143
|
-
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
|
144
|
-
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
145
|
-
And the JSON response at "title" should be "Brand new updated title"
|
146
|
-
|
147
|
-
Scenario: Updating page as an Author
|
148
|
-
Given I have a "author" API token
|
149
|
-
When I do an API PUT to pages/4f832c2cb0d86d3f42fffffe.json with:
|
150
|
-
"""
|
151
|
-
{
|
152
|
-
"page": {
|
153
|
-
"title": "Brand new updated title"
|
154
|
-
}
|
155
|
-
}
|
156
|
-
"""
|
157
|
-
When I do an API GET request to pages/4f832c2cb0d86d3f42fffffe.json
|
158
|
-
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
159
|
-
And the JSON response at "title" should be "Brand new updated title"
|
160
|
-
|
161
|
-
# destroy page
|
162
|
-
|
163
|
-
Scenario: Destroying page as an Admin
|
164
|
-
Given I have an "admin" API token
|
165
|
-
When I do an API GET request to pages.json
|
166
|
-
Then the JSON response should be an array
|
167
|
-
And the JSON response should have 4 entries
|
168
|
-
When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json
|
169
|
-
When I do an API GET request to pages.json
|
170
|
-
Then the JSON response should be an array
|
171
|
-
And the JSON response should have 3 entries
|
172
|
-
|
173
|
-
Scenario: Destroying page as a Designer
|
174
|
-
Given I have a "designer" API token
|
175
|
-
When I do an API GET request to pages.json
|
176
|
-
Then the JSON response should be an array
|
177
|
-
And the JSON response should have 4 entries
|
178
|
-
When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json
|
179
|
-
When I do an API GET request to pages.json
|
180
|
-
Then the JSON response should be an array
|
181
|
-
And the JSON response should have 3 entries
|
182
|
-
|
183
|
-
Scenario: Deleting page as an Author
|
184
|
-
Given I have a "author" API token
|
185
|
-
When I do an API GET request to pages.json
|
186
|
-
Then the JSON response should be an array
|
187
|
-
And the JSON response should have 4 entries
|
188
|
-
When I do an API DELETE to pages/4f832c2cb0d86d3f42fffffe.json
|
189
|
-
Then an access denied error should occur
|
@@ -1,212 +0,0 @@
|
|
1
|
-
Feature: Sites
|
2
|
-
In order to ensure sites are not tampered with
|
3
|
-
As an admin, designer or author
|
4
|
-
I will be restricted based on my role
|
5
|
-
|
6
|
-
Background:
|
7
|
-
Given I have the site: "test site" set up with id: "4f832c2cb0d86d3f42fffffe"
|
8
|
-
And I have the site: "another site" set up with id: "4f832c2cb0d86d3f42ffffff"
|
9
|
-
And I have a designer and an author
|
10
|
-
|
11
|
-
Scenario: As an unauthenticated user
|
12
|
-
Given I am not authenticated
|
13
|
-
When I do an API GET to sites.json
|
14
|
-
Then the JSON response at "error" should be "You need to sign in or sign up before continuing."
|
15
|
-
|
16
|
-
# listing sites
|
17
|
-
|
18
|
-
Scenario: Accessing sites as an Admin
|
19
|
-
Given I have an "admin" API token
|
20
|
-
When I do an API GET request to sites.json
|
21
|
-
Then the JSON response should be an array
|
22
|
-
And the JSON response should have 2 entries
|
23
|
-
|
24
|
-
Scenario: Accessing sites as a Designer
|
25
|
-
Given I have a "designer" API token
|
26
|
-
When I do an API GET request to sites.json
|
27
|
-
Then the JSON response should be an array
|
28
|
-
And the JSON response should have 1 entry
|
29
|
-
|
30
|
-
Scenario: Accessing sites as an Author
|
31
|
-
Given I have an "author" API token
|
32
|
-
When I do an API GET request to sites.json
|
33
|
-
Then the JSON response should be an array
|
34
|
-
And the JSON response should have 1 entry
|
35
|
-
|
36
|
-
# showing site
|
37
|
-
|
38
|
-
Scenario: Accessing site as an Admin
|
39
|
-
Given I have an "admin" API token
|
40
|
-
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
41
|
-
Then the JSON response at "name" should be "Locomotive test website"
|
42
|
-
|
43
|
-
Scenario: Accessing my site as a Designer
|
44
|
-
Given I have a "designer" API token
|
45
|
-
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
46
|
-
Then the JSON response at "name" should be "Locomotive test website"
|
47
|
-
|
48
|
-
Scenario: Accessing other site as a Designer
|
49
|
-
Given I have a "designer" API token
|
50
|
-
When I do an API GET request to sites/4f832c2cb0d86d3f42ffffff.json
|
51
|
-
# Then I print the json response
|
52
|
-
Then an access denied error should occur
|
53
|
-
|
54
|
-
Scenario: Accessing my site as an Author
|
55
|
-
Given I have an "author" API token
|
56
|
-
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
57
|
-
Then the JSON response at "name" should be "Locomotive test website"
|
58
|
-
|
59
|
-
Scenario: Accessing other site as an Author
|
60
|
-
Given I have an "author" API token
|
61
|
-
When I do an API GET request to sites/4f832c2cb0d86d3f42ffffff.json
|
62
|
-
Then an access denied error should occur
|
63
|
-
|
64
|
-
# create site
|
65
|
-
|
66
|
-
Scenario: Creating new site as an Admin
|
67
|
-
Given I have an "admin" API token
|
68
|
-
When I do an API GET request to sites.json
|
69
|
-
Then the JSON response should be an array
|
70
|
-
And the JSON response should have 2 entries
|
71
|
-
When I do an API POST to sites.json with:
|
72
|
-
"""
|
73
|
-
{
|
74
|
-
"site": {
|
75
|
-
"name": "New site",
|
76
|
-
"subdomain": "new-site"
|
77
|
-
}
|
78
|
-
}
|
79
|
-
"""
|
80
|
-
When I do an API GET request to sites.json
|
81
|
-
Then the JSON response should be an array
|
82
|
-
And the JSON response should have 3 entries
|
83
|
-
And the JSON response at "0/memberships" should not have 0 entries
|
84
|
-
And the JSON response at "1/memberships" should not have 0 entries
|
85
|
-
And the JSON response at "2/memberships" should not have 0 entries
|
86
|
-
|
87
|
-
Scenario: Creating new site as a Designer
|
88
|
-
Given I have a "designer" API token
|
89
|
-
When I do an API POST to sites.json with:
|
90
|
-
"""
|
91
|
-
{
|
92
|
-
"site": {
|
93
|
-
"name": "New site",
|
94
|
-
"subdomain": "new-site"
|
95
|
-
}
|
96
|
-
}
|
97
|
-
"""
|
98
|
-
Then an access denied error should occur
|
99
|
-
|
100
|
-
Scenario: Creating new site as an Author
|
101
|
-
Given I have an "author" API token
|
102
|
-
When I do an API POST to sites.json with:
|
103
|
-
"""
|
104
|
-
{
|
105
|
-
"site": {
|
106
|
-
"name": "New site",
|
107
|
-
"subdomain": "new-site"
|
108
|
-
}
|
109
|
-
}
|
110
|
-
"""
|
111
|
-
Then an access denied error should occur
|
112
|
-
|
113
|
-
# update site
|
114
|
-
|
115
|
-
Scenario: Updating site as an Admin
