Hello,
I’m specing a controller, but having trouble getting my head around
what I’ve created.
I’m specing a products controller for an admin user. Two before
filters check the user is logged in and authorized.
A logged-in user only has admin privileges within her own subdomain.
So, sarah, when logged in
can only administer products at sarah.mysite.com/admin/products.
Since there are two account types that require authentication
(supplier and customer),
the user model is polymorphic:
class User
belongs_to :allowable, :polymorphic => true
…
end
class Supplier
has_many :users, :as => :allowable
end
class Customer
has_one :user, :as => :allowable
end
A supplier has their own subdmain (sarah.mysite.com) and a customer
has a profile page at mysite.com/people/joe.
When sarah is logged-in, I check she has permission to edit content at
sarah.mysite.com with:
def authorized_resource?(resource)
current_user.allowable == resource
end
‘resource’ being a supplier or customer object.
My mind is failing me trying to describe Admin::ProductsController:
http://pastie.org/316414
Both examples pass, but I’m not sure I understand exactly what I’m
doing. In particular, can I make:
it “should send unauthorized user to home page” do
controller.should_receive(:authorized_resource?).and_return false
do_get
response.should redirect_to(home_path)
end
pass without stubbing the false return. How can I set up the mock
instances, so that the controller method
‘authorized_resource?’ actually returns a false method. Any guidance
would be much appreciated.
many thanks
Omar