Course Access Specs

course-access-specs.rb

Courses
  GET /courses/:id
    when accessing an archived course
      as a superadmin
        responds with 403
      as a publisher
        responds with 403
      as an admin
        responds with 403
      as a learner
        responds with 403
    when accessing an active course
      as a superadmin
        responds with 200
      as a publisher
        responds with 200 for a course published in his security zone
        responds with 403 for a course published outside his security zone
        responds with 200 for a course published as public
        responds with 200 for a course targeted to his group
        responds with 403 for a course NOT targeted to his group
        responds with 200 for another publishers course
        responds with 200 for own course
        responds with 403 for a course NOT targeted to him
        responds with 200 for a course targeted to him
        responds with 200 for a course published outside his security zone, if he himself is not part of a security zone
      as an admin
        responds with 200
      as a learner
        responds with 200 for a course published outside his security zone, if he himself is not part of a security zone
        responds with 403 for a course NOT targeted to his group
        responds with 403 for a course NOT targeted to him
        responds with 200 for a course published as public
        responds with 200 for a course targeted to him
        responds with 200 for a course published in his security zone
        responds with 403 for a course published outside his security zone
        responds with 200 for a course targeted to his group
    when accessing a draft course
      as a superadmin
        responds with 200
      as a publisher
        responds with 403 for another publishers course
        responds with 200 for own course
      as an admin
        responds with 200
      as a learner
        responds with 403
  POST /courses
    when creating a course
      as a superadmin
        responds with 201
      as a publisher
        responds with 201
      as an admin
        responds with 201
      as a learner
        responds with 403
  PUT /courses/:id
    when updating an archived course
      as a superadmin
        responds with 403
      as a publisher
        responds with 403
      as an admin
        responds with 403
      as a learner
        responds with 403
    when updating an active course
      as a superadmin
        responds with 200
      as a publisher
        responds with 403 for another publishers course
        responds with 200 for own course
      as an admin
        responds with 200
      as a learner
        responds with 403
    when updating a draft course
      as a superadmin
        responds with 200
      as a publisher
        responds with 403 for another publishers course
        responds with 200 for own course
      as an admin
        responds with 200
      as a learner
        responds with 403
  DELETE /courses/:id
    when deleting an active course
      as a superadmin
        responds with 204
      as a publisher
        responds with 403 for another publishers course
        responds with 204 for own course
      as an admin
        responds with 204
      as a learner
        responds with 403
    when deleting an archived course
      as a superadmin
        responds with 403
      as a publisher
        responds with 403
      as an admin
        responds with 403
      as a learner
        responds with 403
    when deleting a draft course
      as a superadmin
        responds with 204
      as a publisher
        responds with 403 for another publishers course
        responds with 204 for own course
      as an admin
        responds with 204
      as a learner
        responds with 403

Tom,

Added specs for the conditions you have mentioned above. Please check if any other condition is missing in the mix.