[rspec-users] mocking and stub comprehension

Zach Dennis zach.dennis at gmail.com
Sun Nov 16 18:13:55 EST 2008

On Sun, Nov 16, 2008 at 5:53 PM, Sahyoun <osahyoun at gmail.com> wrote:
> Hello,
> I'm specing a controller, but having trouble getting my head around what
> I've created.
> I'm specing a products controller for an admin user. Two before filters
> check the user is logged in and authorized.
> A logged-in user only has admin privileges within her own subdomain. So,
> sarah, when logged in
> can only administer products at sarah.mysite.com/admin/products.
> Since there are two account types that require authentication  (supplier and
> customer),
> the user model is polymorphic:
> class User
>        belongs_to :allowable,  :polymorphic => true
>  ...
> end
> class Supplier
>        has_many :users, :as => :allowable
> end
> class Customer
>        has_one  :user, :as => :allowable
> end
> A supplier has their own subdmain (sarah.mysite.com) and a customer has a
> profile page at mysite.com/people/joe.
> When sarah is logged-in, I check she has permission to edit content at
> sarah.mysite.com with:
> def authorized_resource?(resource)
>  current_user.allowable == resource
> end

I would probably change this method so you are pushing the
responsibility onto your user. For example, I might change the
authorized_resourced method to look like:

def authorized_resource?(resource)

Now in your example you can stub/expect the interaction with the user
object. Pushing this  decision for who can access what really should
stay out of your controller. Even though the authorization check is
quite simple right now (ie: user.allowable == resource) this puts more
logic in your controller, makes it slightly harder to test and also

Hope this helps,


> 'resource' being a supplier or customer object.
> My mind is failing me trying to describe Admin::ProductsController:
> http://pastie.org/316414
> Both examples pass, but I'm not sure I understand exactly what I'm doing. In
> particular, can I make:
> it "should send unauthorized user to home page" do
>  controller.should_receive(:authorized_resource?).and_return false
>  do_get
>  response.should redirect_to(home_path)
> end
> pass without stubbing the false return. How can I set up the mock instances,
> so that the controller method
> 'authorized_resource?' actually returns a false method. Any guidance would
> be much appreciated.
> many thanks
> Omar
> _______________________________________________
> rspec-users mailing list
> rspec-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users

Zach Dennis

More information about the rspec-users mailing list