Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Added role-specifics to post API tests (#9058)

Browse source 
refs #9043

- this is preparation for adding Author-specific tests later
  - the changes the posts_spec.js, so that all the tests are inside an "As Owner" describe block, similar to the users_spec.js
- Added new util for creating a specific post
  - This will make it easier to do routing tests on the post model in future
  - Our `index.js` file in test/utils really needs a bit of love 🙈
- Also added all the framework for author role tests in post_spec.js
- Added a single test, showing we can edit posts, including author_id
This commit is contained in:
Hannah Wolfe 2017-09-26 15:50:26 +01:00 committed by Katharina Irrgang
parent af01f51204
commit f280fbcaaf
2 changed files with 1366 additions and 1219 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

257
core/test/functional/routes/api/posts_spec.js
View file

@ -9,7 +9,10 @@ var should = require('should'),
request; request;
describe('Post API', function () { describe('Post API', function () {
var accesstoken = '', ghostServer; var ghostServer;
describe('As Owner', function () {
var ownerAccessToken;
before(function (done) { before(function (done) {
// starting ghost automatically populates the db // starting ghost automatically populates the db
@ -22,7 +25,7 @@ describe('Post API', function () {
}).then(function () { }).then(function () {
return testUtils.doAuth(request, 'posts'); return testUtils.doAuth(request, 'posts');
}).then(function (token) { }).then(function (token) {
accesstoken = token; ownerAccessToken = token;
done(); done();
}).catch(done); }).catch(done);
}); });
@ -37,7 +40,7 @@ describe('Post API', function () {
describe('Browse', function () { describe('Browse', function () {
it('retrieves all published posts only by default', function (done) { it('retrieves all published posts only by default', function (done) {
request.get(testUtils.API.getApiQuery('posts/')) request.get(testUtils.API.getApiQuery('posts/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -62,7 +65,7 @@ describe('Post API', function () {
it('can retrieve a single post format', function (done) { it('can retrieve a single post format', function (done) {
request.get(testUtils.API.getApiQuery('posts/?formats=mobiledoc')) request.get(testUtils.API.getApiQuery('posts/?formats=mobiledoc'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -87,7 +90,7 @@ describe('Post API', function () {
it('can retrieve multiple post formats', function (done) { it('can retrieve multiple post formats', function (done) {
request.get(testUtils.API.getApiQuery('posts/?formats=plaintext,mobiledoc,amp')) request.get(testUtils.API.getApiQuery('posts/?formats=plaintext,mobiledoc,amp'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -112,7 +115,7 @@ describe('Post API', function () {
it('can handle unknown post formats', function (done) { it('can handle unknown post formats', function (done) {
request.get(testUtils.API.getApiQuery('posts/?formats=plaintext,mobiledo')) request.get(testUtils.API.getApiQuery('posts/?formats=plaintext,mobiledo'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -137,7 +140,7 @@ describe('Post API', function () {
it('can handle empty formats (default html is expected)', function (done) { it('can handle empty formats (default html is expected)', function (done) {
request.get(testUtils.API.getApiQuery('posts/?formats=')) request.get(testUtils.API.getApiQuery('posts/?formats='))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -162,7 +165,7 @@ describe('Post API', function () {
it('fields and formats', function (done) { it('fields and formats', function (done) {
request.get(testUtils.API.getApiQuery('posts/?formats=mobiledoc,html&fields=id,title')) request.get(testUtils.API.getApiQuery('posts/?formats=mobiledoc,html&fields=id,title'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -193,7 +196,7 @@ describe('Post API', function () {
it('can retrieve all published posts and pages', function (done) { it('can retrieve all published posts and pages', function (done) {
request.get(testUtils.API.getApiQuery('posts/?staticPages=all')) request.get(testUtils.API.getApiQuery('posts/?staticPages=all'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -217,7 +220,7 @@ describe('Post API', function () {
it('can retrieve all status posts and pages', function (done) { it('can retrieve all status posts and pages', function (done) {
request.get(testUtils.API.getApiQuery('posts/?staticPages=all&status=all')) request.get(testUtils.API.getApiQuery('posts/?staticPages=all&status=all'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -239,7 +242,7 @@ describe('Post API', function () {
