1

So I rails g scaffold bar content:string in Rails, it generates a whole lot of things. As a newbie in testing, I have little idea on what to put in each category.

Some context first:

  • The testing framework is RSpec
  • I'm using devise for authentication and pundit for authorization
  • The bar resource only allow accesses from authenticated users
  • Each user is only authorized to CRUD his own bar resource

Now the problem (I know it's a lot, sorry!):

  1. If I've already unit tested my pundit policies, do I need to test about authorizations in my controller specs?
  2. Do I test authentication in controller specs? Or should I just leave it to request specs?
  3. Is separated view tests necessary? I've been told more than once that it's not necessary and I should just go with feature specs.
  4. About request specs, do I need to test all 3 scenarios namely not authenticated, authenticated but not authorized, authorized for each action?
  5. What's the scope of feature tests? Do I test major functionalities or also every corner case?
fengye87
  • 2,433
  • 4
  • 24
  • 41

1 Answers1

0

I suggest using the verify_authorized and verify_policy_scoped after action methods from Pundit...

class ApplicationController < ActionController::Base
  include Pundit
  after_action :verify_authorized
end

Then your controller tests may be implemented to test only the least-restrictive user (e.g. admin).

The strategy for view and feature tests can be more complicated because you may need to test the user interface for features that can only be accessed by users with specific permissions. But at least you saved some time on your controller specs!

vanboom
  • 1,274
  • 12
  • 20