Sha256: 074c6a370ca4536adaa946ee35733f51c2e8fa79aac257df70a7b62130af1830
Contents?: true
Size: 1.57 KB
Versions: 7
Compression:
Stored size: 1.57 KB
Contents
@authorization
Feature: Authorizing Access
Ensure that access denied exceptions are managed
Background:
Given I am logged in
And 1 post exists
And a configuration of:
"""
class OnlyAuthorsAuthorization < ActiveAdmin::AuthorizationAdapter
def authorized?(action, subject = nil)
case subject
when normalized(Post)
case action
when ActiveAdmin::Auth::UPDATE, ActiveAdmin::Auth::DESTROY
false
else
true
end
when ActiveAdmin::Page
if subject.name == "No Access"
false
else
true
end
else
false
end
end
end
ActiveAdmin.application.namespace(:admin).authorization_adapter = OnlyAuthorsAuthorization
ActiveAdmin.register Post do
end
ActiveAdmin.register_page "No Access" do
end
"""
And I am on the index page for posts
@allow-rescue
Scenario: Attempt to access a resource I am not authorized to see
When I go to the last post's edit page
Then I should see "You are not authorized to perform this action"
Scenario: Viewing the default action items
When I follow "View"
Then I should not see an action item link to "Edit"
@allow-rescue
Scenario: Attempting to visit a Page without authorization
When I go to the admin no access page
Then I should see "You are not authorized to perform this action"
@allow-rescue
Scenario: Viewing a page with authorization
When I go to the admin dashboard page
Then I should see "Dashboard"
Version data entries
7 entries across 7 versions & 1 rubygems