On Feb 11, 10:40 pm, msaspence <[email protected]> wrote: > I'm want to restrict access to an object show action to the owner > > in my action I have this > > def show > @thing = Thing.find(params[:id]) > if current_user && @thing.owner == current_user > respond_to do |format| > format.json { render :json => @thing } > end > else > render :status => :forbidden, :text => "API requires > authentication for the minute." > end > end > > Which works in the browser, however when running functional tests even > though @thing.owner is the same user as current_user it is not the > same object so the comparison fails as I see it I have a few options > but wanted to try and gauge what people feel is the best way > > 1) adjust the test setup so the logged in user is the same object and > the comparison returns true (I have no idea how I would go about doing > this) > > 2) just do current_user.id == @thing.owner.id, this seems like the > most obvious and easiest but somehow less elegant
That is what == on two active record objects do (plus a little bit of subtlety around new, unsaved objects). How are you setting up the test? Fred > > 3) write my own comparison method on my user class, either: > > def is_equal_to user(user) > return user.id == self.id > end > > or: > > def is_current_user > return current_user.id == self.id > end > > 4) something else I haven't thought about -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
