0

I am using Pundit with Devise and think I am missing something pretty basic on RSpec.

I have a simple policy that lets a user who owns the model, view it. But I have no idea how to write a FactoryBot factory for it.

My policy works fine, when I test it in the browser. 

class ProfilePolicy 
  # class Scope < Scope
  #   def resolve
  #     scope.where(user_id :@user.try(:id))
  #   end
  # end

  attr_reader :current_user, :model

  def initialize(current_user, model)
    @current_user = current_user
    @profile = model
  end


  def index? 
    @current_user.has_role? :admin
  end

  def show?
    user_is_owner_of_record
  end

  def create?
   @current_user_user.has_role? :seller
  end

  def new?
    create?
  end

  def update?
    user_is_owner_of_record
  end

  def edit?
    update?
  end

  def destroy?
    user_is_owner_of_record
    # false
  end

  private 
  def user_is_owner_of_record
    @user == @record.user
  end
end

I have a user factory 

FactoryBot.define do
  factory :user do
    sequence(:email) { |n| "user_#{n}@factory.com" }
    # email  'test@example.com'
    # email '#{firstname}@#{lastname}.com'
    password 'password'
    password_confirmation 'password'
    firstname 'test'
    lastname 'example'
    confirmed_at Time.now

    # last_signed_in {10.days.ago}

    trait :admin do 
      after(:create) {|user| user.add_role :admin}
      after(:stub) {|user| user.add_role :admin}
    end

     trait :seller do 
      after(:create) {|user| user.add_role :seller}
      after(:stub) {|user| user.add_role :seller}
    end


    # trait :profile do 
    #   after(:create) {|user| user.profile_create(overview: "test", name: "test", account_authorized: true)
    # end
  end  
end

and a Profile factory 

FactoryBot.define do
  factory :profile do

    name "test"

    overview  "test"
    account_authorized true
    association :current_user, factory: :user
   end


end

and the Policy Spec is below

require 'rails_helper'

describe ProfilePolicy do 
  subject { described_class }

  let (:current_user) { FactoryBot.build_stubbed :user }
  let (:admin) { FactoryBot.build_stubbed :user, :admin }
  let (:profile) { current_user.build_profile(name: "test", overview: "test", account_authorized: true ) }

  permissions :index? do 
    it 'denies access if not an admin' do 
      expect(subject).not_to permit(current_user)
    end
    it 'allows access if admin' do
      expect(subject).to permit(admin)
    end
  end
  THIS IS WHERE I'm STUCK
  **permissions :show? do

    it 'allows access if record owner' do
      expect(subject).to permit(current_user, profile)
    end
  end**
end

Where I am confused is getting the factories to create a profile with the current_user.id == profile.user_id Otherwise, I am getting errors like 

undefined method `user' for nil:NilClass

I know I am missing something simple.. so will get a duh! later.

Laurie
  • 162
  • 1
  • 11
  • I think I figured it out. In my method on my policy, I changed it to .. "@current_user == @profile_user" and it worked. – Laurie Nov 05 '17 at 16:05
  • Laurie, go ahead and post your solution as the answer so someone like myself is not trying to help you only to realize you have already solved it. – Daniel Jan 31 '18 at 22:45

1 Answers1

0

In my profile_policy.rb I changed the owner_of_record to

class ProfilePolicy ....

private
   def user_is_owner_of_record
     @current_user == @profile.user
   end

end

Laurie
  • 162
  • 1
  • 11