I created a in-house gem for managing records called 'record_search', which includes a controller named 'ApiController' In one app, I needed to hook in authorization behaviors to prevent the data from being publicly accessible, so I added a ActiveSupport::Concern module to allow the app to add a before_filter. How can I properly test this before_filter? (using rspec)
我创建了一个用于管理名为'record_search'的记录的内部gem,其中包含一个名为'ApiController'的控制器。在一个应用程序中,我需要挂钩授权行为以防止数据被公共访问,所以我添加了一个ActiveSupport ::关注模块允许应用添加before_filter。我怎样才能正确测试这个before_filter? (使用rspec)
In Gem:
app/controllers/api_controller.rb
module RecordSearch
class ApiController < ApplicationController
respond_to :json
def search
render json: #app-specific code
end
def find
render json: #app-specific code
end
include Extensions #define any authorization logic here
end
end
Local app:
app/controllers/concerns/record_search/extensions.rb
module RecordSearch::Extensions
extend ActiveSupport::Concern
include ApplicationHelper #defines current_user method
included do
before_filter :require_premium_user, :only => [:find,:search]
end
private
def require_premium_user
unless current_user
return render :json => {"error" => "not authorized"}
end
end
end
1 个解决方案
#1
0
Assuming controller
is the current controller under test, then you could use:
假设控制器是当前正在测试的控制器,那么您可以使用:
describe "searching when not a premimum user" do
let(:user) { ... } # code to create a regular user
before { ... } # code to login user
it "should return an error message" do
expect(controller).to receive(:render).with({"error" => "not authorized"})
# code to trigger find or search
end
end
with comparable examples for a premium user. See also http://apidock.com/rails/ActionController/Assertions/ResponseAssertions/assert_response, although I'm not familiar with using Rails' assertions.
与高级用户的可比较示例。另请参阅http://apidock.com/rails/ActionController/Assertions/ResponseAssertions/assert_response,尽管我不熟悉使用Rails的断言。
As an aside, the actual require_premium_user
code didn't make sense to me.
顺便说一句,实际的require_premium_user代码对我来说没有意义。
#1
0
Assuming controller
is the current controller under test, then you could use:
假设控制器是当前正在测试的控制器,那么您可以使用:
describe "searching when not a premimum user" do
let(:user) { ... } # code to create a regular user
before { ... } # code to login user
it "should return an error message" do
expect(controller).to receive(:render).with({"error" => "not authorized"})
# code to trigger find or search
end
end
with comparable examples for a premium user. See also http://apidock.com/rails/ActionController/Assertions/ResponseAssertions/assert_response, although I'm not familiar with using Rails' assertions.
与高级用户的可比较示例。另请参阅http://apidock.com/rails/ActionController/Assertions/ResponseAssertions/assert_response,尽管我不熟悉使用Rails的断言。
As an aside, the actual require_premium_user
code didn't make sense to me.
顺便说一句,实际的require_premium_user代码对我来说没有意义。