Feature: Authorizing Access

  Ensure that access denied exceptions are managed

  Background:
    Given I am logged in
    And 1 post exists
    And a configuration of:
    """
    class OnlyAuthorsAuthorization < ActiveAdmin::AuthorizationAdapter

      def authorized?(action, subject = nil)
        case subject

        when normalized(Post)
          case action
          when ActiveAdmin::Auth::UPDATE, ActiveAdmin::Auth::DESTROY
            false
          else
            true
          end

        when ActiveAdmin::Page
          if subject.name == "No Access"
            false
          else
            true
          end

        else
          false
        end
      end

    end

    ActiveAdmin.application.namespace(:admin).authorization_adapter = OnlyAuthorsAuthorization

    ActiveAdmin.register Post do
    end

    ActiveAdmin.register_page "No Access" do
    end
    """
    And I am on the index page for posts

  @allow-rescue
  Scenario: Attempt to access a resource I am not authorized to see
    When I go to the last post's edit page
    Then I should see "You are not authorized to perform this action"

  Scenario: Viewing the default action items
    When I follow "View"
    Then I should not see an action item link to "Edit"

  @allow-rescue
  Scenario: Attempting to visit a Page without authorization
    When I go to the admin no access page
    Then I should see "You are not authorized to perform this action"

  @allow-rescue
  Scenario: Viewing a page with authorization
    When I go to the admin dashboard page
    Then I should see "Dashboard"