[rspec-users] restful_authentication's "permission_denied" and rspec
nick at deadorange.com
Sat Nov 22 13:38:53 EST 2008
On 2008-11-21, at 09:20, Ramon Tayag wrote:
> Hi everyone,
> WIth restful_authentication you get a method "permission_denied" that
> you just slap onto the controller when you don't want a user to gain
> access to something. In this method Rails does a bunch of stuff then
> basically tries to be smart and redirects the user somewhere else.
> I want to test that this occurs given certain conditions but I don't
> know how to "should_receive" this or something.
> This definitely doesn't work but it should explain what I'm trying
> to do:
> How would I go about this?
> Thank you,
> Ramon Tayag
Hi Ramon. I use Authlogic rather than restful-authentication, but the
premise should be the same. When I was writing my various controller
authorisation specs, rather than writing specs for details such as
"was #deny_access called?" or "was #admin_must_be_logged_in called?",
I focussed on speccing behaviour.
For example, for the scenario that a logged-in user tries to access
UsersController#destroy , I check that a flash message is set, and
that they're redirected to their account page:
Now, that's not to say that method is the best way of speccing this.
I'm sure others can chime in here.
More information about the rspec-users