Forum: RSpec restful_authentication's "permission_denied" and rspec

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ramon T. (Guest)
on 2008-11-22 08:52
(Received via mailing list)
Hi everyone,

WIth restful_authentication you get a method "permission_denied" that
you just slap onto the controller when you don't want a user to gain
access to something.  In this method Rails does a bunch of stuff then
basically tries to be smart and redirects the user somewhere else.

I want to test that this occurs given certain conditions but I don't
know how to "should_receive" this or something.

This definitely doesn't work but it should explain what I'm trying to
do:
controller.should_receive(:permission_denied)

How would I go about this?

Thank you,
Ramon T.
Nick H. (Guest)
on 2008-11-24 17:43
(Received via mailing list)
On 2008-11-21, at 09:20, Ramon T. wrote:
> This definitely doesn't work but it should explain what I'm trying
> to do:
> controller.should_receive(:permission_denied)
>
> How would I go about this?
>
> Thank you,
> Ramon T.

Hi Ramon. I use Authlogic rather than restful-authentication, but the
premise should be the same. When I was writing my various controller
authorisation specs, rather than writing specs for details such as
"was #deny_access called?" or "was #admin_must_be_logged_in called?",
I focussed on speccing behaviour.

For example, for the scenario that a logged-in user tries to access
UsersController#destroy , I check that a flash message is set, and
that they're redirected to their account page:
   http://pastie.org/pastes/321458

Now, that's not to say that method is the best way of speccing this.
I'm sure others can chime in here.

Cheers,
Nick
David C. (Guest)
on 2008-11-24 17:43
(Received via mailing list)
On Fri, Nov 21, 2008 at 8:20 AM, Ramon T. <removed_email_address@domain.invalid>
wrote:
> This definitely doesn't work but it should explain what I'm trying to do:
> controller.should_receive(:permission_denied)

Please post code (the spec and controller code - AND the error
message) when you ask questions like this because it's very difficult
to help you with the little bit of information you've provided.

Without seeing any code, if the method is on the controller, then you
should be able to say controller.should_receive(:permission_denied).
This topic is locked and can not be replied to.