I use authorizer classes in my app that I learned about from a blog post by @sethvargo.
This is a custom rspec matcher for Authorizer classes gleaned from this post by @thunderboltlabs that allows you to use permit
in your Rspec tests.
Save the gist below to `` and add the following line to your spec_helper.rb
file (if you haven't already).
Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
Then you can use it in tests like this:
describe CustomerStaffAuthorizer do
subject(:authorizer) { CustomerStaffAuthorizer.new(user, staff) }
let(:customer) { create :customer }
let(:competitor) { create :customer }
context "as a competitor" do
let(:staff) { customer.staff.first }
let(:user) { competitor.staff.first }
it "should not permit reset password" do
expect(authorizer).to_not permit(:reset_password)
end
end
end
Easy! And clear!
- Authorizers, Extractors, and Policy objects by @sethvargo
- TESTING PUNDIT POLICIES WITH RSPEC by @thunderboltlabs