Question

我试着搜索这个，发现了很多问题，但没有一个能给我一个有效的答案。我应该做一个测试，以确保管理员用户不能删除自己。

这是我在authentication_pages_spec.rb

中的内容

describe "as admin user" do
  let(:admin) { FactoryGirl.create(:admin) }
  before { sign_in admin }

  describe "can't delete self" do
    before { delete user_path(admin) }
    specify { response.should redirect_to(users_path), 
              flash[:error].should =~ /Cannot delete own admin account!/i }
  end      
end

这是我在users_controller.rb

中的内容

def destroy
    user = User.find(params[:id])
    if (current_user == user) && (current_user.admin?)
      flash[:error] = "Cannot delete own admin account!"
    else
      user.destroy
      flash[:success] = "User destroyed."
    end
  redirect_to users_path
end

测试失败并显示结果：

1) Authentication authorization as admin user can't delete self 
     Failure/Error: flash[:error].should =~ /Cannot delete own admin account!/i }
       expected: /Cannot delete own admin account!/i
            got: nil (using =~)
     # ./spec/requests/authentication_pages_spec.rb:139:in `block (5 levels) in <top (required)>'

Finished in 3.75 seconds
83 examples, 1 failure

Failed examples:

rspec ./spec/requests/authentication_pages_spec.rb:138 # Authentication authorization as admin user can't delete self

Answer 1

这就是我所做的。希望它至少可以作为参考。

<强>规格/请求/ authentication_pages.spec

describe "authorization" do
  ...

  context "as an admin user" do
    let(:admin) { create(:admin) }

    before do
      visit signin_path
      sign_in(admin)
    end

    context "prevents admin users from destroying themselves" do
      it "does not delete the user" do
        expect do
          delete user_path(admin)
        end.not_to change(User, :count)
      end

      context "after failing to delete" do
        let(:no_suicide) { "Cannot delete own admin account!" }

        before { delete user_path(admin) }
        specify do
          response.should redirect_to(users_url),
                                      flash[:error].should == no_suicide
        end
      end
    end
  end
end

应用/控制器/ users_controller.rb

class UsersController < ApplicationController ... before_filter :admin_user, only: :destroy ... def destroy user = User.find(params[:id]) if !current_user?(user) user.destroy flash[:success] = "User destroyed." else flash[:error] = "Cannot delete own admin account!" end redirect_to users_url end ... private def admin_user redirect_to root_url unless current_user.admin? end ... end

Ruby教程Ch9练习＃9 - 测试失败

1 个答案: