A spec for a filter

privacy_filter.rb

class PrivacyFilter
  def self.filter(controller)
    [:first_article?,
     :authenticate_administrator!,
     :authenticate_user!
    ].find do |m|
      controller.send(m)
    end
  end
end

privacy_filter_spec.rb

require "app/models/privacy_filter"

describe PrivacyFilter do

  let(:controller) do
    double(:first_article? => false,
           :authenticate_administrator! => false,
           :authenticate_user! => false)
  end

  it "allows access to the root article" do
    controller.should_receive(:first_article?).and_return(true)
    PrivacyFilter.filter(controller).should be_true
  end

  it "allows access for administrators" do
    controller.should_receive(:authenticate_administrator!).and_return(true)
    PrivacyFilter.filter(controller).should be_true
  end

  it "allows access to users" do
    controller.should_receive(:authenticate_user!).and_return(true)
    PrivacyFilter.filter(controller).should be_true
  end

  it "denies all others" do
    PrivacyFilter.filter(controller).should be_false
  end
end

@dennyabraham I don't think so. They're just standard Devise stuff. I think the bang is because they can redirect.

I'm torn between what's more readable, a one liner, or this.

Now that I'm thinking about it, that might mean that this won't even work, as a user will hit the admin filter, which will redirect to admin login...

I should really be using CanCan for this, I guess.

Late to the party, but I really want this to be AccessPolicy.has_access?(user, article). (Raptor will let you write exactly this and specify it directly in a route... some day. garybernhardt/raptor@3e1b48e ;)

Yeah, that seems like the right API. Rails makes it awkward.

For the app, I just ended up using cancan, which is the Right Way anywaay...