Dear all,
I am wondering how to properly mock/stub out the preliminary steps to
actions protected by restful_authentication and acl_system2 (role-based
authorization to execute actions). Here’s my setup:
class User < ActiveRecord::Base
has_and_belongs_to_many :roles
has_many :tasks
[snip]
end
class Task < ActiveRecord::Base
belongs_to :user
end
I also have a Role class that habtm :users
Now, for the controller that I need to spec:
class TasksController < ApplicationController
before_filter :login_required
access_control :DEFAULT => ‘operator’
def index
@tasks = current_user.tasks
end
end
Two interesting things happen here. First, access to the index action is
only granted after checking that the user is logged-in and that she is
an ‘operator’. Second, the tasks method is called on current_user, which
is available to all controllers that include AuthenticatedSystem.
I can easily write a few specs for this controller if I use a
fixture_scenario and login_as (see below). On the other hand, I am
trying to learn to abide to the “hey, dont touch that!” database thing.
As a novice, the task of setting up examples in which authentication &
authorization are satisfied, and where current_user still responds
properly appears daunting. But then again, I am a novice!
Thank you all in advance,
Giuseppe
###############
my current specs
###############
include AuthenticatedTestHelper
describe TasksController, “with a logged-in user having ‘operator’
privileges” do
scenario :users_and_roles
before(:each) do
login_as :giuseppe # based on the fixtures, giuseppe is now a
logged-in operator
end
describe “getting the index” do
before(:each) do
@tasks = mock_model(Task)
Task.stub!(:find).and_return([@tasks])
end
it "should render index" do
get :index
response.should render_template('index')
end
it "should assign to the @tasks instance variable" do
get :index
assigns[:tasks].should ==[@tasks]
end
end
end