Restricting Access

Having required a login for our application, we’ve solved part of our potential security problem. The next problem involves limiting access to only projects that the user is associated with.

We’ll start with an integration test. The test needs as its given a project, and at least two users—one who has access and one who does not. The when action is an attempt to view the project show page, and the then specification is the successful or unsuccessful page view.

Here’s the pair of tests:

describe ​"roles"​ ​do
let(:project) { Project.create(name: ​"Project Gutenberg"​) }
it ​"allows a user who is part of a project to see that project"​ ​do
project.roles.create(user: ...

Get Rails 4 Test Prescriptions now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.