I created a in-house gem for managing records called 'record_search', which includes a controller named 'ApiController' In one app, I needed to hook in authorization behaviors to prevent the data from being publicly accessible, so I added a ActiveSupport::Concern module to allow the app to add a before_filter. How can I properly test this before_filter? (using rspec)

我创建了一个用于管理名为'record_search'的记录的内部gem,其中包含一个名为'ApiController'的控制器。在一个应用程序中,我需要挂钩授权行为以防止数据被公共访问,所以我添加了一个ActiveSupport ::关注模块允许应用添加before_filter。我怎样才能正确测试这个before_filter? (使用rspec)

In Gem:

app/controllers/api_controller.rb

module RecordSearch
  class ApiController < ApplicationController
    respond_to :json

    def search
      render json: #app-specific code
    end

    def find
      render json: #app-specific code
    end

    include Extensions #define any authorization logic here
  end
end

Local app:

app/controllers/concerns/record_search/extensions.rb

module RecordSearch::Extensions
  extend ActiveSupport::Concern
  include ApplicationHelper #defines current_user method

  included do
    before_filter :require_premium_user, :only => [:find,:search]
  end

  private

  def require_premium_user
    unless current_user
      return render :json => {"error" => "not authorized"}
    end
  end
end

1 个解决方案

describe "searching when not a premimum user" do
   let(:user) { ... } # code to create a regular user
   before { ... } # code to login user
   it "should return an error message" do
      expect(controller).to receive(:render).with({"error" => "not authorized"})
      # code to trigger find or search
   end
end

#1

describe "searching when not a premimum user" do
   let(:user) { ... } # code to create a regular user
   before { ... } # code to login user
   it "should return an error message" do
      expect(controller).to receive(:render).with({"error" => "not authorized"})
      # code to trigger find or search
   end
end