I’m specing a controller, but having trouble getting my head around
what I’ve created.
I’m specing a products controller for an admin user. Two before
filters check the user is logged in and authorized.
A logged-in user only has admin privileges within her own subdomain.
So, sarah, when logged in
can only administer products at sarah.mysite.com/admin/products.
Since there are two account types that require authentication
(supplier and customer),
the user model is polymorphic:
belongs_to :allowable, :polymorphic => true
has_many :users, :as => :allowable
has_one :user, :as => :allowable
A supplier has their own subdmain (sarah.mysite.com) and a customer
has a profile page at mysite.com/people/joe.
When sarah is logged-in, I check she has permission to edit content at
current_user.allowable == resource
‘resource’ being a supplier or customer object.
My mind is failing me trying to describe Admin::ProductsController:
Both examples pass, but I’m not sure I understand exactly what I’m
doing. In particular, can I make:
it “should send unauthorized user to home page” do
pass without stubbing the false return. How can I set up the mock
instances, so that the controller method
‘authorized_resource?’ actually returns a false method. Any guidance
would be much appreciated.