Skip to content

Instantly share code, notes, and snippets.

@ajsharp

ajsharp/gist:308476

Created February 19, 2010 05:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ajsharp/308476 to your computer and use it in GitHub Desktop.
Save ajsharp/308476 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.rb
# The faster suite
describe UsersController, "POST #create" do
context "user is successfully created" do
before :each do
user = mock_model User, :deliver_activation_instructions! => true
User.should_receive(:new).and_return(user)
user.should_receive(:signup!).and_return(true)
post :create, :user => { :email => "new@new.com" }
end
it { should respond_with :redirect }
it { should redirect_to root_url }
end
context "error creating user" do
before :each do
@user = Factory.build :user
User.should_receive(:new).and_return(@user)
@user.should_receive(:save).and_return(false)
post :create, :user => { :email => "new@new.com" }
end
it { should_not respond_with :redirect }
it { should render_template 'new' }
it { should render_with_layout 'no_sidebar' }
end
end
describe UsersController, "GET #new" do
before :each do
User.should_receive(:new).and_return(mock_model User)
get :new
end
it { should respond_with :success }
it { should render_template 'new' }
it { should assign_to :user }
it { should render_with_layout 'no_sidebar' }
it { should route(:get, '/users/new').to(:controller => 'users', :action => 'new') }
end
describe UsersController do
describe "When showing a profile" do
before(:each) do
@user = Factory.create(:active_user)
get :show, :id => @user.id
end
it "should render the show template" do
response.should render_template("show")
end
end
describe "when not logged in" do
it "should not display the edit page" do
@user = Factory.create(:active_user)
get :edit, :id => @user.id
response.should_not render_template(:edit)
end
end
describe "when logged in as a user" do
before(:each) do
activate_authlogic
@user = Factory.create(:active_user)
UserSession.create @user
end
describe "GET edit /users/1" do
before :each do
User.should_receive(:find).and_return(@user)
get :edit, :id => @user.id
end
it { should render_template :edit }
end
describe "when editing an existing account" do
it "should not display the edit page for a different account" do
another_user = Factory.create(:active_user, :email => "foo@example.com")
get :edit, :id => another_user.id
response.should redirect_to(dashboard_path)
end
end
describe "PUT update /users/1" do
before :each do
User.should_receive(:find).and_return(@user)
end
context "a successful update" do
before :each do
@user.should_receive(:update_attributes).and_return(true)
put :update, :id => @user.id, :user => { :login => "new_login" }
end
it { should redirect_to dashboard_url }
end
context "an unsuccessful update" do
before :each do
@user.should_receive(:update_attributes).and_return(false)
put :update, :id => @user.id, :user => { :login => "new_login" }
end
it { should render_template :edit }
end
end
end
end
describe UsersController, "GET #index" do
context "successful" do
before :each do
login_as Factory(:admin)
get :index
end
it { should respond_with :success }
it { should assign_to :users }
it { should render_template :index }
end
context "access control" do
it "should require the user to be an admin" do
login_as Factory(:admin)
get :index
response.should be_success
end
it "should deny access to non-logged in users" do
get :index
response.should redirect_to(root_url)
end
it "should deny access to logged in non-admins" do
login_as Factory(:active_user)
get :index
response.should redirect_to(root_url)
end
end
end
describe UsersController, "DELETE #destroy" do
def do_delete(opts = {})
opts[:id] ||= 'STUB'
delete :destroy, :id => opts[:id]
end
it "should require login" do
do_delete
should redirect_to login_url
end
describe "an admin destroying a user" do
before :each do
@user = Factory :active_user, :id => 1
@admin = Factory :admin, :id => 2
login_as @admin
# dont change the ordering of these stubs!
User.should_receive(:find).with('1').once.and_return(@user)
User.should_receive(:find).with(:first, {:conditions=>{:id=>2}}).once.and_return(@admin)
end
it "should destroy the user" do
@user.should_receive(:destroy)
do_delete(:id => @user.id)
end
it "should not destroy the admin" do
@admin.should_not_receive(:destroy)
do_delete(:id => @user.id)
end
it "should redirect to the users index page" do
do_delete(:id => @user.id)
should redirect_to users_url
end
it "should not log the user out" do
controller.send(:current_user_session).should_not_receive(:destroy)
do_delete :id => @user.id
end
it "should display a flash message" do
do_delete :id => @user.id
should set_the_flash.to("User was successfully deleted.")
end
end
describe "a user attempting to delete himself" do
before :each do
@user = Factory :active_user, :id => 1
login_as @user
User.should_receive(:find).twice.and_return(@user)
end
it "should destroy the user" do
@user.should_receive(:destroy)
do_delete(:id => @user.id)
end
it "should log the user out" do
controller.send(:current_user_session).should_receive(:destroy)
do_delete :id => @user.id
end
it "should redirect to the homepage" do
do_delete :id => @user.id
should redirect_to root_url
end
it "should display a flash message" do
do_delete :id => @user.id
should set_the_flash.to("Your account has been deleted.")
end
end
describe "a user attempting to destroy someone else" do
it "should not destroy the user"
it "should place the attempting user in a restricted state"
it "should display a flash message explaining account suspension"
it "should log the user out"
it "should redirect the user to the home page"
end
end
Raw
gistfile2.rb
# The slow suite
describe UsersController, "#index" do
context "a practice admin" do
before :each do
stub_request_before_filters Factory(:practice_admin), :practice => true
get :index
end
it { should respond_with :success }
it { should route(:get, 'users').to(:controller => 'users', :action => 'index') }
it { should authorize_access }
end
it "should redirect to practice select page when no current practice" do
stub_request_before_filters Factory(:active_user), :practice => false
get :index
response.should require_practice
end
end
describe UsersController, "#create" do
it "should redirect to practice select page when no current practice" do
stub_request_before_filters Factory(:active_user), :practice => false
post :create
response.should require_practice
end
it "should redirect user to login when not logged in" do
post :create
response.should require_login
end
it "should not allow a non-logged in user to create a new user" do
UserSession.find.should be_nil
lambda {
post :create
}.should_not change(User, :count)
end
context "when a practice admin is logged in with a current practice" do
before(:all) { @user = Factory(:practice_admin) }
after(:all) { @user.destroy }
before :each do
stub_request_before_filters @user, :practice => true
User.should_receive(:new).at_least(1).
and_return(mock_model(User, :save => true, :practice= => @user.practice))
post :create
end
it { should respond_with :redirect }
it { should redirect_to users_url }
it { should route(:post, "/users").to(:controller => "users", :action => "create") }
end
context "when a clinic admin is logged in with a current practice" do
before(:all) { @user = Factory(:clinic_admin) }
after(:all) { @user.destroy }
before :each do
stub_request_before_filters @user, :practice => true
@new_user = mock_model(User, :save => true, :practice= => @user.practice)
User.should_receive(:new).at_least(1).and_return(@new_user)
@new_user.should_receive(:save).and_return(true)
post :create, :user => @params
end
it { should redirect_to users_url }
it { should authorize_access }
end
context "when the user enters some bad data" do
before(:all) { @user = Factory(:practice_admin) }
after(:all) { @user.destroy }
before :each do
stub_request_before_filters @user, :practice => true
User.should_receive(:new).at_least(1).
and_return(mock_model(User, :save => false, :practice= => @user.practice))
post :create
end
it { should render_template "new" }
it { should assign_to :user }
end
end
describe UsersController, "#new" do
it "should require login" do
get :new
response.should require_login
end
it "should require a practice" do
stub_request_before_filters Factory(:active_user), :practice => false
get :new
response.should require_practice
end
context "user is logged in with a current_practice" do
before(:all) { @user = Factory(:practice_admin) }
after(:all) { @user.destroy }
before :each do
stub_request_before_filters @user, :practice => true
get :new
end
it { should respond_with :success }
it { should assign_to :user }
it { should route(:get, "/users/new").to(:controller => "users", :action => "new") }
end
end
describe UsersController, :edit do
def do_request_as(user_factory)
user = stub_request_before_filters Factory(user_factory), :practice => true
get :edit, :id => user.id
end
context "logged in with a practice" do
before(:all) { @user = Factory(:practice_admin) }
after(:all) { @user.destroy }
before :each do
stub_request_before_filters @user, :practice => true
User.stub!(:find).and_return(@user)
get :edit
end
it { should render_template '/users/edit' }
it { should respond_with :success }
it { should route(:get, '/users/1/edit').
to(:controller => 'users', :action => 'edit', :id => '1') }
end
it "should authorize access to clinic admins" do
do_request_as :clinic_admin
response.should authorize_access
end
it "should authorize access to practice admins" do
do_request_as :practice_admin
response.should authorize_access
end
context "logged in as a regular user" do
before :each do
@user = stub_request_before_filters Factory(:active_user), :practice => true
@user2 = Factory(:active_user, :id => (@user.id + 1))#, :practice => true, :id => (@user.id + 1)
end
it "should not allow non-admins to edit other people's data" do
get :edit, :id => @user2.id
response.should_not authorize_access
end
it "should allow non-admins to edit their own data" do
get :edit, :id => @user.id
response.should_not authorize_access
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment