Reputation: 501
Michael Hartl's Rails 5 tutorial chapter 10, listing 10.56, test if the admin attribute is forbidden
I was trying to pass the exercise in listing 10.56 and test if the admin attribute is forbidden. I added admin parameter in
app/controllers/users_controller.rb
def user_params
params.require(:user).permit(:name, :email, :password,
:password_confirmation,
:admin)
end
also, filled necessary parts in
test/controllers/users_controller_test.rb
test "should not allow the admin attribute to be edited via the web" do
log_in_as(@other_user)
assert_not @other_user.admin?
patch :update, id: @other_user, user: { password: "",
password_confirmation: "",
admin: true }
assert_not @other_user.reload.admin?
end
Still, I am getting unknown error after test:
ERROR["test_should_not_allow_the_admin_attribute_to_be_edited_via_the_web", UsersControllerTest, 3.2600422599352896]
test_should_not_allow_the_admin_attribute_to_be_edited_via_the_web#UsersControllerTest (3.26s)
URI::InvalidURIError: URI::InvalidURIError: bad URI(is not URI?): http://www.example.com:80update
test/controllers/users_controller_test.rb:37:in `block in <class:UsersControllerTest>'
Anyone here was dealing with the same problem?
Upvotes: 1
Views: 805
Answers (2)
Reputation: 11
The following should give you a non-erroring test that will fail when you allow admin to be altered as you have.
test "should not allow the admin attribute to be edited via the web" do
log_in_as(@other_user)
assert_not @other_user.admin?
patch user(@other_user), params: {
user: { password: "",
password_confirmation: "",
admin: true }
assert_not @other_user.reload.admin?
end
Upvotes: 1
Reputation: 69
This error is intended. As the exercise says you added :admin to permitted params before.
Your test now will send the patch request and set admin: true for @other_user (which is possible here, since you added :admin to permitted params). After that you use "assert_not" which will raise the error, since the test expects that
@other_user.reload.admin?
will be false but in your case its true. Deleting :admin from permitted params in app/controllers/users_controller.rb will change your test to green.
Upvotes: 3
Related Questions
- Rails Admin -> only access if user have role admin
- How to test activeadmin AuthorizationAdapter?
- How can I check if current user is the admin in rails?
- What tests should I write to test user validations for an admin-only feature?
- Rails before action check if admin
- How do i check if my user is admin in rails?
- How to check if the user should be assigned the role admin
- What is the proper way to validate that a User's admin attribute is set to true in your controllers?
- Is there a better way to test :admin security
- Unit test for a protected attribute Rails