On 2008-11-21, at 09:20, Ramon Tayag wrote:
Hi everyone,
WIth restful_authentication you get a method "permission_denied" that
you just slap onto the controller when you don't want a user to gain
access to something. In this method Rails does a bunch of stuff then
basically tries to be smart and redirects the user somewhere else.
I want to test that this occurs given certain conditions but I don't
know how to "should_receive" this or something.
This definitely doesn't work but it should explain what I'm trying
to do:
controller.should_receive(:permission_denied)
How would I go about this?
Thank you,
Ramon Tayag
Hi Ramon. I use Authlogic rather than restful-authentication, but the
premise should be the same. When I was writing my various controller
authorisation specs, rather than writing specs for details such as
"was #deny_access called?" or "was #admin_must_be_logged_in called?",
I focussed on speccing behaviour.
For example, for the scenario that a logged-in user tries to access
UsersController#destroy , I check that a flash message is set, and
that they're redirected to their account page:
http://pastie.org/pastes/321458
Now, that's not to say that method is the best way of speccing this.
I'm sure others can chime in here.
Cheers,
Nick
_______________________________________________
rspec-users mailing list
rspec-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/rspec-users
