On 11 December 2015 at 17:54, Jason Hsu, Ruby on High Speed Rails <[email protected]> wrote: > Back story: > I'm developing a new Rails site for the local Ruby user group. I'm using > Devise to provide authentication for separate user and admin classes. > > Current task: > I'm working on the create/new function for the sponsor class. Sponsors are > an independent class and are not tied to users, admins, or other classes. > However, only admins should be allowed to create sponsors. > > The problem: > In my sponsor controller tests, I'm unable to prevent users and > unauthenticated visitors from creating new sponsors without also preventing > admins from doing so. Troubleshooting with the puts command reveals that > the admin_signed_in? value is false EVEN AFTER loggin in.
You do not appear to have shown us the admin_signed_in? method. Colin > > The source code of this app is at > https://github.com/jhsu802701/ruby_mn_site/tree/sponsors_create_controller . > > Excerpt from test/controllers/sponsors_controller_test.rb: > > test 'superadmin can create a new sponsor' do > login_as @a1 > > assert_difference 'Sponsor.count', 1 do > add_past > end > > assert_difference 'Sponsor.count', 1 do > add_current > end > > logout :admin > end > > test 'regular admin can create a new sponsor' do > login_as @a3 > > assert_difference 'Sponsor.count', 1 do > add_past > end > > assert_difference 'Sponsor.count', 1 do > add_current > end > > logout :admin > end > > test 'user cannot create a new sponsor' do > login_as @u1 > > assert_no_difference 'Sponsor.count' do > add_past > end > > assert_no_difference 'Sponsor.count' do > add_current > end > > logout :user > end > > test 'an unregistered visitor cannot create a new sponsor' do > assert_no_difference 'Sponsor.count' do > add_past > end > > assert_no_difference 'Sponsor.count' do > add_current > end > end > > > app/controllers/sponsors_controller.rb > > # > class SponsorsController < ApplicationController > before_filter :admin_signed_in?, except: [:index, :show] > > def index > @sponsors_current = Sponsor.where('current=?', true) > @sponsors_past = Sponsor.where('current!=?', true) > end > > def show > @sponsor = Sponsor.find(params[:id]) > end > > def new > @sponsor = Sponsor.new > end > > def create > puts admin_signed_in? > if admin_signed_in? > @sponsor = Sponsor.new(sponsor_params) > if @sponsor.save > flash[:info] = "Sponsor added." > redirect_to sponsors_path > else > render 'new' > end > else > redirect_to root_path > end > end > > private > def sponsor_params > params.require(:sponsor).permit(:name, :phone, :description, > :contact_email, :contact_url, > :current) > end > end > > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/d4243b93-82b0-490c-941d-a07dcf0d137c%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAL%3D0gLvqh7BvW5yU%2BLkhufzEVohcis13MsxF0e%2B5nydB4umQew%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
