Skip to content

Fix "requiring authorization" shared examples in our test suite #4941

Open
@coalest

Description

@coalest

Description

We have a set of shared examples called "required authorization" (link to source). They are meant to be a DRY way to ensure that the controller actions or requests require authorization.

The problem is there a bug in the implementation which means that the shared specs will always pass.

To illustrate, running the following specs:

FooController = Class.new(ActionController::Base)

RSpec.describe FooController, type: :controller do
  let(:object) { create(:item) }

  include_examples "requiring authorization"
end

RSpec.describe "foo", type: :request do
  let(:object) { create(:item) }

  include_examples "requiring authorization"
end

produces this output:

Randomized with seed 56820

foo
  redirects the user to the sign-in page for CRUD actions

FooController
  redirects the user to the sign-in page for CRUD actions

Finished in 0.73823 seconds (files took 3.71 seconds to load)
2 examples, 0 failures

Let's fix this so that these shared examples are actually testing authorization.

Issues to resolve

  • Fix the bug causing every example block to be skipped. (Hint: Look at how the constraints passed in are defined/mutated.)
  • These shared examples are used in both controller specs and request specs, but look to be written exclusively for controller specs. Let's either create separate shared examples for request specs or refactor the specs to work for both controller and request specs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions