Add tests for CMS admin security

2026-03-21 05:09:15 +00:00 · 2012-10-11 13:17:05 +11:00
parent 28fc16ac66
commit 015b7f88b0
2 changed files with 16 additions and 0 deletions
--- a/spec/requests/admin/cms_spec.rb
+++ b/spec/requests/admin/cms_spec.rb
@@ -18,4 +18,17 @@ feature %q{
    page.should have_selector 'h1', :text => 'Administration'
  end

+  scenario "anonymous user can't access CMS admin" do
+    visit cms_admin_path
+    page.should_not have_content "ComfortableMexicanSofa"
+    page.should have_content "Login"
+  end
+
+  scenario "non-admin user can't access CMS admin" do
+    login_to_consumer_section
+    visit cms_admin_path
+    page.should_not have_content "ComfortableMexicanSofa"
+    page.should have_content "Open Food Web"
+  end
+
 end
--- a/spec/support/request/authentication_workflow.rb
+++ b/spec/support/request/authentication_workflow.rb
@@ -17,6 +17,9 @@ module AuthenticationWorkflow
  end

  def login_to_consumer_section
+    # The first user is given the admin role by Spree, so create a dummy user if this is the first
+    create(:user) if Spree::User.admin.empty?
+
    user_role = Spree::Role.create(:name => 'user')
    user = Spree::User.create({
      :email => 'someone@ofw.org',