app       = require './project/server'
users     = require './fixtures/users'
requests  = require('./helpers/requests')(app)
request   = require 'request'
require   'should'

describe 'Authorization middleware', ->

  before (done) ->
    #app.listen app.settings.port
    users.clear ->
      users.create 'guest', done

  describe 'view', ->

    it 'should require a logged in user', (done) ->
      req = { uri: requests.users, jar:false }
      request req, (err, res, body) ->
        body.should.include 'name="email"'
        body.should.include 'name="password"'
        done()

    it 'should require a user to have a specific role', (done) ->
      request requests.login('guest'), (err, res, body) ->
        request requests.users, (err, res, body) ->
          res.statusCode.should.eql 403
          body.should.include 'Forbidden'
          done()

    it 'should allow admin users'