Restful_authentication's "permission_denied" and rspec


#1

Hi everyone,

WIth restful_authentication you get a method “permission_denied” that
you just slap onto the controller when you don’t want a user to gain
access to something. In this method Rails does a bunch of stuff then
basically tries to be smart and redirects the user somewhere else.

I want to test that this occurs given certain conditions but I don’t
know how to “should_receive” this or something.

This definitely doesn’t work but it should explain what I’m trying to
do:
controller.should_receive(:permission_denied)

How would I go about this?

Thank you,
Ramon T.


#2

On 2008-11-21, at 09:20, Ramon T. wrote:

This definitely doesn’t work but it should explain what I’m trying
to do:
controller.should_receive(:permission_denied)

How would I go about this?

Thank you,
Ramon T.

Hi Ramon. I use Authlogic rather than restful-authentication, but the
premise should be the same. When I was writing my various controller
authorisation specs, rather than writing specs for details such as
“was #deny_access called?” or “was #admin_must_be_logged_in called?”,
I focussed on speccing behaviour.

For example, for the scenario that a logged-in user tries to access
UsersController#destroy , I check that a flash message is set, and
that they’re redirected to their account page:
http://pastie.org/pastes/321458

Now, that’s not to say that method is the best way of speccing this.
I’m sure others can chime in here.

Cheers,
Nick


#3

On Fri, Nov 21, 2008 at 8:20 AM, Ramon T. removed_email_address@domain.invalid
wrote:

This definitely doesn’t work but it should explain what I’m trying to do:
controller.should_receive(:permission_denied)

Please post code (the spec and controller code - AND the error
message) when you ask questions like this because it’s very difficult
to help you with the little bit of information you’ve provided.

Without seeing any code, if the method is on the controller, then you
should be able to say controller.should_receive(:permission_denied).