[rspec-users] mocking and stub comprehension

Sahyoun osahyoun at gmail.com
Wed Nov 19 04:55:12 EST 2008


Thanks Zach,

Your suggestion has put me back on track.

Cheers,
Omar


On 17 Nov 2008, at 00:13, Zach Dennis wrote:

> On Sun, Nov 16, 2008 at 5:53 PM, Sahyoun <osahyoun at gmail.com> wrote:
>> Hello,
>>
>> I'm specing a controller, but having trouble getting my head around  
>> what
>> I've created.
>>
>> I'm specing a products controller for an admin user. Two before  
>> filters
>> check the user is logged in and authorized.
>> A logged-in user only has admin privileges within her own  
>> subdomain. So,
>> sarah, when logged in
>> can only administer products at sarah.mysite.com/admin/products.
>>
>> Since there are two account types that require authentication   
>> (supplier and
>> customer),
>> the user model is polymorphic:
>>
>> class User
>>       belongs_to :allowable,  :polymorphic => true
>> ...
>> end
>>
>> class Supplier
>>       has_many :users, :as => :allowable
>> end
>>
>>
>> class Customer
>>       has_one  :user, :as => :allowable
>> end
>>
>> A supplier has their own subdmain (sarah.mysite.com) and a customer  
>> has a
>> profile page at mysite.com/people/joe.
>>
>> When sarah is logged-in, I check she has permission to edit content  
>> at
>> sarah.mysite.com with:
>>
>> def authorized_resource?(resource)
>> current_user.allowable == resource
>> end
>
> I would probably change this method so you are pushing the
> responsibility onto your user. For example, I might change the
> authorized_resourced method to look like:
>
> def authorized_resource?(resource)
>    current_user.can_access?(resource)
> end
>
> Now in your example you can stub/expect the interaction with the user
> object. Pushing this  decision for who can access what really should
> stay out of your controller. Even though the authorization check is
> quite simple right now (ie: user.allowable == resource) this puts more
> logic in your controller, makes it slightly harder to test and also
> re-use.
>
> Hope this helps,
>
> Zach
>
>>
>> 'resource' being a supplier or customer object.
>>
>> My mind is failing me trying to describe Admin::ProductsController:
>>
>> http://pastie.org/316414
>>
>> Both examples pass, but I'm not sure I understand exactly what I'm  
>> doing. In
>> particular, can I make:
>>
>> it "should send unauthorized user to home page" do
>> controller.should_receive(:authorized_resource?).and_return false
>> do_get
>> response.should redirect_to(home_path)
>> end
>>
>>
>> pass without stubbing the false return. How can I set up the mock  
>> instances,
>> so that the controller method
>> 'authorized_resource?' actually returns a false method. Any  
>> guidance would
>> be much appreciated.
>>
>> many thanks
>>
>> Omar
>>
>>
>> _______________________________________________
>> rspec-users mailing list
>> rspec-users at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/rspec-users
>>
>
>
>
> -- 
> Zach Dennis
> http://www.continuousthinking.com
> http://www.mutuallyhuman.com
> _______________________________________________
> rspec-users mailing list
> rspec-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users



More information about the rspec-users mailing list