Restricting Access
Having required a login for our application, we’ve solved part of our potential security problem. The next problem involves limiting access to only projects that the user is associated with.
We’ll start with an integration test. The test needs as its given a project, and at least two users—one who has access and one who does not. The when action is an attempt to view the project show page, and the then specification is the successful or unsuccessful page view.
Here’s the pair of tests:
security/02/gatherer/spec/features/user_and_role_spec.rb | |
| describe "roles" do |
| let(:project) { Project.create(name: "Project Gutenberg") } |
| |
| it "allows a user who is part of a project to see that project" do |
| project.roles.create(user: ... |
Get Rails 4 Test Prescriptions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.