我有这样的规格:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
public partial class CustomerLogin : System.Web.UI.Page
{
static readonly string scriptErrorUserId =
"<script language=\"javascript\">\n" +
"alert (\"Error - UserId you keyed in is taken up, please key in another UserId\");\n" +
"</script>";
static readonly string scriptSuccessNewAccount =
"<script language=\"javascript\">\n" +
"alert (\"Your account has been succesfully created - Thank You!\");\n" +
"</script>";
static readonly string scriptErrorInput =
"<script language=\"javascript\">\n" +
"alert (\"Error - Please fill up all the textboxes\");\n" +
"</script>";
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection sqlCon = new SqlConnection(@"Data Source=DESKTOP-UNIV3GV;Initial Catalog=Bolsen;Integrated Security=True; MultipleActiveResultSets=true;");
sqlCon.Open();
Type csType = this.GetType();
//Check to ensure that UserId keyed in is not being in used by other Customers
SqlCommand sqlcmd;
SqlDataReader rdr;
string strSQLSelect = "SELECT cEmail FROM Customers ";
sqlcmd = new SqlCommand(strSQLSelect, sqlCon);
//SqlDataReader reader = sqlcmd.ExecuteReader();
rdr = sqlcmd.ExecuteReader();
while (rdr.Read() == true)
if (txtEmail.Text == (string)rdr["cEmail"])
{
ClientScript.RegisterStartupScript(csType, "Error", scriptErrorUserId);
sqlCon.Close();
return;
}
if (txtEmail.Text == "")
{
ClientScript.RegisterStartupScript(csType, "Error", scriptErrorInput);
sqlCon.Close();
return;
}
// insert new record
string strSQLInsert = "INSERT INTO "
+ " Customer (Firstname, Lastname, cNumber, cCompanyName, cCompanyAddress, cEmail, cPassword)"
+ " VALUES (@FN, @LN, @Num, @CName, @CAdd, @Email, @PW)";
sqlcmd = new SqlCommand(strSQLInsert, sqlCon);
sqlcmd.Parameters.AddWithValue("@CFN", txtFN.Text);
sqlcmd.Parameters.AddWithValue("@LN", txtLN.Text);
sqlcmd.Parameters.AddWithValue("@Num", txtNum.Text);
sqlcmd.Parameters.AddWithValue("@CName", txtCN);
sqlcmd.Parameters.AddWithValue("@CAdd", txtCA.Text);
sqlcmd.Parameters.AddWithValue("@Email", txtEmail.Text);
sqlcmd.Parameters.AddWithValue("@PW", txtPwd.Text);
sqlcmd.ExecuteNonQuery();
sqlCon.Close();
ClientScript.RegisterStartupScript(csType, "Success", scriptSuccessNewAccount);
// prepare Session variables for newly registered customer
}
第一个正确返回it "should let a user destroy their own picture" do
expect do
delete :destroy, { id: p1.id }
puts "\n\nOK resp\n#{response.status}\n\n\n"
end.to change { Picture.count }.by(-1)
end
it "should not let a user delete another user's picture" do
sign_in(user2)
expect do
delete :destroy, { id: p1.id }
puts "\n\nNOT OK resp\n#{response.status}\n\n\n"
end.to change { Picture.count }.by(0)
end
(销毁后我重定向)。第二个正确通过,这意味着用户无法销毁,但是它返回一个302状态代码,而不是应该返回的200。
在我的401中:
ApplicationController无论是否有class ApplicationController < ActionController::Base
include Pundit
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
def user_not_authorized
render file: "public/401.html", status: :unauthorized
end
...
end
行,我仍然会得到rescue from。似乎200在pundit方法中正确捕获了true或false并停止了执行,但是在得到authorize(@obj)时并没有提高。
我该如何解决?