Hi -- I'm writing an app that both requires authentication via a logon, and
also has roles-based permissions (using acl_system2), and was wondering
where to verify that both are happening.
I've started out putting them in a special cucumber feature for
authentication & permissions, but this is becoming a real drag, as I'm
writing a scenario for each case (anonymous, lacking permissions, permitted)
by each controller action.
Can anyone advise me on a better way to organise this?
Would it be possible to write a security feature for each controller, with
scenarios for each action? Maybe like this:
Scenario: Different users trying the index
Given user is not logged in
When I go to the controller-a index
Then I should see "Access Denied"
Given basic user is logged in
When I go to the controller-a index
Then I should see "Insufficient Permissions"
Given super user is logged in
When I go to the controller-a index
Then I should see "Welcome, my lord"
Any advice is very appreciated -- as you can probably tell, this is getting
messy!
Cheers,
Doug.
_______________________________________________
rspec-users mailing list
rspec-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/rspec-users
