Chris Flipse wrote:
I have a bit of a question on how people are organizing their controller specs, once you take user roles into account. I'm not entirely sure that I've found a way to do it that feels "natural" to me.
<snip />
This is the direction that the flow of the language seems right to me, when it's dumped in the specdocs -- "PostsController, as a normal user POST create is forbidden", but from another standpoint, it breaks up the specification of a single method into a couple of different locations in the file, and may require duplicating quite a bit of setup. How does everyone else deal with this?
I tend to organize these specs by permissions, not roles. Instead of checking what a normal user can do or an editor can do, I simply assume that everyone can create a post (no spec required) except those who should not be permitted, for which I write a spec. All my authorization specs are of the form "<role> is not permitted to do <action>" and I organize them by action.
-- J. B. Rainsberger :: http://www.jbrains.ca :: http://www.thecodewhisperer.com _______________________________________________ rspec-users mailing list [email protected] http://rubyforge.org/mailman/listinfo/rspec-users
