[rspec-users] survey: roles in controller specs
J. B. Rainsberger
jbrainsberger at gmail.com
Tue May 11 17:23:42 EDT 2010
Chris Flipse wrote:
> I have a bit of a question on how people are organizing their controller
> specs, once you take user roles into account. I'm not entirely sure
> that I've found a way to do it that feels "natural" to me.
<snip />
> This is the direction that the flow of the language seems right to me,
> when it's dumped in the specdocs -- "PostsController, as a normal user
> POST create is forbidden", but from another standpoint, it breaks up the
> specification of a single method into a couple of different locations in
> the file, and may require duplicating quite a bit of setup.
>
> How does everyone else deal with this?
I tend to organize these specs by permissions, not roles. Instead of
checking what a normal user can do or an editor can do, I simply assume
that everyone can create a post (no spec required) except those who
should not be permitted, for which I write a spec. All my authorization
specs are of the form "<role> is not permitted to do <action>" and I
organize them by action.
--
J. B. Rainsberger :: http://www.jbrains.ca ::
http://www.thecodewhisperer.com
More information about the rspec-users
mailing list