Blogs

test/controllers/v1/blogs_controller_test.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class BlogsControllerTest < ActionDispatch::IntegrationTest
+  test "anyone can index published blogs" do
+    blogs = Blog.published
+    get v1_blogs_url
+    body = JSON.parse response.body
+
+    assert_response :ok
+    assert_equal blogs.count, body.count
+  end
+
+  test "admins can index ALL blogs" do
+    get v1_blogs_url, headers: auth_headers(users(:admin))
+    body = JSON.parse response.body
+
+    assert_response :ok
+    assert_equal Blog.count, body.count
+  end
+
+  test "author can index ALL his blogs plus published" do
+    author = users(:author)
+    blogs = Blog.published.or(author.blogs)
+
+    get v1_blogs_url, headers: auth_headers(author)
+    body = JSON.parse response.body
+
+    assert_response :ok
+    assert_equal blogs.count, body.count
+  end
+
+  test "sally can not index authors unpublished blogs" do
+    bad_blog = blogs(:author2)
+    sally = users(:sally)
+
+    get v1_blogs_url, headers: auth_headers(sally)
+    body = JSON.parse response.body
+    blog_ids = body.each_with_object([]) { |blog, memo| memo << blog["id"] }
+
+    assert_response :ok
+    assert_not blog_ids.include?(bad_blog)
+  end
+
+  test "guests can view a published blog" do
+    blog = blogs(:author1)
+    get v1_blog_url(blog)
+
+    assert_response :success
+    assert_match blog.title, response.body
+  end
+
+  test "guests CANNOT view an unpublished blog" do
+    get v1_blog_url(blogs(:author2))
+
+    assert_response :unauthorized
+  end
+
+  test "authors can create and recieve a new blog" do
+    assert_difference('Blog.count') do
+      post v1_blogs_url, params: { blog: {
+        title: "This is my blog",
+        article: "I don't have much to say"
+      } }, headers: auth_headers(users(:michelle))
+    end
+
+    assert_response :created
+    assert_match(/this is my blog/i, response.body)
+    assert_match(/michelle/i, response.body)
+  end
+
+  test "author can update blog" do
+    patch v1_blog_url(blogs(:author1)), params: { blog: {
+      title: "a new title"
+    } }, headers: auth_headers(users(:author))
+
+    assert_response :ok
+    assert_match(/a new title/i, response.body)
+  end
+
+  test "admin can destroy a blog" do
+    assert_difference('Blog.count', -1) do
+      delete v1_blog_url(blogs(:author1)), headers: auth_headers(users(:admin))
+    end
+
+    assert_response :no_content
+  end
+
+  test "sally can destroy her blogs" do
+    assert_difference('Blog.count', -1) do
+      delete v1_blog_url(blogs(:sally1)), headers: auth_headers(users(:sally))
+    end
+
+    assert_response :no_content
+  end
+end

test/fixtures/blogs.yml

@@ -0,0 +1,47 @@
+# == Schema Information
+#
+# Table name: blogs
+#
+#  id             :integer          not null, primary key
+#  article        :text             not null
+#  published_date :string           default(""), not null
+#  title          :string           not null
+#  created_at     :datetime         not null
+#  updated_at     :datetime         not null
+#  user_id        :integer
+#
+# Indexes
+#
+#  index_blogs_on_user_id  (user_id)
+#
+
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+author1:
+  title: My Opus
+  article: "Donec sed odio dui. Nulla vitae elit libero, a pharetra augue. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Nulla vitae elit libero, a pharetra augue."
+  published_date: <%= (Time.zone.now - 8.days).to_s %>
+  author: author
+
+author2:
+  title: A Work in Progress
+  article: "Donec sed odio dui. Nulla vitae elit libero, a pharetra augue. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Nulla vitae elit libero, a pharetra augue."
+  author: author
+
+sally1:
+  title: Vehicula Fringilla Consectetur Elit
+  article: "Donec sed odio dui. Nulla vitae elit libero, a pharetra augue. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Nulla vitae elit libero, a pharetra augue."
+  published_date: <%= (Time.zone.now - 15.days).to_s %>
+  author: sally
+
+sally2:
+  title: Tristique Malesuada Dapibus Euismod
+  article: "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur blandit tempus porttitor. Donec sed odio dui. Nulla vitae elit libero, a pharetra augue."
+  published_date: <%= (Time.zone.now - 5.days).to_s %>
+  author: sally
+
+sally3:
+  title: Tellus Quam Euismod Aenean
+  article: "Nullam id dolor id nibh ultricies vehicula ut id elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Donec ullamcorper nulla non metus auctor fringilla."
+  author: sally
+

test/models/blog_test.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class BlogTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end

test/policies/blog_policy_test.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class BlogPolicyTest < PolicyAssertions::Test
+  test 'anyone can view a published blog' do
+    assert_permit nil, blogs(:author1), :show?
+  end
+
+  test 'must authenticate for modification' do
+    assert_raise Pundit::NotAuthorizedError do
+      %w[create update destroy].each do |action|
+        UserPolicy.new(nil, User.new).send("#{action}?")
+      end
+    end
+  end
+
+  # show
+  test 'author can show his unpublished blog' do
+    assert_permit users(:author), blogs(:author2), :show?
+  end
+
+  test 'admin can show anothers unpublishd blog' do
+    assert_permit users(:admin), blogs(:author2), :show?
+  end
+
+  test 'sally CANNOT show authors unpublishd blog' do
+    assert_not_permitted users(:sally), blogs(:author2), :show?
+  end
+
+  # update
+  test 'author can update his unpublished blog' do
+    assert_permit users(:author), blogs(:author2), :update?
+  end
+
+  test 'admin can update anothers unpublishd blog' do
+    assert_permit users(:admin), blogs(:author2), :update?
+  end
+
+  test 'sally CANNOT update authors unpublishd blog' do
+    assert_not_permitted users(:sally), blogs(:author2), :update?
+  end
+
+  # create
+  test 'users can create a new blog' do
+    assert_permit users(:admin), Blog.new, :create?
+    assert_permit users(:author), Blog.new, :create?
+    assert_permit users(:sally), Blog.new, :create?
+    assert_permit users(:michelle), Blog.new, :create?
+  end
+
+  # destroy
+  test 'authors can destroy their own blogs' do
+    assert_permit users(:author), blogs(:author1), :destroy?
+  end
+
+  test 'admins can destroy any blogs' do
+    assert_permit users(:admin), blogs(:author1), :destroy?
+  end
+
+  test 'users CANOT destroy another authors blogs' do
+    assert_not_permitted users(:sally), blogs(:author1), :destroy?
+  end
+end