[rspec-users] spec for authenticated user

[Nick Hoffman]

> -----Original Message-----
> From: rspec-users-bounces at rubyforge.org [mailto:rspec-users-bounces at rubyforge.org] On Behalf Of David Chelimsky
> Sent: Wednesday, May 27, 2009 5:55 PM
> To: rspec-users
> Subject: Re: [rspec-users] spec for authenticated user
>>   before_filter :requires_user,
>>                :except => :create
>>
>>  def show
>>   #-------
>>
>>     # the currently authenticated user
>>     @user = user
>>
>>   end
>>
>> How shall we check the currently authenticated user using rspec?
>
> What's in requires_user?

On Wed, May 27, 2009 at 8:40 AM, Diwakar, ANGLER - EIT
<diwakar at angleritech.com> wrote:
>  private; def requires_user
>    if user.nil?
>
>      if request.format.html?
>
>        session[ :redirected_from ] ||= request.env[ "REQUEST_URI" ]
>
>        redirect_to( sign_in_url )
>      else
>        render( :status => 403, :text => 'An authenticated user is required.' )
>      end
>    end
>
>  end

What's setting the "user" variable before #requires_user is called? Or
is "user" a method inside that controller?

Ignoring that question for a moment, all you need to do is write out
(on paper/in Vim/whatever) the behaviour of each scenario that can
occur while traversing through this controller. For example, one
[verbose] scenario is:

"When a user who's not logged-in and whose session isn't being
redirected requests HTML from FooBarsController#show , they should be
redirected to the sign-up page."

Once you have the behaviour of each scenario mapped out, write specs
for each scenario.

When that's all done, I recommend writing your specs before you write code.
-Nick