Forum: RSpec Specs for authorisation

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Nick H. (Guest)
on 2008-11-10 23:46
(Received via mailing list)
I'm writing specs to check that certain user types are authorised to
access certain controller actions. In addition to writing specs for
authorised user types and for users who aren't logged-in, I feel that
I should write specs for all of the other user types. However, the
number of examples that must be written quickly soars as the number of
user types and controller actions increase.

Other than writing methods and/or shared examples to mock and stub
logging different types of users in, what can be done to reduce the
size of the spec files...or should I not care about that?

Thanks,
Nick
Pat M. (Guest)
on 2008-11-11 07:54
(Received via mailing list)
Nick H. <removed_email_address@domain.invalid> writes:

> I'm writing specs to check that certain user types are authorised to
> access certain controller actions. In addition to writing specs for
> authorised user types and for users who aren't logged-in, I feel that
> I should write specs for all of the other user types. However, the
> number of examples that must be written quickly soars as the number of
> user types and controller actions increase.
>
> Other than writing methods and/or shared examples to mock and stub
> logging different types of users in, what can be done to reduce the
> size of the spec files...or should I not care about that?

Please take a look at
http://rubyforge.org/pipermail/rspec-users/2008-No... I
think it'll help out.

Once you express the authorization rules in domain terms on the
controller side and implement them in the model, you will end up with
one or two examples for the controller, and several for the model.  The
model specs are much tighter in focus, so if you extract any shared
behaviors from them then you will have extracted the essence of the
specs, rather than covering up a code smell as you would were you to
abtract it at the controller level.

Pat
Nick H. (Guest)
on 2008-11-11 16:36
(Received via mailing list)
On 2008-11-11, at 00:53, Pat M. wrote:
>> logging different types of users in, what can be done to reduce the
> model specs are much tighter in focus, so if you extract any shared
> behaviors from them then you will have extracted the essence of the
> specs, rather than covering up a code smell as you would were you to
> abtract it at the controller level.
>
> Pat

Wow, that's embarassing on my part  =P  I remember enjoying that
thread as it was being discussed, and that was only a couple of days
ago! Apologies for the duplication, guys!

Pat, thanks for pointing me to it again. Much appreciated.
-Nick
This topic is locked and can not be replied to.