Back story: I'm developing a new Rails site for the local Ruby user group. I'm using Devise to provide authentication for separate user and admin classes.
Current task: I'm working on the create/new function for the sponsor class. Sponsors are an independent class and are not tied to users, admins, or other classes. However, only admins should be allowed to create sponsors. The problem: In my sponsor controller tests, I'm unable to prevent users and unauthenticated visitors from creating new sponsors without also preventing admins from doing so. Troubleshooting with the puts command reveals that the admin_signed_in? value is false EVEN AFTER loggin in. The source code of this app is at https://github.com/jhsu802701/ruby_mn_site/tree/sponsors_create_controller . Excerpt from test/controllers/sponsors_controller_test.rb: test 'superadmin can create a new sponsor' do login_as @a1 assert_difference 'Sponsor.count', 1 do add_past end assert_difference 'Sponsor.count', 1 do add_current end logout :admin end test 'regular admin can create a new sponsor' do login_as @a3 assert_difference 'Sponsor.count', 1 do add_past end assert_difference 'Sponsor.count', 1 do add_current end logout :admin end test 'user cannot create a new sponsor' do login_as @u1 assert_no_difference 'Sponsor.count' do add_past end assert_no_difference 'Sponsor.count' do add_current end logout :user end test 'an unregistered visitor cannot create a new sponsor' do assert_no_difference 'Sponsor.count' do add_past end assert_no_difference 'Sponsor.count' do add_current end end app/controllers/sponsors_controller.rb # class SponsorsController < ApplicationController before_filter :admin_signed_in?, except: [:index, :show] def index @sponsors_current = Sponsor.where('current=?', true) @sponsors_past = Sponsor.where('current!=?', true) end def show @sponsor = Sponsor.find(params[:id]) end def new @sponsor = Sponsor.new end def create puts admin_signed_in? if admin_signed_in? @sponsor = Sponsor.new(sponsor_params) if @sponsor.save flash[:info] = "Sponsor added." redirect_to sponsors_path else render 'new' end else redirect_to root_path end end private def sponsor_params params.require(:sponsor).permit(:name, :phone, :description, :contact_email, :contact_url, :current) end end -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/d4243b93-82b0-490c-941d-a07dcf0d137c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
