@authorization @authorize Feature: Authorization

In order to ensure I am who I say I am
As a CS Client
I want to be authenticated

Scenario: Token request with no credentials
  Given I have no credentials
  When I request a token
  Then I should not receive a token

Scenario: Token request with invalid credentials
  Given I have invalid credentials
  When I request a token
  Then I should not receive a token

Scenario: Token request with valid credentials
  Given I have valid credentials
  When I request a token
  Then I should receive a token

Scenario: Allowed request
  Given I have a token that allows requesting configurations
  When I request a configuration
  Then I should be allowed to request configurations

Scenario: Denied request
  Given I have a token that does not allow requesting configurations
  When I request a configuration
  Then I should be notified that my request is 'not authorized'

Scenario: Allowed publication
  Given I have a token that allows publishing configurations
  When I request publication of a configuration
  Then I should be allowed to publish configurations

Scenario: Denied publication
  Given I have a token that does not allow publishing configurations
  When I request publication of a configuration
  Then I should be notified that my request is 'not authorized'

Scenario: Token-less request
  Given I do not have a token
  When I request a configuration
  Then I should be notified that my request is 'not authorized'