While my approach might not be the best, since I don't
stub :login_required, it still serves me well. I would do something
like this:
user = mock_model(User, :operator => true)
controller.stub!(:current_user).and_return(user)
login_required will find the 'current_user' and be happy. I don't
know if the :operator => true thing will cut it for your other check,
but that should get you on the right track.
I hope that helps!
Glenn
On Apr 8, 2008, at 10:03 AM, Giuseppe Bertini wrote:
> Dear all,
>
> I am wondering how to properly mock/stub out the preliminary steps to
> actions protected by restful_authentication and acl_system2 (role-
> based
> authorization to execute actions). Here's my setup:
>
> class User < ActiveRecord::Base
> has_and_belongs_to_many :roles
> has_many :tasks
> [snip]
> end
>
> class Task < ActiveRecord::Base
> belongs_to :user
> end
>
> I also have a Role class that habtm :users
>
> Now, for the controller that I need to spec:
>
> class TasksController < ApplicationController
> before_filter :login_required
> access_control :DEFAULT => 'operator'
>
> def index
> @tasks = current_user.tasks
> end
> end
>
> Two interesting things happen here. First, access to the index
> action is
> only granted after checking that the user is logged-in *and* that
> she is
> an 'operator'. Second, the tasks method is called on current_user,
> which
> is available to all controllers that include AuthenticatedSystem.
>
> I can easily write a few specs for this controller if I use a
> fixture_scenario and login_as (see below). On the other hand, I am
> trying to learn to abide to the "hey, dont touch that!" database
> thing.
> As a novice, the task of setting up examples in which authentication &
> authorization are satisfied, and where current_user still responds
> properly appears daunting. But then again, I *am* a novice!
>
> Thank you all in advance,
> Giuseppe
>
>
> ###############
> # my current specs
> ###############
> include AuthenticatedTestHelper
> describe TasksController, "with a logged-in user having 'operator'
> privileges" do
> scenario :users_and_roles
> before(:each) do
> login_as :giuseppe # based on the fixtures, giuseppe is now a
> logged-in operator
> end
>
> describe "getting the index" do
>
> before(:each) do
> @tasks = mock_model(Task)
> Task.stub!(:find).and_return([EMAIL PROTECTED])
> end
>
> it "should render index" do
> get :index
> response.should render_template('index')
> end
>
> it "should assign to the @tasks instance variable" do
> get :index
> assigns[:tasks].should [EMAIL PROTECTED]
> end
> end
> end
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> rspec-users mailing list
> rspec-users@rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users
_______________________________________________
rspec-users mailing list
rspec-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/rspec-users
