Sha256: 12844dbaa6e7fca2ec6a5120e8b2a203cea86c1171d85b8cd751c84040153015
Contents?: true
Size: 1.56 KB
Versions: 102
Compression:
Stored size: 1.56 KB
Contents
Feature: Authorizing Access
Ensure that access denied exceptions are managed
Background:
Given I am logged in
And 1 post exists
And a configuration of:
"""
class OnlyAuthorsAuthorization < ActiveAdmin::AuthorizationAdapter
def authorized?(action, subject = nil)
case subject
when normalized(Post)
case action
when ActiveAdmin::Auth::UPDATE, ActiveAdmin::Auth::DESTROY
false
else
true
end
when ActiveAdmin::Page
if subject.name == "No Access"
false
else
true
end
else
false
end
end
end
ActiveAdmin.application.namespace(:admin).authorization_adapter = OnlyAuthorsAuthorization
ActiveAdmin.register Post do
end
ActiveAdmin.register_page "No Access" do
end
"""
And I am on the index page for posts
@allow-rescue
Scenario: Attempt to access a resource I am not authorized to see
When I go to the last post's edit page
Then I should see "You are not authorized to perform this action"
Scenario: Viewing the default action items
When I follow "View"
Then I should not see an action item link to "Edit"
@allow-rescue
Scenario: Attempting to visit a Page without authorization
When I go to the admin no access page
Then I should see "You are not authorized to perform this action"
@allow-rescue
Scenario: Viewing a page with authorization
When I go to the admin dashboard page
Then I should see "Dashboard"
Version data entries
102 entries across 102 versions & 10 rubygems