开发和测试之间的过滤器顺序不同(设计+ cancan)

时间:2012-03-31 14:09:52

标签: ruby-on-rails devise cancan

我使用devise和cancan在开发和测试环境中面临不同的行为。

我正在使用:

  • rails 3.2.2
  • cancan 1.6.7
  • 设计2.0.4
  • capybara 1.1.2

我有一个控制器:

class ProductsController < ApplicationController
  before_filter :authenticate_user!, :only => [:edit]
  authorize_resource
  ...show, edit...


class ApplicationController < ActionController::Base
  protect_from_forgery
  check_authorization :unless => :devise_controller?

我的测试是:

  • 转到主页
  • 打开产品列表
  • 打开1个产品
  • 编辑此产品

使用水豚翻译:

scenario "test" do
  visit("/");
  click_link("Products")
  click_link("Awesome Product 00001")
  puts current_url
  click_link("Edit")
  puts current_url
  save_and_open_page
end

当我在浏览器中以开发模式执行此操作时,我会按预期结束登录页面并显示控制台:

http://www.example.com/products/1
http://www.example.com/users/sign_in

但是在运行我的规范时,我得到了403:

http://www.example.com/products/1
http://www.example.com/products/1/edit

如果我使用prepend_before_filter代替before_filter,那么它正在运行......所以看起来这是过滤器排序的问题。我设法打印这个:

403 ===>
[:verify_authenticity_token, "_callback_after_83(self)", "_callback_before_231(self)", "_callback_before_299(self)", :authenticate_user!, "_callback_after_309(self)", :set_locale, :set_mailer_options, :store_location]

prepend_before_filter ===>
[:verify_authenticity_token, :authenticate_user!, "_callback_after_83(self)", "_callback_before_231(self)", "_callback_before_299(self)", "_callback_after_309(self)", :set_locale, :set_mailer_options, :store_location]

in browser ===>
[:verify_authenticity_token, "_callback_before_5", "_callback_after_245(self)", :set_locale, :set_mailer_options, :store_location, :authenticate_user!, "_callback_before_305(self)"]

我在网上搜索过滤器排序,但无法找到与设计和cancan相关的任何内容(一般来说,过滤器排序很少)。 我对前置解决方案不满意,因为周围可能存在更大的问题......有人对这种行为有所了解吗?

感谢

修改 

class Ability

  include CanCan::Ability

  def initialize(user)
    user ||= User.new

    # The ability rules further down in a file will override a previous one.
    # See https://github.com/ryanb/cancan/wiki/Ability-Precedence

    default_abilities

    if user.role_member?
      member_abilities
    end

    if user.role_client?
      client_abilities
    end

    if user.role_administrator?
      administrator_abilities
    end
  end

  # ------------------------------------
  private

  # define abilities for everyone, including guests
  def default_abilities
    can :index, :home
    can :read, Product
    can [:read, :subcategories], ProductCategory
  end

  # define abilities for administrators
  def administrator_abilities
  end

  # define abilities for clients
  def client_abilities
    can :edit, Product
  end

  # define abilities for members
  def member_abilities
    can :read, Member
  end

end

0 个答案:

没有答案
相关问题
最新问题