class Ability | |
include CanCan::Ability | |
def initialize(user) | |
# Define abilities for the passed in user here. For example: | |
user ||= User.new # guest user (not logged in) | |
if user.any_role? :super_admin | |
can :manage, :all | |
end | |
if user.any_role? :admin | |
can :manage, [User, Institution, Project, Order] | |
end | |
if user.any_role? :user | |
can :show, Project | |
can [:add, :change], :cart | |
can [:create, :show], Order, :user_id => user.id | |
can :download, UrlConnector | |
end | |
end | |
end |
module ControllerHelper | |
def should_authorize(action, subject) | |
controller.should_receive(:authorize!).with(action, subject).and_return('passed!') | |
end | |
end |
1) UsersController if the user passes all the authorizations GET #new assigns a new User to @user | |
Failure/Error: get :new | |
Mock "User_1001" received unexpected message :any_role? with (:super_admin) | |
# ./app/models/ability.rb:8:in `initialize' | |
# ./spec/controllers/users_controller_spec.rb:48:in `block (4 levels) in <top (required)>' |
# This file is copied to spec/ when you run 'rails generate rspec:install' | |
ENV["RAILS_ENV"] ||= 'test' | |
require File.expand_path("../../config/environment", __FILE__) | |
require 'rspec/rails' | |
require 'rspec/autorun' | |
# Requires supporting ruby files with custom matchers and macros, etc, | |
# in spec/support/ and its subdirectories. | |
Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f} | |
RSpec.configure do |config| | |
# ## Mock Framework | |
# | |
# If you prefer to use mocha, flexmock or RR, uncomment the appropriate line: | |
# | |
# config.mock_with :mocha | |
# config.mock_with :flexmock | |
# config.mock_with :rr | |
# Remove this line if you're not using ActiveRecord or ActiveRecord fixtures | |
config.fixture_path = "#{::Rails.root}/spec/fixtures" | |
# If you're not using ActiveRecord, or you'd prefer not to run each of your | |
# examples within a transaction, remove the following line or assign false | |
# instead of true. | |
config.use_transactional_fixtures = true | |
# If true, the base class of anonymous controllers will be inferred | |
# automatically. This will be the default behavior in future versions of | |
# rspec-rails. | |
config.infer_base_class_for_anonymous_controllers = false | |
# Run specs in random order to surface order dependencies. If you find an | |
# order dependency and want to debug it, you can fix the order by providing | |
# the seed, which is printed after each run. | |
# --seed 1234 | |
config.order = "random" | |
# Add Devise Test Helpers | |
config.include Devise::TestHelpers, :type => :controller | |
config.extend ControllerMacros, :type => :controller | |
# Add ControllerHelper | |
config.include ControllerHelper, :type => :controller | |
end |
class UsersController < ApplicationController | |
load_and_authorize_resource | |
def show | |
@user = User.find(params[:id]) | |
respond_to do |format| | |
format.html # show.html.erb | |
format.json { render json: @user } | |
end | |
end | |
# GET /admin/users/new | |
# GET /admin/users/new.json | |
def new | |
@user = User.new | |
@roles = Role.all | |
respond_to do |format| | |
format.html # new.html.erb | |
format.json { render json: @user } | |
end | |
end | |
end |
describe "GET #show" do | |
before(:each) do | |
@user = mock_model(User) | |
should_authorize(:show, @user) | |
User.stub!(:find).with("1").and_return(@user) | |
end | |
it "assigns the requested user to @user" do | |
User.should_receive(:find).with("1").and_return(@user) | |
get :show, id: "1" | |
end | |
it "renders the :show template" do | |
get :show, id: "1" | |
response.should render_template :show | |
end | |
end | |
describe "GET #new" do | |
before do | |
@user = mock_model(User) | |
User.stub!(:new).and_return(@user) | |
should_authorize(:new, User) | |
end | |
it "assigns a new User to @user" do | |
User.should_receive(:new).and_return(@user) | |
get :new | |
#@user.should be_an_instance_of User | |
end | |
it "populates an array of roles in @roles" | |
it "renders the :new template" | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment