Open
Description
Description
We have a set of shared examples called "required authorization" (link to source). They are meant to be a DRY way to ensure that the controller actions or requests require authorization.
The problem is there a bug in the implementation which means that the shared specs will always pass.
To illustrate, running the following specs:
FooController = Class.new(ActionController::Base)
RSpec.describe FooController, type: :controller do
let(:object) { create(:item) }
include_examples "requiring authorization"
end
RSpec.describe "foo", type: :request do
let(:object) { create(:item) }
include_examples "requiring authorization"
endproduces this output:
Randomized with seed 56820
foo
redirects the user to the sign-in page for CRUD actions
FooController
redirects the user to the sign-in page for CRUD actions
Finished in 0.73823 seconds (files took 3.71 seconds to load)
2 examples, 0 failures
Let's fix this so that these shared examples are actually testing authorization.
Issues to resolve
- Fix the bug causing every example block to be skipped. (Hint: Look at how the
constraintspassed in are defined/mutated.) - These shared examples are used in both controller specs and request specs, but look to be written exclusively for controller specs. Let's either create separate shared examples for request specs or refactor the specs to work for both controller and request specs.
Metadata
Metadata
Assignees
Labels
No labels