it('can retrieve just published pages', function (done) { it('can retrieve just published pages', function (done) {
request.get(testUtils.API.getApiQuery('posts/?staticPages=true')) request.get(testUtils.API.getApiQuery('posts/?staticPages=true'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -261,7 +264,7 @@ describe('Post API', function () {
it('can retrieve just featured posts', function (done) { it('can retrieve just featured posts', function (done) {
request.get(testUtils.API.getApiQuery('posts/?filter=featured:true')) request.get(testUtils.API.getApiQuery('posts/?filter=featured:true'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -283,7 +286,7 @@ describe('Post API', function () {
it('can retrieve just draft posts', function (done) { it('can retrieve just draft posts', function (done) {
request.get(testUtils.API.getApiQuery('posts/?status=draft')) request.get(testUtils.API.getApiQuery('posts/?status=draft'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -305,7 +308,7 @@ describe('Post API', function () {
it('can retrieve just scheduled posts', function (done) { it('can retrieve just scheduled posts', function (done) {
request.get(testUtils.API.getApiQuery('posts/?status=scheduled')) request.get(testUtils.API.getApiQuery('posts/?status=scheduled'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -330,7 +333,7 @@ describe('Post API', function () {
describe('Read', function () { describe('Read', function () {
it('can retrieve a post by id', function (done) { it('can retrieve a post by id', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -359,7 +362,7 @@ describe('Post API', function () {
it('can retrieve a post by slug', function (done) { it('can retrieve a post by slug', function (done) {
request.get(testUtils.API.getApiQuery('posts/slug/welcome/')) request.get(testUtils.API.getApiQuery('posts/slug/welcome/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -387,7 +390,7 @@ describe('Post API', function () {
it('can retrieve a post with author, created_by, and tags', function (done) { it('can retrieve a post with author, created_by, and tags', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/?include=author,tags,created_by')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/?include=author,tags,created_by'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -413,7 +416,7 @@ describe('Post API', function () {
it('can retrieve next and previous posts', function (done) { it('can retrieve next and previous posts', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[2].id + '/?include=next,previous')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[2].id + '/?include=next,previous'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -439,7 +442,7 @@ describe('Post API', function () {
it('can retrieve a static page', function (done) { it('can retrieve a static page', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[5].id + '/')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[5].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -461,7 +464,7 @@ describe('Post API', function () {
it('can\'t retrieve non existent post', function (done) { it('can\'t retrieve non existent post', function (done) {
request.get(testUtils.API.getApiQuery('posts/99/')) request.get(testUtils.API.getApiQuery('posts/99/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.set('Accept', 'application/json') .set('Accept', 'application/json')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -482,7 +485,7 @@ describe('Post API', function () {
it('can\'t retrieve a draft post', function (done) { it('can\'t retrieve a draft post', function (done) {
request.get(testUtils.API.getApiQuery('posts/5/')) request.get(testUtils.API.getApiQuery('posts/5/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.set('Accept', 'application/json') .set('Accept', 'application/json')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -503,7 +506,7 @@ describe('Post API', function () {
it('can\'t retrieve a draft page', function (done) { it('can\'t retrieve a draft page', function (done) {
request.get(testUtils.API.getApiQuery('posts/8/')) request.get(testUtils.API.getApiQuery('posts/8/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.set('Accept', 'application/json') .set('Accept', 'application/json')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -526,10 +529,16 @@ describe('Post API', function () {
// ## Add // ## Add
describe('Add', function () { describe('Add', function () {
it('create and ensure dates are correct', function (done) { it('create and ensure dates are correct', function (done) {
var newPost = {posts: [{status: 'published', published_at: '2016-05-30T07:00:00.000Z', mobiledoc: markdownToMobiledoc()}]}; var newPost = {
posts: [{
status: 'published',
published_at: '2016-05-30T07:00:00.000Z',
mobiledoc: markdownToMobiledoc()
}]
};
request.post(testUtils.API.getApiQuery('posts')) request.post(testUtils.API.getApiQuery('posts'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(newPost) .send(newPost)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -543,7 +552,7 @@ describe('Post API', function () {
res.body.posts[0].published_at = '2016-05-30T09:00:00.000Z'; res.body.posts[0].published_at = '2016-05-30T09:00:00.000Z';
request.put(testUtils.API.getApiQuery('posts/' + res.body.posts[0].id + '/')) request.put(testUtils.API.getApiQuery('posts/' + res.body.posts[0].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(res.body) .send(res.body)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -556,7 +565,7 @@ describe('Post API', function () {
res.body.posts[0].published_at.should.eql('2016-05-30T09:00:00.000Z'); res.body.posts[0].published_at.should.eql('2016-05-30T09:00:00.000Z');
request.get(testUtils.API.getApiQuery('posts/' + res.body.posts[0].id + '/')) request.get(testUtils.API.getApiQuery('posts/' + res.body.posts[0].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -577,10 +586,17 @@ describe('Post API', function () {
newTagName = 'My Tag', newTagName = 'My Tag',
publishedState = 'published', publishedState = 'published',
newTag = {id: null, name: newTagName}, newTag = {id: null, name: newTagName},
newPost = {posts: [{status: 'draft', title: newTitle, mobiledoc: markdownToMobiledoc('my post'), tags: [newTag]}]}; newPost = {
posts: [{
status: 'draft',
title: newTitle,
mobiledoc: markdownToMobiledoc('my post'),
tags: [newTag]
}]
};
request.post(testUtils.API.getApiQuery('posts/?include=tags')) request.post(testUtils.API.getApiQuery('posts/?include=tags'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(newPost) .send(newPost)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -604,7 +620,7 @@ describe('Post API', function () {
testUtils.API.checkResponse(draftPost.posts[0].tags[0], 'tag'); testUtils.API.checkResponse(draftPost.posts[0].tags[0], 'tag');
request.put(testUtils.API.getApiQuery('posts/' + draftPost.posts[0].id + '/?include=tags')) request.put(testUtils.API.getApiQuery('posts/' + draftPost.posts[0].id + '/?include=tags'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(draftPost) .send(draftPost)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -631,7 +647,7 @@ describe('Post API', function () {
testUtils.API.checkResponse(publishedPost.posts[0].tags[0], 'tag'); testUtils.API.checkResponse(publishedPost.posts[0].tags[0], 'tag');
request.put(testUtils.API.getApiQuery('posts/' + publishedPost.posts[0].id + '/?include=tags')) request.put(testUtils.API.getApiQuery('posts/' + publishedPost.posts[0].id + '/?include=tags'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(publishedPost) .send(publishedPost)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -669,7 +685,7 @@ describe('Post API', function () {
describe('Edit', function () { describe('Edit', function () {
it('can edit a post', function (done) { it('can edit a post', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/?include=tags')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/?include=tags'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) { .end(function (err, res) {
@ -686,7 +702,7 @@ describe('Post API', function () {
jsonResponse.posts[0].author = changedAuthor; jsonResponse.posts[0].author = changedAuthor;
request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/')) request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(jsonResponse) .send(jsonResponse)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -712,10 +728,17 @@ describe('Post API', function () {
var newTitle = 'My Post', var newTitle = 'My Post',
newTagName = 'My Tag', newTagName = 'My Tag',
newTag = {id: null, name: newTagName}, newTag = {id: null, name: newTagName},
newPost = {posts: [{status: 'draft', title: newTitle, mobiledoc: markdownToMobiledoc('my post'), tags: [newTag]}]}; newPost = {
posts: [{
status: 'draft',
title: newTitle,
mobiledoc: markdownToMobiledoc('my post'),
tags: [newTag]
}]
};
request.post(testUtils.API.getApiQuery('posts/?include=tags')) request.post(testUtils.API.getApiQuery('posts/?include=tags'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(newPost) .send(newPost)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -735,7 +758,7 @@ describe('Post API', function () {
draftPost.posts[0].title = 'Vote for Casper in red'; draftPost.posts[0].title = 'Vote for Casper in red';
