所以,我一直在尝试设置一个before_filter来检查某人是否可以删除对象的权限。但它没有奏效......最终我做了以下事情:
before_filter :test_hack, :only => :destroy
def test_hack
return false
end
这里的破坏方法:
def destroy
@content = Content.find(params[:id])
#will get rid of this when the before filter works...
# but this doesn't stop it from getting deleted either
if not has_permission_to_change?(@content)
puts "This content is not gonig to get deleted"
flash[:error] = 'You do not have permission to delete this content.'
else
@content.destroy
end
失败的测试:
should "not allow the deleting of #{plural_name} on different accounts" do
login_as(@user)
p = Factory(factory_name, :account => Factory(:account))
assert_difference("#{klass}.count", 0) do
begin
delete :destroy, :id => p.id
raise "program flow should not reach this message"
rescue ActiveRecord::RecordNotFound
assert true
end
end
内容属于帐户
控制台输出:
Loaded suite test/functional/contents_controller_test
Started
This content is not gonig to get deleted
E
Finished in 0.649422 seconds.
1) Error:
test: destroy contents! should not allow the deleting of contents on different accounts. (ContentsControllerTest):
RuntimeError: program flow should not reach this message
答案 0 :(得分:1)
在你的测试中,
delete :destroy, :id => p.id
不会引发任何异常,因此执行继续正常,到达下一行
raise "program flow should not reach this message"
并且测试失败,因为没有捕获。 before_filter与它无关,根据你的测试输出,它甚至没有被调用。
答案 1 :(得分:1)
Once again,你测试的行为绝对正常:
您的第raise "program flow should not reach this message"行始终会被执行,因为您传递了id的对象:您刚刚创建了它
你应该保持:
assert_difference("#{klass}.count", 0) do
delete :destroy, :id => p.id
end
我不知道你的before_filter在哪里有用