O'Reilly logo

Rails 4 Test Prescriptions by Noel Rappin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Restricting Access

Having required a login for our application, we’ve solved part of our potential security problem. The next problem involves limiting access to only projects that the user is associated with.

We’ll start with an integration test. The test needs as its given a project, and at least two users—one who has access and one who does not. The when action is an attempt to view the project show page, and the then specification is the successful or unsuccessful page view.

Here’s the pair of tests:

security/02/gatherer/spec/features/user_and_role_spec.rb
 
describe ​"roles"​ ​do
 
let(:project) { Project.create(name: ​"Project Gutenberg"​) }
 
 
it ​"allows a user who is part of a project to see that project"​ ​do
 
project.roles.create(user: ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required