Reputation: 6025
Testing Rails controller security with RSpec shared examples
Some months ago, I came across an article on the web describing RSpec controller tests, using shared examples, and making distinction between various user/access roles… …I should have saved the link, cause no matter how hard I’ve been googeling, I can’t find it back.
Can any of you refer me to such a framework? Or has any of you created one of your own? I’ve been reading Aaron Sumner’s book on controller tests, as well as Mike Subelsky’s blog. I’ve also looked into https://github.com/svs/painless_controller_tests.
The article I'm referring to really used a declarative approach to define the various actions each role could access.
Upvotes: 0
Views: 1214
Answers (1)
Reputation: 6025
I finally found the article: https://github.com/edspencer/rspec-crud-controller-shared-example-groups
As this isn't using the "new" rspec syntax (it dates back to 2008), and isn't even working anymore with the current RSpec version, I had to make my own "variation", but the concept is definitely Ed Spencer's!
A "standard" CRUD controller test can now be written as:
require 'spec_helper'
describe XxxController do
it_behaves_like 'an unauthorized controller', as: [:user, :guest]
it_behaves_like 'an authorized controller', as: :admin
end
I love DRY!
Upvotes: 1
Related Questions
- Rails controller test with Rspec
- Practical way to test controller authentication with rspec
- Rspec, Rails: how to test private methods of controllers?
- How to write rspec tests for controllers that assume authentication
- Rails Controller Rspec Test
- Testing Controllers in Rails 4
- Testing controllers with rspec, authenticated with Sorcery
- RSpec testing a controller to restrict user behaviour on Rails 3.2
- Test (with RSpec) a controller outside of a Rails environment
- Testing rails controller with rspec