2

I'm new with rspec test and maybe there are something that I dont undertand.

if can any help me, I really appreciate some help.

File Structure:

app/models/booking.rb
app/models/user.rb
app/models/role.rb
app/models/ability.rb   

app/controllers/bookings_controller.rb

app/views/bookings/index.html.erb
app/views/dashboard/index.html.erb

app/spec/controllers/bookings_controller_spec.rb

I read this link with a similar problem but it isn't solved

Rspec controller error expecting <"index"> but rendering with <"">

is similar, because if I change this line:

    it 'should not render index template from bookings' do
        get :index
=>      response.should_not render_template(:index)
    end

for this other:

    it 'should not render index template from bookings' do
        get :index
=>      response.should render_template(:index)
    end

I get the same mistake that in the link

expecting <"index"> but rendering with <"">

and I don't know why? Here's my Code:

My Spec:

describe BookingsController do
context 'as guest' do
  before(:each) do
    @user = User.new(:email => 'mail_admin@test.com',
                :username => 'admin',
                :password => 'password_admin',
                :password_confirmation => 'password_admin')
    @user.save
    #when i save, with gem CanCan i assign a default role to @user
    #with the default role the user only can see the views/dashboard/index.html.erb
  end

  it 'should not render index template from bookings' do
    get :index
    response.should_not render_template(:index)
  end
end  
end

Controller:

class BookingsController < ApplicationController
load_and_authorize_resource

 def index
  ...      
 end

 def show
  ...
 end
end

My model:

class Booking < Activerecord::Base
paginates_per 20

 def 
  ...      
 end

 def 
  ...
 end
end

User:

Class User < ActiveRecord::Base
  after_save :set_default_role
  rolify
  .
  .
  .
  .
  def set_default_role
   self.add_role :default
  end
end

Role:

class Role < ActiveRecord::Base
 ROLES = {"admin" => "Admin", "default" => "Default"}
 .
 .
 .
 . 
 scopify
end

Ability:

class Ability
  include CanCan::Ability

  def initialize(user)
  user ||= User.new
  if user.has_role? :admin
   can :manage, :all
  elsif user.has_role? :data_consistency
   can :read, Booking
  end
 end
end
Community
  • 1
  • 1
nisevi
  • 627
  • 1
  • 10
  • 27

2 Answers2

1

CanCan authorizes model access not controller actions. For most other actions these two are more or less the same thing, but not for the index. On the index action CanCan adds a scope to the query for records that includes your authorization restrictions.

What this means is that your guest user will simply not be able to see any records, but the view will still render.

What you want is authentication (ie Devise) and use it from a before_filter in each controller that requires an authenticated user to access.

class BookingsController < ApplicationController
  load_and_authorize_resource # Handles authorization
  before_filter !authenticate_user # Handles authentication (included with Devise)
  ...
end
Cluster
  • 5,457
  • 1
  • 25
  • 36
  • thank you for your help, i'm going to try your advice, and then i will tell you if it's works... – nisevi Feb 18 '13 at 14:02
0

In my case, the problem was solved in before(:each) block!
My code works like this:

before :each do
  @user = User.new(:email => 'mail_admin@test.com',
            :username => 'admin',
            :password => 'password_admin',
            :password_confirmation => 'password_admin')
  @user.confirm!
  sign_in @user
end
squiter
  • 5,711
  • 4
  • 24
  • 24