[rspec-users] Specs for authorisation

Nick Hoffman nick at deadorange.com
Tue Nov 11 09:36:03 EST 2008

On 2008-11-11, at 00:53, Pat Maddox wrote:
> Nick Hoffman <nick at deadorange.com> writes:
>> I'm writing specs to check that certain user types are authorised to
>> access certain controller actions. In addition to writing specs for
>> authorised user types and for users who aren't logged-in, I feel that
>> I should write specs for all of the other user types. However, the
>> number of examples that must be written quickly soars as the number  
>> of
>> user types and controller actions increase.
>> Other than writing methods and/or shared examples to mock and stub
>> logging different types of users in, what can be done to reduce the
>> size of the spec files...or should I not care about that?
> Please take a look at
> http://rubyforge.org/pipermail/rspec-users/2008-November/010076.html I
> think it'll help out.
> Once you express the authorization rules in domain terms on the
> controller side and implement them in the model, you will end up with
> one or two examples for the controller, and several for the model.   
> The
> model specs are much tighter in focus, so if you extract any shared
> behaviors from them then you will have extracted the essence of the
> specs, rather than covering up a code smell as you would were you to
> abtract it at the controller level.
> Pat

Wow, that's embarassing on my part  =P  I remember enjoying that  
thread as it was being discussed, and that was only a couple of days  
ago! Apologies for the duplication, guys!

Pat, thanks for pointing me to it again. Much appreciated.

More information about the rspec-users mailing list