Created
July 15, 2011 15:43
-
-
Save dchapman1988/1084929 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Api::V1::BaseController < Api::BaseController | |
| before_filter :handle_authentication | |
| before_filter :handle_authorization | |
| respond_to :json | |
| private | |
| def handle_authentication | |
| debugger | |
| @current_user = User.find_by_api_token(params[:api_token]) | |
| unless @current_user | |
| respond_with({:error_message => "Authentication failed!"}) | |
| end | |
| end | |
| def handle_authorization | |
| unless @current_user.manager? | |
| return_hash = {:error_message => "This user is not authorized to use the api"} | |
| respond_with return_hash | |
| end | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Given /^the user with username "([^"]*)" has a client named "([^"]*)"$/ do |username, client_name| | |
| user = User.find_by_username(username) | |
| client = Client.find_or_create_by_name(client_name) | |
| user.client = client | |
| user.save | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'ruby-debug' | |
| class Api::V1::CompaniesController < Api::V1::BaseController | |
| respond_to :json | |
| def index | |
| if @current_user | |
| @client = @current_user.client | |
| respond_with @client | |
| else | |
| debugger | |
| @return_hash = {:error_message => "There was no client associated with this user."} | |
| respond_with @return_hash | |
| end | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Given /^a role exists with name: "([^"]*)"$/ do |role_name| | |
| Role.find_or_create_by_name(role_name) | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ rake cucumber | |
| /home/david/.rvm/rubies/ruby-1.9.2-p180/bin/ruby -S bundle exec cucumber --profile default | |
| Using the default profile... | |
| Feature: API Authorization | |
| Background: # features/api/authorization.feature:3 | |
| Given a role exists with name: "manager" # features/step_definitions/role_steps.rb:1 | |
| And there is a user with username "manager-user" and API token "b390294aad6811e0a7cc0030679f1d6a" # features/step_definitions/user_steps.rb:1 | |
| And the user with username "manager-user" has role a manager role # features/step_definitions/user_steps.rb:5 | |
| And the user with username "manager-user" has a client named "Manager Client 1" # features/step_definitions/client_steps.rb:1 | |
| Given a user exists with username "normal-user" # features/step_definitions/user_steps.rb:24 | |
| And the user with username "normal-user" has API token "b3b863f6ad6811e0a7cc0030679f1d6a" # features/step_definitions/user_steps.rb:28 | |
| And the user with username "normal-user" has no role # features/step_definitions/user_steps.rb:10 | |
| And the user with username "normal-user" has a client named "Unreachable Client 1" # features/step_definitions/client_steps.rb:1 | |
| Scenario: When I try to access the companies index page as a manager # features/api/authorization.feature:13 | |
| /home/david/work/flexcorp_ebix/app/controllers/api/v1/base_controller.rb:9 | |
| @current_user = User.find_by_api_token(params[:api_token]) | |
| (rdb:1) next | |
| /home/david/work/flexcorp_ebix/app/controllers/api/v1/base_controller.rb:10 | |
| unless @current_user | |
| (rdb:1) next | |
| /home/david/.rvm/gems/ruby-1.9.2-p180/gems/activesupport-3.1.0.rc4/lib/active_support/callbacks.rb:422 | |
| yield target, chain.dup, type, filters, options | |
| (rdb:1) continue | |
| When I visit "/api/v1/companies.json?api_token=b390294aad6811e0a7cc0030679f1d6a" # features/step_definitions/web_steps.rb:214 | |
| Then the JSON should be: # json_spec-0.5.0/lib/json_spec/cucumber.rb:13 | |
| """ | |
| { | |
| "client": { | |
| "name": "Manager Client 1" | |
| } | |
| } | |
| """ | |
| Scenario: When I try to access the companies index page with no role # features/api/authorization.feature:24 | |
| /home/david/work/flexcorp_ebix/app/controllers/api/v1/base_controller.rb:9 | |
| @current_user = User.find_by_api_token(params[:api_token]) | |
| (rdb:1) next | |
| /home/david/work/flexcorp_ebix/app/controllers/api/v1/base_controller.rb:10 | |
| unless @current_user | |
| (rdb:1) next | |
| /home/david/work/flexcorp_ebix/app/controllers/api/v1/base_controller.rb:11 | |
| respond_with({:error_message => "Authentication failed!"}) | |
| (rdb:1) continue | |
| When I visit "/api/v1/companies.json?api_token=b3b863f6ad6811e0a7cc0030679f1d6a" # features/step_definitions/web_steps.rb:214 | |
| Then the JSON should be: # json_spec-0.5.0/lib/json_spec/cucumber.rb:13 | |
| """ | |
| { | |
| "error_message": "This user is not authorized to use the api" | |
| } | |
| """ | |
| Expected equivalent JSON | |
| Diff: | |
| @@ -1,4 +1,4 @@ | |
| { | |
| - "error_message": "This user is not authorized to use the api" | |
| + "name": null | |
| } | |
| (RSpec::Expectations::ExpectationNotMetError) | |
| features/api/authorization.feature:26:in `Then the JSON should be:' | |
| Failing Scenarios: | |
| cucumber features/api/authorization.feature:24 # Scenario: When I try to access the companies index page with no role | |
| 2 scenarios (1 failed, 1 passed) | |
| 20 steps (1 failed, 19 passed) | |
| 1m1.107s | |
| rake aborted! | |
| Command failed with status (1): [/home/david/.rvm/rubies/ruby-1.9.2-p180/bi...] | |
| Tasks: TOP => cucumber => cucumber:ok | |
| (See full trace by running task with --trace) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Given /^there is a user with username "([^"]*)" and API token "([^"]*)"$/ do |user_name, api_token| | |
| User.find_or_create_by_username_and_api_token_and_email(user_name, api_token, "test#{Time.zone.now.to_f}@test.com") | |
| end | |
| Given /^the user with username "([^"]*)" has role a manager role$/ do |user_name| | |
| user = User.find_or_create_by_username(user_name) | |
| user.add_role("manager") | |
| end | |
| Given /^the user with username "([^"]*)" has no role$/ do |user_name| | |
| user = User.find_or_create_by_username(user_name) | |
| user.roles.destroy | |
| end | |
| Given /^the user with username "([^"]*)" has no client$/ do |user_name| | |
| user = User.find_or_create_by_username(user_name) | |
| user.client.destroy | |
| end | |
| Given /^a user exists with username: "([^"]*)"$/ do |user_name| | |
| user = User.find_or_create_by_username(user_name) | |
| end | |
| Given /^a user exists with username "([^"]*)"$/ do |user_name| | |
| User.find_or_create_by_username_and_email(user_name, "test#{Time.zone.now.to_f}@test.com") | |
| end | |
| Given /^the user with username "([^"]*)" has API token "([^"]*)"$/ do |user_name, api_token| | |
| User.find_or_create_by_username_and_api_token(user_name, api_token) | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment