s-leroux/fixtures_promotions.js

## fixtures_promotions.js
/* test/fixtures/fixtures_promotions.js */

module.exports = [

{
    "_id" : "000000000000000000001100",
    "updatedAt" : "2016-03-21T23:18:37.283Z",
    "createdAt" : "2016-03-21T23:14:53.548Z",
    "name" : "Grand buffet",
    "image" : "images/buffet.png",
    "label" : "",
    "price" : 1050,
    "description" : "A buffet which is Mucho Grande !",
    "__v" : 5
},
{
    "_id" : "000000000000000000001200",
    "updatedAt" : "2016-03-21T23:14:53.548Z",
    "createdAt" : "2016-03-21T23:14:53.548Z",
    "name" : "Small buffet",
    "image" : "images/minbuffet.png",
    "label" : "",
    "price" : 550,
    "description" : "A buffet which is Tout Rikiki !",
    "__v" : 0
},

]

## fixtures_users.js
/* test/fixtures/fixtures_users.js */

module.exports = [
// all passwords are "password" (without quotes)
{
    "_id" : "56f856c56ef091173981d865",
    "salt" : "0e04452c75686290462316c89e12611ab6fe333aa1fdd3d5375465249e9dc872",
    "hash" : "6df27ea6ad2af461e9af50caf5ee9b932b3872a2614824aad57b281c551452122b2010f6a37ba72ec8efa39a3494ac42d3350d4d18d1e8bf0d1a6583e43a6599cfea0aa56b44273009ad6dfa8e85cc2e07679d144ddbf9ab83f6d6036f66678f1aebc4df8adf0b0d57187f23d7449c1872851ae31017e75c803969dcf414c4fddfd39933f66c265f4cbcac2800a54e3e7f7c78b3da3747de391d6290500da9de661c86b1053fc240f9444e413943636899920b3b88a383ef57d5c9bffacf934f3e91e0bff3ba59f9fb5e8071067daf39fcf83df45a7a6ccc50dfcfe8d43ed8b0c0a537055c06d0996bb0a0861fb9862f00e97393cf296f4f5e83527f00f73d0bd7355b1430436a33cd2b0e94bd42e3bf20b0f306d0d20a5b90f4808c8d7fdbcd01ba06c03203497fff081384483ef1c0925297168b3b66f44347a858321356467e34d015bd96c88157dd3a577df452feb3fab0990fd943b1828e1aaf23fb1601c32edb72e393532698c9502b66e49790dd63811d2bb32f3f132ac12c499bb5594e5bb97da2e3a05387605b1ad4c3ee63581128e957271eaa52cfea28f17b1883426ef74d8f7e141070465f453e61df953f30a3650a634139ea17203a9bb5c59c21bb51580d3f1951db17454ee190d70067e8d057c6aeb03ef10fd09edc049571ec3af8c36cfd367625257bfad082b920454c5e29ee478cd18728528993fb1f40",
    "username" : "sylvain",
    "admin" : false,
    "__v" : 0
},
{
    "_id" : "56f856cf6ef091173981d866",
    "salt" : "50fdd913d264feaebcb8401fb4ded80ad0fc4a650dbcc611a2d4ca23bb06ff10",
    "hash" : "0daf5b1bd80933a688ee59d0005f752e05ebebf0ee05d05f375cf4f49f1f6af1d0b86fcc21e043857e3755bb53fea25f99c53724807c17eff7c3a79473c76b0eaddfbb2c895aa5b9643d4ba60b3711779c75984fe9cac173c82bfcf17793ccfc6bb2c4c9da8689306b58b976e174f230f2849d88f9c24a75106eec0f04c515897fdf70c01dad871dfa13106c07ebf35a7b5695054ddece4987d584e568f0863a046f143c1aaaccf915f8b150783d38558d42671a645a04b0278e47917dffa34bc0a687038edfb403187b67b87e5c355b7deabe546c8b627c3effad0e47d7c397471cab48cfcaa49e4a586ee8a6124f0cee661c02ea14312f551056a8ddf6995fa28ad4d9b7145aa0900507b63f4e27528eb153e7a47df43e5baf2c2cbe6cfeef2af174a79dd013fb8bce77160a0b4f8f0638ef2e238c720486aeded860ed2f3fc86d55cf371ac828981736a2a70953a12187e6047516ec553cb1a1cbb817621aa30057157933d544dea2c4ee4ce1b0830947fd630431a640806e904d32a6b490411933f3049d44722bcec39dc3335b58412b4da7bb437ac190f1bc052f24dd1ff270533e4fed194fd546dc04edbf0dec932a82b6b3270993c2c49000791e24d970c945a986c3858aa3d2f07cebd290ff582932454dfed8ab11878e632f15933d6d3062ef78ac244db38b17d4e17671d130f3c5eefbd9338a767231f29fd6ac44",
    "username" : "admin",
    "admin" : true,
    "__v" : 0
}


]

## test_assignment3.js
/* test/test_assignment3.js

   run me by typing in a terminal from the project root:

   ./node_modules/.bin/mocha test/test_assignment3.js
*/

var request = require('supertest');
var assert = require('assert');
var mongoose = require('mongoose');

var app = require('../app');
var Promotions = require('../models/promotions');
var User = require('../models/user');

var STRICT_REST = true; // change that to false depending on https://www.coursera.org/learn/server-side-development/lecture/bKtMl/exercise-video-rest-api-with-express-mongodb-and-mongoose/discussions/x1AZIu9SEeWB0QpuSDkq-Q
var HTTP_OK = 200;
var HTTP_CREATED = (STRICT_REST) ? 201 : HTTP_OK;
var HTTP_FORBIDDEN = 403;
var HTTP_UNAUTHORIZED = (STRICT_REST) ? 401 : HTTP_FORBIDDEN; // See http://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses
var HTTP_NOT_FOUND = 404;

/*
 * Data
 */
var promotions_fixture = require('./fixtures/fixtures_promotions');
var users_fixture = require('./fixtures/fixtures_users');
var new_promotion = {
  "name" : "St Valentin Special",
  "image" : "images/pink.png",
  "label" : "Hot",
  "price" : 1490,
  "description" : "All pink dishes !",
};

/*
 * Utility
 */
function login(username, password, callback) {
  request(app)
    .post('/users/login')
    .send({username: username, password: password})
    .end(function(err, res) {
      if (err) throw err;
      callback(res);
    });
}

/*
 * Tests
 */
describe('Verify permission', function(){
  before(function(done) {
    User.remove({}, function(err, res) { // don't use drop() as this will occasionnnaly raise a background operation error
        User.insertMany(users_fixture, done);
    });
  });

  beforeEach(function(done){
    Promotions.remove({}, function(err, res) { // don't use drop() as this will occasionnnaly raise a background operation error
        Promotions.insertMany(promotions_fixture, done);
    });
  });

  describe('GET /users', function(){
    it('returns all users when authenticated as admin', function(done){
      login("admin", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .get('/users')
          .set('x-access-token', token)
          //.expect(console.log)
          .expect('Content-Type', /json/)
          .expect(HTTP_OK)
          .expect(function(res) {
            // hash & salt are hidden in the result set
            var expected = users_fixture.map(function (item) {
              return {__v: item.__v, _id:item._id, admin: item.admin, username: item.username};
            });

            assert.deepEqual(res.body, expected);
          })
          .end(done);
      });
    });

    it('is forbidden when authenticated as normal user', function(done){
      login("sylvain", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .get('/users')
          .set('x-access-token', token)
          .expect(HTTP_FORBIDDEN)
          .expect(/You are not authorized to perform this operation!/) // required by assignment 3 task 3
          .expect(function(res) {
            assert.deepEqual(res.body, {});
          })
          .end(done);
      });
    });

    it('returns "unauthorized" when not properly authenticated', function(done){
      request(app)
        .get('/promotions')
        .expect(HTTP_UNAUTHORIZED)
        .expect(function(res) {
          assert.deepEqual(res.body, {});
        })
        .end(done);
    });