request.put(testUtils.API.getApiQuery('posts/' + draftPost.posts[0].id + '/?include=tags')) request.put(testUtils.API.getApiQuery('posts/' + draftPost.posts[0].id + '/?include=tags'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(draftPost) .send(draftPost)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -757,10 +780,17 @@ describe('Post API', function () {
newTagName = 'My Tag', newTagName = 'My Tag',
draftState = 'draft', draftState = 'draft',
newTag = {id: null, name: newTagName}, newTag = {id: null, name: newTagName},
newPost = {posts: [{status: 'published', title: newTitle, mobiledoc: markdownToMobiledoc('my post'), tags: [newTag]}]}; newPost = {
posts: [{
status: 'published',
title: newTitle,
mobiledoc: markdownToMobiledoc('my post'),
tags: [newTag]
}]
};
request.post(testUtils.API.getApiQuery('posts/?include=tags')) request.post(testUtils.API.getApiQuery('posts/?include=tags'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(newPost) .send(newPost)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -781,7 +811,7 @@ describe('Post API', function () {
draftPost.posts[0].status = draftState; draftPost.posts[0].status = draftState;
request.put(testUtils.API.getApiQuery('posts/' + draftPost.posts[0].id + '/?include=tags')) request.put(testUtils.API.getApiQuery('posts/' + draftPost.posts[0].id + '/?include=tags'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(draftPost) .send(draftPost)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -800,7 +830,7 @@ describe('Post API', function () {
it('can change a post to a static page', function (done) { it('can change a post to a static page', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/?include=tags')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/?include=tags'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) { .end(function (err, res) {
@ -815,7 +845,7 @@ describe('Post API', function () {
jsonResponse.posts[0].page = true; jsonResponse.posts[0].page = true;
request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/')) request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(jsonResponse) .send(jsonResponse)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -838,7 +868,7 @@ describe('Post API', function () {
it('can change a static page to a post', function (done) { it('can change a static page to a post', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[5].id + '/')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[5].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) { .end(function (err, res) {
@ -853,7 +883,7 @@ describe('Post API', function () {
jsonResponse.posts[0].page = false; jsonResponse.posts[0].page = false;
request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[5].id + '/')) request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[5].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(jsonResponse) .send(jsonResponse)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -876,7 +906,7 @@ describe('Post API', function () {
it('can\'t edit post with invalid page field', function (done) { it('can\'t edit post with invalid page field', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[5].id + '/')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[5].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) { .end(function (err, res) {
@ -891,7 +921,7 @@ describe('Post API', function () {
jsonResponse.posts[0].page = changedValue; jsonResponse.posts[0].page = changedValue;
request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[5].id + '/')) request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[5].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(jsonResponse) .send(jsonResponse)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -912,7 +942,7 @@ describe('Post API', function () {
it('can\'t edit a post with invalid accesstoken', function (done) { it('can\'t edit a post with invalid accesstoken', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) { .end(function (err, res) {
@ -941,7 +971,7 @@ describe('Post API', function () {
it('throws an error if there is an id mismatch', function (done) { it('throws an error if there is an id mismatch', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) { .end(function (err, res) {
@ -953,7 +983,7 @@ describe('Post API', function () {
should.exist(jsonResponse); should.exist(jsonResponse);
request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[1].id + '/')) request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[1].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(jsonResponse) .send(jsonResponse)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -971,7 +1001,7 @@ describe('Post API', function () {