|
116
|
-
Given I have an "admin" API token
|
117
|
-
When I do an API PUT to sites/4f832c2cb0d86d3f42fffffe.json with:
|
118
|
-
"""
|
119
|
-
{
|
120
|
-
"site": {
|
121
|
-
"name": "Brand new updated name"
|
122
|
-
}
|
123
|
-
}
|
124
|
-
"""
|
125
|
-
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
126
|
-
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
127
|
-
And the JSON response at "name" should be "Brand new updated name"
|
128
|
-
|
129
|
-
Scenario: Updating my site as a Designer
|
130
|
-
Given I have a "designer" API token
|
131
|
-
When I do an API PUT to sites/4f832c2cb0d86d3f42fffffe.json with:
|
132
|
-
"""
|
133
|
-
{
|
134
|
-
"site": {
|
135
|
-
"name": "Brand new updated name"
|
136
|
-
}
|
137
|
-
}
|
138
|
-
"""
|
139
|
-
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
140
|
-
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
141
|
-
And the JSON response at "name" should be "Brand new updated name"
|
142
|
-
|
143
|
-
Scenario: Updating other site as a Designer
|
144
|
-
Given I have a "designer" API token
|
145
|
-
When I do an API PUT to sites/4f832c2cb0d86d3f42ffffff.json with:
|
146
|
-
"""
|
147
|
-
{
|
148
|
-
"site": {
|
149
|
-
"name": "Brand new updated name"
|
150
|
-
}
|
151
|
-
}
|
152
|
-
"""
|
153
|
-
Then an access denied error should occur
|
154
|
-
|
155
|
-
Scenario: Updating my site as an Author
|
156
|
-
Given I have a "author" API token
|
157
|
-
When I do an API PUT to sites/4f832c2cb0d86d3f42fffffe.json with:
|
158
|
-
"""
|
159
|
-
{
|
160
|
-
"site": {
|
161
|
-
"name": "Brand new updated name"
|
162
|
-
}
|
163
|
-
}
|
164
|
-
"""
|
165
|
-
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
166
|
-
Then the JSON response at "id" should be "4f832c2cb0d86d3f42fffffe"
|
167
|
-
And the JSON response at "name" should be "Brand new updated name"
|
168
|
-
|
169
|
-
Scenario: Updating other site as an Author
|
170
|
-
Given I have a "author" API token
|
171
|
-
When I do an API PUT to sites/4f832c2cb0d86d3f42ffffff.json with:
|
172
|
-
"""
|
173
|
-
{
|
174
|
-
"site": {
|
175
|
-
"name": "Brand new updated name"
|
176
|
-
}
|
177
|
-
}
|
178
|
-
"""
|
179
|
-
Then an access denied error should occur
|
180
|
-
|
181
|
-
# destroy site
|
182
|
-
|
183
|
-
Scenario: Destroying site as an Admin
|
184
|
-
Given I have an "admin" API token
|
185
|
-
When I do an API GET request to sites.json
|
186
|
-
Then the JSON response should be an array
|
187
|
-
And the JSON response should have 2 entries
|
188
|
-
When I do an API DELETE to sites/4f832c2cb0d86d3f42fffffe.json
|
189
|
-
When I do an API GET request to sites.json
|
190
|
-
Then the JSON response should be an array
|
191
|
-
And the JSON response should have 1 entries
|
192
|
-
|
193
|
-
Scenario: Destroying my site as a Designer
|
194
|
-
Given I have a "designer" API token
|
195
|
-
When I do an API DELETE to sites/4f832c2cb0d86d3f42fffffe.json
|
196
|
-
When I do an API GET request to sites/4f832c2cb0d86d3f42fffffe.json
|
197
|
-
Then it should not exist
|
198
|
-
|
199
|
-
Scenario: Deleting other site as a Designer
|
200
|
-
Given I have a "designer" API token
|
201
|
-
When I do an API DELETE to sites/4f832c2cb0d86d3f42ffffff.json
|
202
|
-
Then an access denied error should occur
|
203
|
-
|
204
|
-
Scenario: Deleting my site as an Author
|
205
|
-
Given I have a "author" API token
|
206
|
-
When I do an API DELETE to sites/4f832c2cb0d86d3f42fffffe.json
|
207
|
-
Then an access denied error should occur
|
208
|
-
|
209
|
-
Scenario: Deleting other site as an Author
|
210
|
-
Given I have a "author" API token
|
211
|
-
When I do an API DELETE to sites/4f832c2cb0d86d3f42ffffff.json
|
212
|
-
Then an access denied error should occur
|