[rspec-users] survey: roles in controller specs

J. B. Rainsberger jbrainsberger at gmail.com
Tue May 11 17:23:42 EDT 2010

Chris Flipse wrote:

> I have a bit of a question on how people are organizing their controller
> specs, once you take user roles into account.  I'm not entirely sure
> that I've found a way to do it that feels "natural" to me.

<snip />

> This is the direction that the flow of the language seems right to me,
> when it's dumped in the specdocs -- "PostsController, as a normal user
> POST create is forbidden", but from another standpoint, it breaks up the
> specification of a single method into a couple of different locations in
> the file, and may require duplicating quite a bit of setup.
> How does everyone else deal with this?

I tend to organize these specs by permissions, not roles. Instead of 
checking what a normal user can do or an editor can do, I simply assume 
that everyone can create a post (no spec required) except those who 
should not be permitted, for which I write a spec. All my authorization 
specs are of the form "<role> is not permitted to do <action>" and I 
organize them by action.
J. B. Rainsberger :: http://www.jbrains.ca ::

More information about the rspec-users mailing list