On Feb 12, 9:21 am, Frederick Cheung <[email protected]> wrote: > On Feb 11, 10:40 pm, msaspence <[email protected]> wrote: > > > > > > > > > > > I'm want to restrict access to an object show action to the owner > > > in my action I have this > > > def show > > @thing = Thing.find(params[:id]) > > if current_user && @thing.owner == current_user > > respond_to do |format| > > format.json { render :json => @thing } > > end > > else > > render :status => :forbidden, :text => "API requires > > authentication for the minute." > > end > > end > > > Which works in the browser, however when running functional tests even > > though @thing.owner is the same user as current_user it is not the > > same object so the comparison fails as I see it I have a few options > > but wanted to try and gauge what people feel is the best way > > > 1) adjust the test setup so the logged in user is the same object and > > the comparison returns true (I have no idea how I would go about doing > > this) > > > 2) just do current_user.id == @thing.owner.id, this seems like the > > most obvious and easiest but somehow less elegant > > That is what == on two active record objects do (plus a little bit of > subtlety around new, unsaved objects). > How are you setting up the test? > > Fred
I'm using the Authlogic so have followed the instructions here http://rdoc.info/github/binarylogic/authlogic/master/Authlogic/TestCase Matt > > > > > > > > > > > 3) write my own comparison method on my user class, either: > > > def is_equal_to user(user) > > return user.id == self.id > > end > > > or: > > > def is_current_user > > return current_user.id == self.id > > end > > > 4) something else I haven't thought about -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
