If you''re testing, you don''t need to updated the logged_in_at
field...
Another option, if you don''t actually want to test the security but
instead focus on the behaviour of your own controllers, is to disabled
the filter when testing. In
RAILS_ROOT/test/functional/your_controller_test.rb:
class YourController;
# we don''t want to test authorization here
skip_before_filter :authorize_action
# Raise errors beyond the default web-based presentation
def rescue_action(e) raise e end;
end
class RoleControllerTest < Test::Unit::TestCase
fixtures ...
def setup()
...
# put a user into the session if your actions will expect one
@request.session[:user] = User.find...(whatever)
end
....
end
- james
On 11/28/05, Steve Ross
<sross-ju+vs0qJmycyYsO2DCxJlVaTQe2KTcn/@public.gmane.org>
wrote:> I''m using the login engine, but when it got to retesting, I
noodled over
> how to get logged in before my tests for protected pages. What I settled
on:
>
> # test_helper.rb
>
> def get_logged_in
> @request.session[:user] = User.find_first
> assert_not_nil @request.session[:user]
> @request.session[:user].logged_in_at = Time.now
> @request.session[:user].save
> end
>
> Then in my tests, each method protected by login calls get_logged_in.
> Questions: 1) Is this flawed? 2) Is there a better way to handle this?
>
> Thanks
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
>