Forum: RSpec restful_authentication's "permission_denied" and rspec

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Fbd9cb107fe7c941333d6a3488691989?d=identicon&s=25 Ramon Tayag (ramontayag)
on 2008-11-22 07:52
(Received via mailing list)
Hi everyone,

WIth restful_authentication you get a method "permission_denied" that
you just slap onto the controller when you don't want a user to gain
access to something.  In this method Rails does a bunch of stuff then
basically tries to be smart and redirects the user somewhere else.

I want to test that this occurs given certain conditions but I don't
know how to "should_receive" this or something.

This definitely doesn't work but it should explain what I'm trying to
do:
controller.should_receive(:permission_denied)

How would I go about this?

Thank you,
Ramon Tayag
49de4cd2f26705785cbef2b15a9df7aa?d=identicon&s=25 Nick Hoffman (nickh)
on 2008-11-24 16:43
(Received via mailing list)
On 2008-11-21, at 09:20, Ramon Tayag wrote:
> This definitely doesn't work but it should explain what I'm trying
> to do:
> controller.should_receive(:permission_denied)
>
> How would I go about this?
>
> Thank you,
> Ramon Tayag

Hi Ramon. I use Authlogic rather than restful-authentication, but the
premise should be the same. When I was writing my various controller
authorisation specs, rather than writing specs for details such as
"was #deny_access called?" or "was #admin_must_be_logged_in called?",
I focussed on speccing behaviour.

For example, for the scenario that a logged-in user tries to access
UsersController#destroy , I check that a flash message is set, and
that they're redirected to their account page:
   http://pastie.org/pastes/321458

Now, that's not to say that method is the best way of speccing this.
I'm sure others can chime in here.

Cheers,
Nick
5d38ab152e1e3e219512a9859fcd93af?d=identicon&s=25 David Chelimsky (Guest)
on 2008-11-24 16:43
(Received via mailing list)
On Fri, Nov 21, 2008 at 8:20 AM, Ramon Tayag <ramon.tayag@gmail.com>
wrote:
> This definitely doesn't work but it should explain what I'm trying to do:
> controller.should_receive(:permission_denied)

Please post code (the spec and controller code - AND the error
message) when you ask questions like this because it's very difficult
to help you with the little bit of information you've provided.

Without seeing any code, if the method is on the controller, then you
should be able to say controller.should_receive(:permission_denied).
This topic is locked and can not be replied to.