Cucumber Ltd / cucumber-pro

Private projectsfeatures/projects/private_projects.feature

Release Dasher II (patch 1) (2018-12-13)

Romain Gérard

Currently viewing

Feature: Private projects

Whether or not a user can interact with a project depends on a number of rules.

Rules

  • Private projects are only available on the SaaS
  • Public projects can be seen by anyone
    • Unauthenticated users
    • Authenticated users
  • Private projects can only be accessed by (authenticated) collaborators

At the HTTP level, we translate "permission denied errors" into "404 Not Found" so that people cannot discover private projects through brute- force.

Background:

  • Given the app is running on the SaaS
  • And Jo has created these metered SaaS licenses:
    Name
    Zappas
  • And Jo has created the following projects:
    NamePrivateLicense
    beta-projectYesZappas
  • And Lucy has accepted Jo's invitations to collaborate on:
    beta-project

Scenario: you can view your own private projects

  • When Jo creates a private project called alpha-project
  • Then Jo should be able to access alpha-project

Scenario: you can't view a private project if you're not logged in

  • When AnonymousVisitor tries to view beta-project
  • Then AnonymousVisitor should be denied access to the project

Scenario: you can view your private projects you're a collaborator on

  • When Lucy tries to view beta-project
  • Then Lucy should be able to access beta-project

Scenario: you can't view a private project if you're not a collaborator

  • When Bob tries to view janes-private-project
  • Then Bob should be denied access to the project