RSpec:哪个是测试授权的正确位置?

时间:2013-06-19 17:47:47

标签: ruby-on-rails ruby testing rspec tdd

我应该在哪里用RSpec测试授权?

使用RSpec创建Rails应用程序时,有三个文件夹似乎已足够:

  • 规格/路由
  • 规格/请求
  • 规格/控制器

如果用户登录,我应该测试哪一个?我应该测试多种规格类型吗?

1 个答案:

答案 0 :(得分:8)

你的问题有一个微妙的区别。 Authorization通常引用用户在应用中拥有的权限。 Authentication引荐用户注册和登录用户。

Authentication而言,我通常更喜欢使用integration/requests规范或acceptance/feature specs。功能规格最近是首选,因为Capybara DSL(pagevisit)仅在功能规格中可用。在2.x升级之前,他们曾经被允许在请求规范中。

我会测试注册,登录和退出等内容。例如,

# signing_up_spec.rb

feature 'Signing up' do
  scenario 'Successful sign up' do
    visit '/'
    within 'nav' do
      click_link 'Sign up'
    end
    fill_in "Email", :with => "user@ticketee.com"
    fill_in "Password", :with => "password"
    fill_in "Password confirmation", :with => "password"
    click_button "Sign up"
    page.should have_content("Please open the link to activate your account.")
  end
end

这使您可以测试更高级别的方面,并让您在应用程序中查看不同的组件(控制器,视图等)。根据定义,这是一个集成/验收测试。我会对signing_in_spec.rbsigning_out_spec.rb

执行与上述相同的操作

现在Authorization,我会选择使用控制器规格。这允许您测试用户有权访问的各个操作。这些控制器规格本质上更精细,并且根据定义单元/功能测试。例如,假设您有一个故障单资源,并且您想测试只有某些用户可以访问某些特定功能

# tickets_controller_spec.rb

describe TicketsController do
  let(:user) { FactoryGirl.create(:confirmed_user) }
  let(:project) { FactoryGirl.create(:project) }
  let(:ticket) { FactoryGirl.create(:ticket, :project => project,
                                  :user => user) }

  context "standard users" do
    it "cannot access a ticket for a project" do
      sign_in(:user, user)
      get :show, :id => ticket.id, :project_id => project.id
      response.should redirect_to(root_path)
      flash[:alert].should eql("The project you were looking for could not be found.")
    end

    context "with permission to view the project" do
      before do
        sign_in(:user, user)
        define_permission!(user, "view", project)
      end

      def cannot_create_tickets!
        response.should redirect_to(project)
        flash[:alert].should eql("You cannot create tickets on this project.")
      end

      def cannot_update_tickets!
        response.should redirect_to(project)
        flash[:alert].should eql("You cannot edit tickets on this project.")
      end

      it "cannot begin to create a ticket" do
        get :new, :project_id => project.id
        cannot_create_tickets!
      end

      it "cannot create a ticket without permission" do
        post :create, :project_id => project.id
        cannot_create_tickets!
      end

      it "cannot edit a ticket without permission" do
        get :edit, { :project_id => project.id, :id => ticket.id }
        cannot_update_tickets!
      end

      it "cannot update a ticket without permission" do
        put :update, { :project_id => project.id,
                       :id => ticket.id,
                       :ticket => {}
                     }
        cannot_update_tickets!
      end

      it "cannot delete a ticket without permission" do
        delete :destroy, { :project_id => project.id, :id => ticket.id }
        response.should redirect_to(project)
        flash[:alert].should eql("You cannot delete tickets from this project.")
      end

      it "can create tickets, but not tag them" do
        Permission.create(:user => user, :thing => project, :action => "create tickets")
        post :create, :ticket => { :title => "New ticket!",
                                   :description => "Brand spankin' new",
                                   :tag_names => "these are tags"
                                 },
                      :project_id => project.id
        Ticket.last.tags.should be_empty
      end
    end
  end
end

我发现rspec-railscapybarafactory_girl_rails的组合在rails应用中的两种类型的测试中都很好用。

以上示例取自Rails3Book repo on github。看一下repo以获取更多示例。这是一种了解测试rails应用程序时可能性的好方法。

相关问题
最新问题