Contents

Feature: Authorizing Access

  Ensure that access denied exceptions are managed

  Background:
    Given I am logged in
    And 1 post exists
    And a configuration of:
    """
    class OnlyAuthorsAuthorization < ActiveAdmin::AuthorizationAdapter

      def authorized?(action, subject = nil)
        case subject

        when normalized(Post)
          case action
          when ActiveAdmin::Auth::UPDATE, ActiveAdmin::Auth::DESTROY
            false
          else
            true
          end

        when ActiveAdmin::Page
          if subject.name == "No Access"
            false
          else
            true
          end

        else
          false
        end
      end

    end

    ActiveAdmin.application.namespace(:admin).authorization_adapter = OnlyAuthorsAuthorization

    ActiveAdmin.register Post do
    end

    ActiveAdmin.register_page "No Access" do
    end
    """
    And I am on the index page for posts

  @allow-rescue
  Scenario: Attempt to access a resource I am not authorized to see
    When I go to the last post's edit page
    Then I should see "You are not authorized to perform this action"

  Scenario: Viewing the default action items
    When I follow "View"
    Then I should not see an action item link to "Edit"

  @allow-rescue
  Scenario: Attempting to visit a Page without authorization
    When I go to the admin no access page
    Then I should see "You are not authorized to perform this action"

  @allow-rescue
  Scenario: Viewing a page with authorization
    When I go to the admin dashboard page
    Then I should see "Dashboard"

Version data entries

102 entries across 102 versions & 10 rubygems

Version	Path
lalala-4.0.0.dev.133	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.132	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.131	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.129	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.128	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.126	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.125	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.124	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.123	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.118	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.116	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.114	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.113	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.111	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.109	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.107	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.94	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.92	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.90	vendor/deps/active_admin/features/authorization.feature
lalala-4.0.0.dev.84	vendor/deps/active_admin/features/authorization.feature