  });


  describe('GET /promotions', function(){
    it('returns all promotions when authenticated', function(done){
      login("sylvain", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .get('/promotions')
          .set('x-access-token', token)
          .expect('Content-Type', /json/)
          .expect(HTTP_OK)
          .expect(function(res) {
            assert.deepEqual(res.body, promotions_fixture);
          })
          .end(done);
      });
    });

    it('returns "unauthorized" when not properly authenticated', function(done){
      request(app)
        .get('/promotions')
        .expect(HTTP_UNAUTHORIZED)
        .end(done);
    });


  });

  describe('POST /promotions', function(){
    it('post a dish when authenticated as admin', function(done){
      login("admin", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .post('/promotions')
          .set('x-access-token', token)
          .send(new_promotion)
          //.expect(console.log)
          .expect('Content-Type', /json/)
          .expect(HTTP_CREATED)
          .expect(function(res) {
            assert.ok(res.body._id);
            assert.equal(res.body.name, new_promotion.name);
            assert.equal(res.body.image, new_promotion.image);
            assert.equal(res.body.label, new_promotion.label);
            assert.equal(res.body.price, new_promotion.price);
            assert.equal(res.body.description, new_promotion.description);
          })
          .end(done);
      });
    });

    it('is forbidden when authenticated as normal user', function(done){
      login("sylvain", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .post('/promotions')
          .set('x-access-token', token)
          .expect(HTTP_FORBIDDEN)
          .expect(function(res) {
            assert.deepEqual(res.body, {});
          })
          .end(done);
      });
    });

    it('returns "unauthorized" when not properly authenticated', function(done){
      request(app)
        .post('/promotions')
        .expect(HTTP_UNAUTHORIZED)
        .expect(function(res) {
          assert.deepEqual(res.body, {});
        })
        .end(done);
    });

  });


  describe('DELETE /promotions', function(){
    it('delete all dishes when authenticated as admin', function(done){
      login("admin", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .delete('/promotions')
          .set('x-access-token', token)
          .send(new_promotion)
          //.expect(console.log)
          .expect(function(res) {
            assert.deepEqual(res.body, { ok: 1, n: promotions_fixture.length });
          })
          .end(done);
      });
    });

    it('is forbidden when authenticated as normal user', function(done){
      login("sylvain", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .delete('/promotions')
          .set('x-access-token', token)
          .expect(HTTP_FORBIDDEN)
          .end(done);
      });
    });

    it('returns "unauthorized" when not properly authenticated', function(done){
      request(app)
        .delete('/promotions')
        .expect(HTTP_UNAUTHORIZED)
        .end(done);
    });

  });

  describe('GET /promotions/:id', function(){
    it('returns a promotions when authenticated', function(done){
      login("sylvain", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .get('/promotions/' + promotions_fixture[0]._id)
          .set('x-access-token', token)
          .expect('Content-Type', /json/)
          .expect(HTTP_OK)
          .expect(function(res) {
            assert.deepEqual(res.body, promotions_fixture[0]);
          })
          .end(done);
      });
    });

    it('returns "unauthorized" when not properly authenticated', function(done){
      request(app)
        .get('/promotions/' + promotions_fixture[0]._id)
        .expect(HTTP_UNAUTHORIZED)
        .end(done);
    });

  });

  describe('PUT /promotions/:id', function(){
    it('change a promotions when authenticated as admin', function(done){
      login("admin", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .put('/promotions/' + promotions_fixture[0]._id)
          .send(new_promotion)
          .set('x-access-token', token)
          .expect('Content-Type', /json/)
          .expect(HTTP_OK)
          .expect(function(res) {
            assert.equal(res.body._id, promotions_fixture[0]._id);
            assert.equal(res.body.name, new_promotion.name);
            assert.equal(res.body.image, new_promotion.image);
            assert.equal(res.body.label, new_promotion.label);
            assert.equal(res.body.price, new_promotion.price);
            assert.equal(res.body.description, new_promotion.description);
          })
          .end(done);
      });
    });

    it('is forbidden when authenticated as normal user', function(done){
      login("sylvain", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .put('/promotions/' + promotions_fixture[0]._id)
          .send(new_promotion)
          .set('x-access-token', token)
          .expect(HTTP_FORBIDDEN)
          .end(done);
      });
    });

    it('returns "unauthorized" when not properly authenticated', function(done){
      request(app)
        .put('/promotions/' + promotions_fixture[0]._id)
        .expect(HTTP_UNAUTHORIZED)
        .end(done);
    });

  });

  describe('DELETE /promotions/:id', function(){
    it('remove a promotions when authenticated as admin', function(done){
      login("admin", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .delete('/promotions/' + promotions_fixture[0]._id)
          .set('x-access-token', token)
          .expect('Content-Type', /json/)
          .expect(HTTP_OK)
          .expect(function(res) {
            assert.equal(res.body._id, promotions_fixture[0]._id);
            assert.equal(res.body.name, promotions_fixture[0].name);
            assert.equal(res.body.image, promotions_fixture[0].image);
            assert.equal(res.body.label, promotions_fixture[0].label);
            assert.equal(res.body.price, promotions_fixture[0].price);
            assert.equal(res.body.description, promotions_fixture[0].description);
          })
          .end(done);
      });
    });

    it('returns 403 when authenticated as normal user', function(done){
      login("sylvain", "password", function(auth_res) {
        var token = auth_res.body.token;
        request(app)
          .delete('/promotions/' + promotions_fixture[0]._id)
          .set('x-access-token', token)
          .expect(HTTP_FORBIDDEN)
          .end(done);
      });
    });

    it('returns "unauthorized" when not properly authenticated', function(done){
      request(app)
        .delete('/promotions/' + promotions_fixture[0]._id)
        .expect(HTTP_UNAUTHORIZED)
        .end(done);
    });

  });

});
	/* test/fixtures/fixtures_promotions.js */

	module.exports = [

	{
	"_id" : "000000000000000000001100",
	"updatedAt" : "2016-03-21T23:18:37.283Z",
	"createdAt" : "2016-03-21T23:14:53.548Z",
	"name" : "Grand buffet",
	"image" : "images/buffet.png",
	"label" : "",
	"price" : 1050,
	"description" : "A buffet which is Mucho Grande !",
	"__v" : 5
	},
	{
	"_id" : "000000000000000000001200",
	"updatedAt" : "2016-03-21T23:14:53.548Z",
	"createdAt" : "2016-03-21T23:14:53.548Z",
	"name" : "Small buffet",
	"image" : "images/minbuffet.png",
	"label" : "",
	"price" : 550,
	"description" : "A buffet which is Tout Rikiki !",
	"__v" : 0
	},

	]
	/* test/fixtures/fixtures_users.js */

	module.exports = [
	// all passwords are "password" (without quotes)
	{
	"_id" : "56f856c56ef091173981d865",
	"salt" : "0e04452c75686290462316c89e12611ab6fe333aa1fdd3d5375465249e9dc872",
	"hash" : "6df27ea6ad2af461e9af50caf5ee9b932b3872a2614824aad57b281c551452122b2010f6a37ba72ec8efa39a3494ac42d3350d4d18d1e8bf0d1a6583e43a6599cfea0aa56b44273009ad6dfa8e85cc2e07679d144ddbf9ab83f6d6036f66678f1aebc4df8adf0b0d57187f23d7449c1872851ae31017e75c803969dcf414c4fddfd39933f66c265f4cbcac2800a54e3e7f7c78b3da3747de391d6290500da9de661c86b1053fc240f9444e413943636899920b3b88a383ef57d5c9bffacf934f3e91e0bff3ba59f9fb5e8071067daf39fcf83df45a7a6ccc50dfcfe8d43ed8b0c0a537055c06d0996bb0a0861fb9862f00e97393cf296f4f5e83527f00f73d0bd7355b1430436a33cd2b0e94bd42e3bf20b0f306d0d20a5b90f4808c8d7fdbcd01ba06c03203497fff081384483ef1c0925297168b3b66f44347a858321356467e34d015bd96c88157dd3a577df452feb3fab0990fd943b1828e1aaf23fb1601c32edb72e393532698c9502b66e49790dd63811d2bb32f3f132ac12c499bb5594e5bb97da2e3a05387605b1ad4c3ee63581128e957271eaa52cfea28f17b1883426ef74d8f7e141070465f453e61df953f30a3650a634139ea17203a9bb5c59c21bb51580d3f1951db17454ee190d70067e8d057c6aeb03ef10fd09edc049571ec3af8c36cfd367625257bfad082b920454c5e29ee478cd18728528993fb1f40",
	"username" : "sylvain",
	"admin" : false,
	"__v" : 0
	},
	{
	"_id" : "56f856cf6ef091173981d866",
	"salt" : "50fdd913d264feaebcb8401fb4ded80ad0fc4a650dbcc611a2d4ca23bb06ff10",
	"hash" : "0daf5b1bd80933a688ee59d0005f752e05ebebf0ee05d05f375cf4f49f1f6af1d0b86fcc21e043857e3755bb53fea25f99c53724807c17eff7c3a79473c76b0eaddfbb2c895aa5b9643d4ba60b3711779c75984fe9cac173c82bfcf17793ccfc6bb2c4c9da8689306b58b976e174f230f2849d88f9c24a75106eec0f04c515897fdf70c01dad871dfa13106c07ebf35a7b5695054ddece4987d584e568f0863a046f143c1aaaccf915f8b150783d38558d42671a645a04b0278e47917dffa34bc0a687038edfb403187b67b87e5c355b7deabe546c8b627c3effad0e47d7c397471cab48cfcaa49e4a586ee8a6124f0cee661c02ea14312f551056a8ddf6995fa28ad4d9b7145aa0900507b63f4e27528eb153e7a47df43e5baf2c2cbe6cfeef2af174a79dd013fb8bce77160a0b4f8f0638ef2e238c720486aeded860ed2f3fc86d55cf371ac828981736a2a70953a12187e6047516ec553cb1a1cbb817621aa30057157933d544dea2c4ee4ce1b0830947fd630431a640806e904d32a6b490411933f3049d44722bcec39dc3335b58412b4da7bb437ac190f1bc052f24dd1ff270533e4fed194fd546dc04edbf0dec932a82b6b3270993c2c49000791e24d970c945a986c3858aa3d2f07cebd290ff582932454dfed8ab11878e632f15933d6d3062ef78ac244db38b17d4e17671d130f3c5eefbd9338a767231f29fd6ac44",
	"username" : "admin",
	"admin" : true,
	"__v" : 0
	}


	]
	/* test/test_assignment3.js

	run me by typing in a terminal from the project root:

	./node_modules/.bin/mocha test/test_assignment3.js
	*/

	var request = require('supertest');
	var assert = require('assert');
	var mongoose = require('mongoose');

	var app = require('../app');
	var Promotions = require('../models/promotions');
	var User = require('../models/user');

	var STRICT_REST = true; // change that to false depending on https://www.coursera.org/learn/server-side-development/lecture/bKtMl/exercise-video-rest-api-with-express-mongodb-and-mongoose/discussions/x1AZIu9SEeWB0QpuSDkq-Q
	var HTTP_OK = 200;
	var HTTP_CREATED = (STRICT_REST) ? 201 : HTTP_OK;
	var HTTP_FORBIDDEN = 403;
	var HTTP_UNAUTHORIZED = (STRICT_REST) ? 401 : HTTP_FORBIDDEN; // See http://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses
	var HTTP_NOT_FOUND = 404;

