Skip to content

Instantly share code, notes, and snippets.

@yosemsweet

yosemsweet/authentication_tests.rb

Created September 19, 2011 20:47
Show Gist options
  • Save yosemsweet/1227558 to your computer and use it in GitHub Desktop.
Save yosemsweet/1227558 to your computer and use it in GitHub Desktop.
Download ZIP
Test authentication and authorization in controller specs
Raw
authentication_tests.rb
describe "POST create" do
it "should require authentication" do
should_require_authentication do
canvas = Factory.build(:canvas)
post :create,
:canvas => {
:name => canvas.name,
:mission => canvas.mission,
:image => canvas.image,
:open => canvas.open
}
end
end
end
end
describe "GET show" do
it "should not require authentication" do
should_not_require_authentication do
get :show,
:id => Factory.create(:canvas)
end
end
end
end
Raw
authorization_tests.rb
describe "PUT update" do
it "should require authorization to :update" do
canvas = Factory.create(:canvas)
should_require_authorization_to(:action => :update, :object => canvas) do
put :update, :id => canvas.id, :canvas => {:name => "test"}
end
end
end
#when deleting you need to stub out destroy
describe "DELETE destroy" do
it "should require authorization to :delete" do
canvas = Factory.create(:canvas)
#don't actually destroy the canvas, we just want to ensure we call destory on it.
canvas.stubs(:destroy).returns(canvas)
Canvas.stubs(:find).returns(canvas)
should_require_authorization_to(:action => :delete, :object => canvas) do
delete :destroy, :id => canvas.id
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment