Ramon Tayag
2008-Nov-21 14:20 UTC
[rspec-users] restful_authentication''s "permission_denied" and rspec
Hi everyone, WIth restful_authentication you get a method "permission_denied" that you just slap onto the controller when you don''t want a user to gain access to something. In this method Rails does a bunch of stuff then basically tries to be smart and redirects the user somewhere else. I want to test that this occurs given certain conditions but I don''t know how to "should_receive" this or something. This definitely doesn''t work but it should explain what I''m trying to do: controller.should_receive(:permission_denied) How would I go about this? Thank you, Ramon Tayag
Nick Hoffman
2008-Nov-22 18:38 UTC
[rspec-users] restful_authentication''s "permission_denied" and rspec
On 2008-11-21, at 09:20, Ramon Tayag wrote:> Hi everyone, > > WIth restful_authentication you get a method "permission_denied" that > you just slap onto the controller when you don''t want a user to gain > access to something. In this method Rails does a bunch of stuff then > basically tries to be smart and redirects the user somewhere else. > > I want to test that this occurs given certain conditions but I don''t > know how to "should_receive" this or something. > > This definitely doesn''t work but it should explain what I''m trying > to do: > controller.should_receive(:permission_denied) > > How would I go about this? > > Thank you, > Ramon TayagHi Ramon. I use Authlogic rather than restful-authentication, but the premise should be the same. When I was writing my various controller authorisation specs, rather than writing specs for details such as "was #deny_access called?" or "was #admin_must_be_logged_in called?", I focussed on speccing behaviour. For example, for the scenario that a logged-in user tries to access UsersController#destroy , I check that a flash message is set, and that they''re redirected to their account page: http://pastie.org/pastes/321458 Now, that''s not to say that method is the best way of speccing this. I''m sure others can chime in here. Cheers, Nick
David Chelimsky
2008-Nov-23 11:25 UTC
[rspec-users] restful_authentication''s "permission_denied" and rspec
On Fri, Nov 21, 2008 at 8:20 AM, Ramon Tayag <ramon.tayag at gmail.com> wrote:> Hi everyone, > > WIth restful_authentication you get a method "permission_denied" that > you just slap onto the controller when you don''t want a user to gain > access to something. In this method Rails does a bunch of stuff then > basically tries to be smart and redirects the user somewhere else. > > I want to test that this occurs given certain conditions but I don''t > know how to "should_receive" this or something. > > This definitely doesn''t work but it should explain what I''m trying to do: > controller.should_receive(:permission_denied)Please post code (the spec and controller code - AND the error message) when you ask questions like this because it''s very difficult to help you with the little bit of information you''ve provided. Without seeing any code, if the method is on the controller, then you should be able to say controller.should_receive(:permission_denied).> > How would I go about this? > > Thank you, > Ramon Tayag > _______________________________________________ > rspec-users mailing list > rspec-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/rspec-users >