	/*
	* Data
	*/
	var promotions_fixture = require('./fixtures/fixtures_promotions');
	var users_fixture = require('./fixtures/fixtures_users');
	var new_promotion = {
	"name" : "St Valentin Special",
	"image" : "images/pink.png",
	"label" : "Hot",
	"price" : 1490,
	"description" : "All pink dishes !",
	};

	/*
	* Utility
	*/
	function login(username, password, callback) {
	request(app)
	.post('/users/login')
	.send({username: username, password: password})
	.end(function(err, res) {
	if (err) throw err;
	callback(res);
	});
	}

	/*
	* Tests
	*/
	describe('Verify permission', function(){
	before(function(done) {
	User.remove({}, function(err, res) { // don't use drop() as this will occasionnnaly raise a background operation error
	User.insertMany(users_fixture, done);
	});
	});

	beforeEach(function(done){
	Promotions.remove({}, function(err, res) { // don't use drop() as this will occasionnnaly raise a background operation error
	Promotions.insertMany(promotions_fixture, done);
	});
	});

	describe('GET /users', function(){
	it('returns all users when authenticated as admin', function(done){
	login("admin", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.get('/users')
	.set('x-access-token', token)
	//.expect(console.log)
	.expect('Content-Type', /json/)
	.expect(HTTP_OK)
	.expect(function(res) {
	// hash & salt are hidden in the result set
	var expected = users_fixture.map(function (item) {
	return {__v: item.__v, _id:item._id, admin: item.admin, username: item.username};
	});

	assert.deepEqual(res.body, expected);
	})
	.end(done);
	});
	});

	it('is forbidden when authenticated as normal user', function(done){
	login("sylvain", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.get('/users')
	.set('x-access-token', token)
	.expect(HTTP_FORBIDDEN)
	.expect(/You are not authorized to perform this operation!/) // required by assignment 3 task 3
	.expect(function(res) {
	assert.deepEqual(res.body, {});
	})
	.end(done);
	});
	});

	it('returns "unauthorized" when not properly authenticated', function(done){
	request(app)
	.get('/promotions')
	.expect(HTTP_UNAUTHORIZED)
	.expect(function(res) {
	assert.deepEqual(res.body, {});
	})
	.end(done);
	});

	});


	describe('GET /promotions', function(){
	it('returns all promotions when authenticated', function(done){
	login("sylvain", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.get('/promotions')
	.set('x-access-token', token)
	.expect('Content-Type', /json/)
	.expect(HTTP_OK)
	.expect(function(res) {
	assert.deepEqual(res.body, promotions_fixture);
	})
	.end(done);
	});
	});

	it('returns "unauthorized" when not properly authenticated', function(done){
	request(app)
	.get('/promotions')
	.expect(HTTP_UNAUTHORIZED)
	.end(done);
	});


	});

	describe('POST /promotions', function(){
	it('post a dish when authenticated as admin', function(done){
	login("admin", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.post('/promotions')
	.set('x-access-token', token)
	.send(new_promotion)
	//.expect(console.log)
	.expect('Content-Type', /json/)
	.expect(HTTP_CREATED)
	.expect(function(res) {
	assert.ok(res.body._id);
	assert.equal(res.body.name, new_promotion.name);
	assert.equal(res.body.image, new_promotion.image);
	assert.equal(res.body.label, new_promotion.label);
	assert.equal(res.body.price, new_promotion.price);
	assert.equal(res.body.description, new_promotion.description);
	})
	.end(done);
	});
	});

	it('is forbidden when authenticated as normal user', function(done){
	login("sylvain", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.post('/promotions')
	.set('x-access-token', token)
	.expect(HTTP_FORBIDDEN)
	.expect(function(res) {
	assert.deepEqual(res.body, {});
	})
	.end(done);
	});
	});

	it('returns "unauthorized" when not properly authenticated', function(done){
	request(app)
	.post('/promotions')
	.expect(HTTP_UNAUTHORIZED)
	.expect(function(res) {
	assert.deepEqual(res.body, {});
	})
	.end(done);
	});

	});


	describe('DELETE /promotions', function(){
	it('delete all dishes when authenticated as admin', function(done){
	login("admin", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.delete('/promotions')
	.set('x-access-token', token)
	.send(new_promotion)
	//.expect(console.log)
	.expect(function(res) {
	assert.deepEqual(res.body, { ok: 1, n: promotions_fixture.length });
	})
	.end(done);
	});
	});

	it('is forbidden when authenticated as normal user', function(done){
	login("sylvain", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.delete('/promotions')
	.set('x-access-token', token)
	.expect(HTTP_FORBIDDEN)
	.end(done);
	});
	});

	it('returns "unauthorized" when not properly authenticated', function(done){
	request(app)
	.delete('/promotions')
	.expect(HTTP_UNAUTHORIZED)
	.end(done);
	});

	});

	describe('GET /promotions/:id', function(){
	it('returns a promotions when authenticated', function(done){
	login("sylvain", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.get('/promotions/' + promotions_fixture[0]._id)
	.set('x-access-token', token)
	.expect('Content-Type', /json/)
	.expect(HTTP_OK)
	.expect(function(res) {
	assert.deepEqual(res.body, promotions_fixture[0]);
	})
	.end(done);
	});
	});

	it('returns "unauthorized" when not properly authenticated', function(done){
	request(app)
	.get('/promotions/' + promotions_fixture[0]._id)
	.expect(HTTP_UNAUTHORIZED)
	.end(done);
	});

	});

	describe('PUT /promotions/:id', function(){
	it('change a promotions when authenticated as admin', function(done){
	login("admin", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.put('/promotions/' + promotions_fixture[0]._id)
	.send(new_promotion)
	.set('x-access-token', token)
	.expect('Content-Type', /json/)
	.expect(HTTP_OK)
	.expect(function(res) {
	assert.equal(res.body._id, promotions_fixture[0]._id);
	assert.equal(res.body.name, new_promotion.name);
	assert.equal(res.body.image, new_promotion.image);
	assert.equal(res.body.label, new_promotion.label);
	assert.equal(res.body.price, new_promotion.price);
	assert.equal(res.body.description, new_promotion.description);
	})
	.end(done);
	});
	});

	it('is forbidden when authenticated as normal user', function(done){
	login("sylvain", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.put('/promotions/' + promotions_fixture[0]._id)
	.send(new_promotion)
	.set('x-access-token', token)
	.expect(HTTP_FORBIDDEN)
	.end(done);
	});
	});

	it('returns "unauthorized" when not properly authenticated', function(done){
	request(app)
	.put('/promotions/' + promotions_fixture[0]._id)
	.expect(HTTP_UNAUTHORIZED)
	.end(done);
	});

	});

	describe('DELETE /promotions/:id', function(){
	it('remove a promotions when authenticated as admin', function(done){
	login("admin", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.delete('/promotions/' + promotions_fixture[0]._id)
	.set('x-access-token', token)
	.expect('Content-Type', /json/)
	.expect(HTTP_OK)
	.expect(function(res) {
	assert.equal(res.body._id, promotions_fixture[0]._id);
	assert.equal(res.body.name, promotions_fixture[0].name);
	assert.equal(res.body.image, promotions_fixture[0].image);
	assert.equal(res.body.label, promotions_fixture[0].label);
	assert.equal(res.body.price, promotions_fixture[0].price);
	assert.equal(res.body.description, promotions_fixture[0].description);
	})
	.end(done);
	});
	});

	it('returns 403 when authenticated as normal user', function(done){
	login("sylvain", "password", function(auth_res) {
	var token = auth_res.body.token;
	request(app)
	.delete('/promotions/' + promotions_fixture[0]._id)
	.set('x-access-token', token)
	.expect(HTTP_FORBIDDEN)
	.end(done);
	});
	});

	it('returns "unauthorized" when not properly authenticated', function(done){
	request(app)
	.delete('/promotions/' + promotions_fixture[0]._id)
	.expect(HTTP_UNAUTHORIZED)
	.end(done);
	});

	});

	});