Ruby Hartl的Ruby on Rails第9.41章

时间:2012-10-08 11:44:10

标签: ruby-on-rails

我正在使用Michael Hartl的教程。当我运行测试时,我收到此错误:

 1) Authentication authorization for non-signed-in users when attempting to visit a   
protected page as non-admin user submitting a DELETE request to the Users#destroy action
Failure/Error: specify { response.should redirect_to(root_path) } 
Expected response to be a redirect to <http://www.example.com/> but
was a redirect to <http://www.example.com/users>
# ./spec/requests/authentication_pages_spec.rb:81:in `block (7 levels)
in <top required)>'

这是我的authentication_pages_spec.rb。代码可能与教程示例中显示的稍有不同。这些变化对于通过最近的测试是必要的。到目前为止,一切都很完美。

require 'spec_helper'

describe "Authentication" do
  let(:user) { FactoryGirl.create(:user) } 
    subject { page }

  describe "signin page" do
    before { visit signin_path }

    it { should have_selector('h1', text: 'Sign in') }
    it { should have_selector('title', text: 'Sign in') }
  end

  describe "signin" do

    before { visit signin_path } 

    describe "with invalid information" do
      before { click_button "Sign in" }

      it { should have_selector('title', text: 'Sign in') }
      it { should have_selector('div.alert.alert-error', text: 'Invalid') }

      describe "after visiting another page" do
          before { click_link "Home"}
          it { should have_selector('div.alert.alert-error') }
      end
    end

      describe "with valid information" do     
      let(:user) { FactoryGirl.create(:user) } 
      before do
        fill_in "Email",    with: user.email
        fill_in "Password", with: user.password
        click_button "Sign in"
      end

      it { should have_selector('title',    text: user.name) }

      it { should have_link('Users',        href: users_path) }
      it { should have_link('Profile',      href: user_path(user)) }
      it { should have_link('Settings',     href: edit_user_path(user)) }
      it { should have_link('Sign out',     href: signout_path) }

      it { should_not have_link('Sign in',  href: signin_path) } 

      describe "followed by signout" do
        before { click_link "Sign out" }
        it { should have_link('Sign in') }
      end
    end
  end

  describe "authorization" do

    describe "for non-signed-in users" do
      let(:user) { FactoryGirl.create(:user) }

      describe "when attempting to visit a protected page" do
        before do
          visit edit_user_path(user)
          fill_in "Email",    with: user.email
          fill_in "Password", with: user.password
          click_button "Sign in"
        end

        describe "after signing in" do

          it "should render the desired protected page" do
            page.should have_selector('title', text: 'Edit user')
          end          
       end
        describe "as non-admin user" do
          let(:user)  { FactoryGirl.create(:user) }
          let(:non_admin) { FactoryGirl.create(:user) }

          before { sign_in non_admin }

          describe "submitting a DELETE request to the Users#destroy action" do
            before { delete user_path(user) }
            specify { response.should redirect_to(root_path) }
          end
        end        
      end
    end

    describe "in the Users controller" do

      describe "visiting the edit page" do
        before { visit edit_user_path(user) }
        it { should have_selector('title', text: "Sign in") }
      end

      describe "submitting to the update action" do
        before { put user_path(user) }
        specify { response.should redirect_to(signin_path) }
      end

      describe "visiting the user index" do
        before {visit users_path }
        it { should have_selector('title', text: 'Sign in') }
      end
    end


     describe "as wrong user" do
       let(:user) { FactoryGirl.create(:user) }
       let(:wrong_user) { FactoryGirl.create(:user, email: "wrong@example.com") }
       before { sign_in user }

       describe "visiting User#edit page" do
         before { visit edit_user_path(wrong_user) }
         it { should_not have_selector('title', text: full_title('Edit user')) }
       end

       describe "submitting a PUT request to the User#update action" do
         before { put user_path(wrong_user) }
         specify { response.should redirect_to(root_path) } 
       end
    end    
  end
end

有人有想法吗?感谢您的帮助&amp; intrest!

2 个答案:

答案 0 :(得分:3)

在您的users_controller#destroy中,您已重定向到users_path而不是root_path(您期望的那样)。你能展示你的#destroy行动吗?

答案 1 :(得分:0)

我刚刚完成本章并遇到了同样的问题,但我不认为接受的答案是正确的,这就是原因:

您的用户控制器 中的销毁操作应该 重定向到users_path,而不是root_path,因为我们希望管理员在删除后返回到用户列表一,我们想要将尝试发出DELETE请求的任何非管理员重定向回主页。

重新阅读该部分后,我意识到我在用户控制器中错过了一个过滤器:

before_action :admin_user, only: :destroy

添加使测试通过。