On 11 December 2015 at 17:54, Jason Hsu, Ruby on High Speed Rails
<[email protected]> wrote:
> Back story:
> I'm developing a new Rails site for the local Ruby user group.  I'm using
> Devise to provide authentication for separate user and admin classes.
>
> Current task:
> I'm working on the create/new function for the sponsor class.  Sponsors are
> an independent class and are not tied to users, admins, or other classes.
> However, only admins should be allowed to create sponsors.
>
> The problem:
> In my sponsor controller tests, I'm unable to prevent users and
> unauthenticated visitors from creating new sponsors without also preventing
> admins from doing so.  Troubleshooting with the puts command reveals that
> the admin_signed_in? value is false EVEN AFTER loggin in.

You do not appear to have shown us the admin_signed_in? method.

Colin

>
> The source code of this app is at
> https://github.com/jhsu802701/ruby_mn_site/tree/sponsors_create_controller .
>
> Excerpt from test/controllers/sponsors_controller_test.rb:
>
>   test 'superadmin can create a new sponsor' do
>     login_as @a1
>
>     assert_difference 'Sponsor.count', 1 do
>       add_past
>     end
>
>     assert_difference 'Sponsor.count', 1 do
>       add_current
>     end
>
>     logout :admin
>   end
>
>   test 'regular admin can create a new sponsor' do
>     login_as @a3
>
>     assert_difference 'Sponsor.count', 1 do
>       add_past
>     end
>
>     assert_difference 'Sponsor.count', 1 do
>       add_current
>     end
>
>     logout :admin
>   end
>
>   test 'user cannot create a new sponsor' do
>     login_as @u1
>
>     assert_no_difference 'Sponsor.count' do
>       add_past
>     end
>
>     assert_no_difference 'Sponsor.count' do
>       add_current
>     end
>
>     logout :user
>   end
>
>   test 'an unregistered visitor cannot create a new sponsor' do
>     assert_no_difference 'Sponsor.count' do
>       add_past
>     end
>
>     assert_no_difference 'Sponsor.count' do
>       add_current
>     end
>   end
>
>
> app/controllers/sponsors_controller.rb
>
> #
> class SponsorsController < ApplicationController
>   before_filter :admin_signed_in?, except: [:index, :show]
>
>   def index
>     @sponsors_current = Sponsor.where('current=?', true)
>     @sponsors_past = Sponsor.where('current!=?', true)
>   end
>
>   def show
>     @sponsor = Sponsor.find(params[:id])
>   end
>
>   def new
>     @sponsor = Sponsor.new
>   end
>
>   def create
>     puts admin_signed_in?
>     if admin_signed_in?
>       @sponsor = Sponsor.new(sponsor_params)
>       if @sponsor.save
>         flash[:info] = "Sponsor added."
>         redirect_to sponsors_path
>       else
>         render 'new'
>       end
>     else
>       redirect_to root_path
>     end
>   end
>
>   private
>     def sponsor_params
>       params.require(:sponsor).permit(:name, :phone, :description,
>                                       :contact_email, :contact_url,
>                                       :current)
>     end
> end
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/rubyonrails-talk/d4243b93-82b0-490c-941d-a07dcf0d137c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/rubyonrails-talk/CAL%3D0gLvqh7BvW5yU%2BLkhufzEVohcis13MsxF0e%2B5nydB4umQew%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to