add admin_login/1 to all permissions tests #27 / #31

dwyl · Jul 23, 2020 · f468b4d · f468b4d
1 parent 39ff5c1
commit f468b4d
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 22 deletions.
diff --git a/role-based-access-control.md b/role-based-access-control.md
@@ -1,13 +1,16 @@
-# Role Based Access Control (RBAC)
+# Role Based Access Control (RBAC)
 
 _Understand_ the fundamentals of Role Based Access Control (RBAC)
+so that you can easily control who has access to what in your App.
 
 ## Why?
 
 RBAC lets you easily manage roles and permissions in any application
-and see at a glance exactly permissions a person has in the system.
+and see at a glance exactly what permissions a person has.
 It reduces complexity over traditional
-Access Control List (ACL) based permissions systems. 
+Access Control List (ACL) based permissions systems
+and helps everyone building and maintaining the app
+to focus on security.
 
 
 ## What?
@@ -53,9 +56,9 @@ should learn about RBAC.
 
 ## _How_?
 
-Before creating any roles,
-you will need to have a baseline schema including people
-as people will be referenced by roles.
+_Before_ creating any roles,
+you will need to have a baseline schema including **`people`**
+as **`person.id`** will be referenced by roles.
 
 If you don't already have these schemas/tables,
 see: https://github.com/dwyl/app-mvp-phoenix#create-schemas

diff --git a/test/auth_web/controllers/apikey_controller_test.exs b/test/auth_web/controllers/apikey_controller_test.exs
@@ -74,8 +74,7 @@ defmodule AuthWeb.ApikeyControllerTest do
   #
   describe "index" do
     test "lists all apikeys", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, %{email: @email, id: person.id})
+      conn = admin_login(conn)
       |> get(Routes.apikey_path(conn, :index))
 
       assert html_response(conn, 200) =~ "Auth API Keys"
@@ -84,9 +83,7 @@ defmodule AuthWeb.ApikeyControllerTest do
 
   describe "new apikey" do
     test "renders form", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-
-      conn = AuthPlug.create_jwt_session(conn, %{email: @email, id: person.id})
+      conn = admin_login(conn)
       |> get(Routes.apikey_path(conn, :new))
 
       assert html_response(conn, 200) =~ "New Apikey"
@@ -95,8 +92,7 @@ defmodule AuthWeb.ApikeyControllerTest do
 
   describe "create apikey" do
     test "redirects to show when data is valid", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, person)
+      conn = admin_login(conn)
       |> post(Routes.apikey_path(conn, :create), apikey: @create_attrs)
 
       assert %{id: id} = redirected_params(conn)
@@ -118,7 +114,7 @@ defmodule AuthWeb.ApikeyControllerTest do
   describe "edit apikey" do
     test "renders form for editing chosen apikey", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, person)
+      conn = admin_login(conn)
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000"}

diff --git a/test/auth_web/controllers/permission_controller_test.exs b/test/auth_web/controllers/permission_controller_test.exs
@@ -14,21 +14,23 @@ defmodule AuthWeb.PermissionControllerTest do
 
   describe "index" do
     test "lists all permissions", %{conn: conn} do
-      conn = get(conn, Routes.permission_path(conn, :index))
+      conn = admin_login(conn) |> get(Routes.permission_path(conn, :index))
       assert html_response(conn, 200) =~ "Listing Permissions"
     end
   end
 
   describe "new permission" do
     test "renders form", %{conn: conn} do
-      conn = get(conn, Routes.permission_path(conn, :new))
+      conn = admin_login(conn) |> get(Routes.permission_path(conn, :new))
       assert html_response(conn, 200) =~ "New Permission"
     end
   end
 
   describe "create permission" do
     test "redirects to show when data is valid", %{conn: conn} do
-      conn = post(conn, Routes.permission_path(conn, :create), permission: @create_attrs)
+
+      conn = admin_login(conn) 
+      |> post(Routes.permission_path(conn, :create), permission: @create_attrs)
 
       assert %{id: id} = redirected_params(conn)
       assert redirected_to(conn) == Routes.permission_path(conn, :show, id)
@@ -38,7 +40,8 @@ defmodule AuthWeb.PermissionControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn} do
-      conn = post(conn, Routes.permission_path(conn, :create), permission: @invalid_attrs)
+      conn =  admin_login(conn) 
+      |> post(Routes.permission_path(conn, :create), permission: @invalid_attrs)
       assert html_response(conn, 200) =~ "New Permission"
     end
   end
@@ -47,7 +50,8 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "renders form for editing chosen permission", %{conn: conn, permission: permission} do
-      conn = get(conn, Routes.permission_path(conn, :edit, permission))
+      conn =  admin_login(conn) 
+      |> get(Routes.permission_path(conn, :edit, permission))
       assert html_response(conn, 200) =~ "Edit Permission"
     end
   end
@@ -56,15 +60,17 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "redirects when data is valid", %{conn: conn, permission: permission} do
-      conn = put(conn, Routes.permission_path(conn, :update, permission), permission: @update_attrs)
+      conn =  admin_login(conn) 
+      |> put(Routes.permission_path(conn, :update, permission), permission: @update_attrs)
       assert redirected_to(conn) == Routes.permission_path(conn, :show, permission)
 
       conn = get(conn, Routes.permission_path(conn, :show, permission))
       assert html_response(conn, 200) =~ "some updated desc"
     end
 
     test "renders errors when data is invalid", %{conn: conn, permission: permission} do
-      conn = put(conn, Routes.permission_path(conn, :update, permission), permission: @invalid_attrs)
+      conn =  admin_login(conn) 
+      |> put(Routes.permission_path(conn, :update, permission), permission: @invalid_attrs)
       assert html_response(conn, 200) =~ "Edit Permission"
     end
   end
@@ -73,7 +79,8 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "deletes chosen permission", %{conn: conn, permission: permission} do
-      conn = delete(conn, Routes.permission_path(conn, :delete, permission))
+      conn = admin_login(conn) 
+      |> delete(Routes.permission_path(conn, :delete, permission))
       assert redirected_to(conn) == Routes.permission_path(conn, :index)
       assert_error_sent 404, fn ->
         get(conn, Routes.permission_path(conn, :show, permission))