Now that we have the concept of users and roles in the system, we need to look at other places where users need access to a project. Two interesting places spring to mind:
The project index list should be limited to only the projects that the user can see.
Adding tasks should be limited to only the projects a user can see.
Let’s look at the index page. Two places need code here. A User instance needs some way to return the list of projects the user can see, and the controller index action needs to call that method. That argues for an integration test, though only weakly. (Sometimes I’ll skip an integration test if the logic is very close to Rails default integration and would very easily be caught manually.)