Skip to content

Instantly share code, notes, and snippets.

@moustafasamir

moustafasamir/Rspec_controller_authorization.rb

Last active February 14, 2016 08:50
Show Gist options
  • Save moustafasamir/00be43c960dfa70a3faa to your computer and use it in GitHub Desktop.
Save moustafasamir/00be43c960dfa70a3faa to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Rspec_controller_authorization.rb
# I think authorization needs to be done mainly for **controllers** to make sure your authorization is working correctly with your controllers. So to make it **DRY** you can implement your own `matcher` to be used like this
let!(:user) {create :user}
before { login_user_request user}
it "grants admin access to show action" do
expect{ get :show, {id: user.id} }.to be_authorized
end
it "denies user access to edit action" do
expect{ get :edit, {id: user.id} }.to be_un_authorized
end
# and then implement these matchers with your own way to test how a request will be authorized or not
RSpec::Matchers.define :be_authorized do
match do |block|
block.call
expect(response).to be_success
end
def supports_block_expectations?
true
end
end
RSpec::Matchers.define :be_un_authorized do
match do |block|
expect{
block.call
}.to raise_error(Pundit::NotAuthorizedError)
end
def supports_block_expectations?
true
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment