[rspec-users] Specs for authorisation

Pat Maddox pergesu at gmail.com
Tue Nov 11 00:53:37 EST 2008


Nick Hoffman <nick at deadorange.com> writes:

> I'm writing specs to check that certain user types are authorised to
> access certain controller actions. In addition to writing specs for
> authorised user types and for users who aren't logged-in, I feel that
> I should write specs for all of the other user types. However, the
> number of examples that must be written quickly soars as the number of
> user types and controller actions increase.
>
> Other than writing methods and/or shared examples to mock and stub
> logging different types of users in, what can be done to reduce the
> size of the spec files...or should I not care about that?

Please take a look at
http://rubyforge.org/pipermail/rspec-users/2008-November/010076.html I
think it'll help out.

Once you express the authorization rules in domain terms on the
controller side and implement them in the model, you will end up with
one or two examples for the controller, and several for the model.  The
model specs are much tighter in focus, so if you extract any shared
behaviors from them then you will have extracted the essence of the
specs, rather than covering up a code smell as you would were you to
abtract it at the controller level.

Pat


More information about the rspec-users mailing list