Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configuration and ReadingGroup ownership models are not used for acceptance tests #42

Open
rafamanzo opened this issue Feb 26, 2014 · 7 comments
Open

Configuration and ReadingGroup ownership models are not used for acceptance tests #42

rafamanzo opened this issue Feb 26, 2014 · 7 comments
Labels
bug
Milestone
First production ...

Comments

@rafamanzo
Copy link
Member

Create test cases qhere the user does not own them!
@rafamanzo rafamanzo added the bug label Feb 26, 2014
@rafamanzo rafamanzo added this to the First production release (aka Mezuro version 1) milestone Apr 11, 2014
@beatrizrezener
Copy link
Contributor

But, if I create test cases where the user does not own them, the mezuro_configuration_ownership and reading_group_ownership models will keep uncovered, won't it?

@rafamanzo
Copy link
Member Author

You are correct, maybe I was momentarily crazy while writing this :)

There is a chance that the uncovered methods of these models are never used maybe. But we still need some tests for when the user does not own them even that they will not raise the coverage.

@beatrizrezener
Copy link
Contributor

I removed these methods in the pull request #160 . They were only used by some methods that are not used anywhere. Ok?

@beatrizrezener
Copy link
Contributor

About the case where user does not own them, I think that the following scenarios already test this:

What you think? Further testing is required?

@mezurometrics
Copy link

I think it is necessary.

Suppose a user knows how to write the URL to access the edit pages (or
update and delete) of a Configuration or ReadingGroup that he does not own.
If there is no user authentication before, he will gain access to a
resource that he should not.

Notice that this case, when you are using meaningful routes is actually
likely to happen since it is easy to guess the URLs.

Em Wed Nov 26 2014 at 2:02:15 PM, Beatriz Rezener [email protected]
escreveu:

About the case where user does not own them, I think that the following
scenarios already test this:

Scenario: Should not show edit links from configurations that doesn't
belongs to me

https://github.com/mezuro/prezento/blob/master/features/mezuro_configuration/edition.feature

Scenario: Should not show edit links from reading groups that doesn't
belongs to me

https://github.com/mezuro/prezento/blob/master/features/reading_group/edit.feature

What you think? Further testing is required?


Reply to this email directly or view it on GitHub
#42 (comment).

@jgbrittos
Copy link
Contributor

Hi,

These scenarios has already been tested in rspec too. I think this issue may be closed...

Reading Group: https://github.com/mezuro/prezento/blob/master/spec/controllers/reading_groups_controller_spec.rb

Mezuro Configuration:
https://github.com/mezuro/prezento/blob/master/spec/controllers/mezuro_configurations_controller_spec.rb

@rafamanzo
Copy link
Member Author

These are unit tests.

This issue is about acceptance tests using cucumber :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
First production release (version 0.0.1)
Development

No branches or pull requests
4 participants
@rafamanzo @jgbrittos @beatrizrezener @mezurometrics