should_be_restful can't mix resource.actions and resource.denied.actions
Reported by Spike | June 26th, 2008 @ 01:47 PM
This is with Rails 2.0.2 and Shoulda rel-4.0.2
When running tests using resource.denied.actions, any action not denied is check as if it were set in resource.actions. If resource.actions is set, then the resource.denied.actions are ignored. This means the actions checked can not be overridden. For example, given a sample user controller that allows anyone to access new and create, requires a password for show, edit, and update, and doesn't implement index, or destroy (those are admin only function), you might write a test like:
context "Not Logged in" do
should_be_restful do |resource|
resource.actions = [:new, :create]
resource.denied.actions = [:show, :edit, :update]
resource.formats = [:html]
resource.create.params = { :email => 'bob@bob.com',
:password => 'xxxxxx',
:password_confirmation => 'xxxxxx' }
resource.create.redirect = '"/"'
resource.create.flash = /thanks/i
resource.denied.redirect = 'new_session_url'
end
end
However, as written it only tests new, and create. If resource.actions is set to "[]", it tests nothing. If resource.actions is comment out, it runs the denied tests for show, edit, and update, but also tries to test, index, new, create, and destroy, and fails because index, and destroy don't exist.
I think it would make the most sense to me if setting resource.denied.actions meant that the remaining resources were not testing unless I listed them in resource.actions. But, even if the default is to test them, I still need to be able to control them.
Comments and changes to this ticket
-
Tammer Saleh June 26th, 2008 @ 03:53 PM
- → State changed from “new” to “needs-git-fork”
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