it('published_at = null', function (done) { it('published_at = null', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/?include=tags')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/?include=tags'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) { .end(function (err, res) {
@ -986,7 +1016,7 @@ describe('Post API', function () {
jsonResponse.published_at = null; jsonResponse.published_at = null;
request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/')) request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(jsonResponse) .send(jsonResponse)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -1013,7 +1043,7 @@ describe('Post API', function () {
it('can\'t edit non existent post', function (done) { it('can\'t edit non existent post', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[0].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) { .end(function (err, res) {
@ -1028,7 +1058,7 @@ describe('Post API', function () {
jsonResponse.posts[0].id = ObjectId.generate(); jsonResponse.posts[0].id = ObjectId.generate();
request.put(testUtils.API.getApiQuery('posts/' + jsonResponse.posts[0].id + '/')) request.put(testUtils.API.getApiQuery('posts/' + jsonResponse.posts[0].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(jsonResponse) .send(jsonResponse)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -1054,7 +1084,7 @@ describe('Post API', function () {
var deletePostId = testUtils.DataGenerator.Content.posts[0].id; var deletePostId = testUtils.DataGenerator.Content.posts[0].id;
request.del(testUtils.API.getApiQuery('posts/' + deletePostId + '/')) request.del(testUtils.API.getApiQuery('posts/' + deletePostId + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(204) .expect(204)
.end(function (err, res) { .end(function (err, res) {
@ -1071,7 +1101,7 @@ describe('Post API', function () {
it('can\'t delete a non existent post', function (done) { it('can\'t delete a non existent post', function (done) {
request.del(testUtils.API.getApiQuery('posts/' + ObjectId.generate() + '/')) request.del(testUtils.API.getApiQuery('posts/' + ObjectId.generate() + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.set('Accept', 'application/json') .set('Accept', 'application/json')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -1093,10 +1123,16 @@ describe('Post API', function () {
it('can delete a new draft', function (done) { it('can delete a new draft', function (done) {
var newTitle = 'My Post', var newTitle = 'My Post',
publishedState = 'draft', publishedState = 'draft',
newPost = {posts: [{status: publishedState, title: newTitle, mobiledoc: markdownToMobiledoc('my post')}]}; newPost = {
posts: [{
status: publishedState,
title: newTitle,
mobiledoc: markdownToMobiledoc('my post')
}]
};
request.post(testUtils.API.getApiQuery('posts/')) request.post(testUtils.API.getApiQuery('posts/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(newPost) .send(newPost)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -1114,7 +1150,7 @@ describe('Post API', function () {
testUtils.API.checkResponse(draftPost.posts[0], 'post'); testUtils.API.checkResponse(draftPost.posts[0], 'post');
request.del(testUtils.API.getApiQuery('posts/' + draftPost.posts[0].id + '/')) request.del(testUtils.API.getApiQuery('posts/' + draftPost.posts[0].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(204) .expect(204)
.end(function (err, res) { .end(function (err, res) {
@ -1133,7 +1169,7 @@ describe('Post API', function () {
describe('Dated Permalinks', function () { describe('Dated Permalinks', function () {
before(function (done) { before(function (done) {
request.get(testUtils.API.getApiQuery('settings/')) request.get(testUtils.API.getApiQuery('settings/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) { .end(function (err, res) {
@ -1145,7 +1181,7 @@ describe('Post API', function () {
jsonResponse.permalinks = '/:year/:month/:day/:slug/'; jsonResponse.permalinks = '/:year/:month/:day/:slug/';
request.put(testUtils.API.getApiQuery('settings/')) request.put(testUtils.API.getApiQuery('settings/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.send(jsonResponse) .send(jsonResponse)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
@ -1161,7 +1197,7 @@ describe('Post API', function () {
after(function (done) { after(function (done) {
request.get(testUtils.API.getApiQuery('settings/')) request.get(testUtils.API.getApiQuery('settings/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) { .end(function (err, res) {
@ -1173,7 +1209,7 @@ describe('Post API', function () {
jsonResponse.permalinks = '/:slug/'; jsonResponse.permalinks = '/:slug/';
request.put(testUtils.API.getApiQuery('settings/')) request.put(testUtils.API.getApiQuery('settings/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.send(jsonResponse) .send(jsonResponse)
@ -1191,7 +1227,7 @@ describe('Post API', function () {
it('Can read a post', function (done) { it('Can read a post', function (done) {
// nothing should have changed here // nothing should have changed here
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[1].id + '/')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[1].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.expect(200) .expect(200)
@ -1214,7 +1250,7 @@ describe('Post API', function () {
it('Can edit a post', function (done) { it('Can edit a post', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[1].id + '/?include=tags')) request.get(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[1].id + '/?include=tags'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) { .end(function (err, res) {
@ -1229,7 +1265,7 @@ describe('Post API', function () {
jsonResponse.posts[0].title = changedValue; jsonResponse.posts[0].title = changedValue;
request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[1].id + '/')) request.put(testUtils.API.getApiQuery('posts/' + testUtils.DataGenerator.Content.posts[1].id + '/'))
.set('Authorization', 'Bearer ' + accesstoken) .set('Authorization', 'Bearer ' + ownerAccessToken)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private) .expect('Cache-Control', testUtils.cacheRules.private)
.send(jsonResponse) .send(jsonResponse)
@ -1250,4 +1286,99 @@ describe('Post API', function () {
}); });
}); });
}); });
});
describe('As Author', function () {
var authorAccessToken, author;
before(function (done) {
// starting ghost automatically populates the db
// TODO: prevent db init, and manage bringing up the DB with fixtures ourselves
ghost().then(function (_ghostServer) {
ghostServer = _ghostServer;
return ghostServer.start();
}).then(function () {
request = supertest.agent(config.get('url'));
}).then(function () {
// create author
return testUtils.createUser({
user: testUtils.DataGenerator.forKnex.createUser({email: 'test+2@ghost.org'}),
role: testUtils.DataGenerator.Content.roles[2]
});
}).then(function (_author) {
request.user = author = _author;
return testUtils.doAuth(request, 'posts');
}).then(function (token) {
authorAccessToken = token;
done();
}).catch(done);
});
after(function () {
return testUtils.clearData()
.then(function () {
return ghostServer.stop();
});
});
describe('Edit', function () {
var postId;
before(function () {
return testUtils
.createPost({
post: {
title: 'Author\'s test post',
slug: 'author-post'
},
author: author
})
.then(function (post) {
postId = post.id;
});
});
it('can edit own post', function (done) {
request.get(testUtils.API.getApiQuery('posts/' + postId + '/?include=tags'))
.set('Authorization', 'Bearer ' + authorAccessToken)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
var jsonResponse = res.body,
changedTitle = 'My new Title',
changedAuthor = ObjectId.generate();
should.exist(jsonResponse.posts[0]);
jsonResponse.posts[0].title = changedTitle;
jsonResponse.posts[0].author = changedAuthor;
request.put(testUtils.API.getApiQuery('posts/' + postId + '/'))
.set('Authorization', 'Bearer ' + authorAccessToken)
.send(jsonResponse)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
var putBody = res.body;
res.headers['x-cache-invalidate'].should.eql('/*');
should.exist(putBody);
putBody.posts[0].title.should.eql(changedTitle);
putBody.posts[0].author.should.eql(changedAuthor);
testUtils.API.checkResponse(putBody.posts[0], 'post');
done();
});
});
});
});
});
}); });

16
core/test/utils/index.js
View file

@ -40,6 +40,7 @@ var Promise = require('bluebird'),
setup, setup,
doAuth, doAuth,
createUser, createUser,
createPost,
login, login,
togglePermalinks, togglePermalinks,
startGhost, startGhost,
@ -679,6 +680,20 @@ createUser = function createUser(options) {
}); });
}; };
createPost = function createPost(options) {
var post = DataGenerator.forKnex.createPost(options.post);
if (options.author) {
post.author_id = options.author.id;
}
return db.knex('posts')
.insert(post)
.then(function () {
return post;
});
};
login = function login(request) { login = function login(request) {
// CASE: by default we use the owner to login // CASE: by default we use the owner to login
if (!request.user) { if (!request.user) {
@ -857,6 +872,7 @@ module.exports = {
setup: setup, setup: setup,
doAuth: doAuth, doAuth: doAuth,
createUser: createUser, createUser: createUser,
createPost: createPost,
login: login, login: login,
togglePermalinks: togglePermalinks, togglePermalinks: togglePermalinks,