Adding Users and Roles

Now that you have Devise installed, let’s see how you can use testing to expose security issues.

The most basic security issue is user login. Since your application involves projects that would presumably be limited to a specific, private set of users, it makes sense that you would need to be logged in to access the application. This is testable logic—a logged-in user can access a page, whereas any random person who happens across the page cannot.

Here’s an integration test for the project index page:

1: require ​"rails_helper"
RSpec.describe ​"with users and roles"​ ​do
5: def​ log_in_as(user)
visit new_user_session_path
fill_in(​"user_email"​, ​with:

Get Rails 5 Test Prescriptions now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.