Search code examples
ruby-on-railsrspecdevisecancan

CanCan in RSpec Controller spec

I spent most of the day trying to root out a problem with a controller spec, and the current workaround seems unacceptable to me. Any take on why this works? ... and what I should do instead.

Given a simple hierarchy as follows, and the following ability.rb, the properties_controller_spec.rb does not allow the spec below to pass without the line saying:

ability = Ability.new(subject.current_user)

Can you tell me why this would be?

Thanks!

Models:

class Account < ActiveRecord::Base
  has_many :properties, :dependent => :nullify
end

class Property < ActiveRecord::Base
  belongs_to :account
end

class User < Refinery::Core::BaseModel #for RefineryCMS integration
  belongs_to :account
end

Ability.rb:

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new
    if user.has_role? :user
      can [:read, :create, :update, :destroy], Property, account_id: user.account_id
    else
      can [:show], Property
    end
  end
end

properties_contoller_spec.rb:

require 'spec_helper'

describe PropertiesController do
  def valid_attributes
  describe "Authenticated as Property user" do
    describe "PUT update" do
      describe "with invalid params" do
        it "re-renders the 'edit' template" do
          property = FactoryGirl.create(:property, account: property_user.account)
          # Trigger the behavior that occurs when invalid params are submitted
          Property.any_instance.stub(:save).and_return(false)
          ability = Ability.new(subject.current_user) # seriously?
          put :update, {:id => property.to_param, :property => {  }}, {}
          response.should render_template("edit")
        end
      end
    end
  end
end
Solution

  • Arg! Found it myself.

    Here it is:

    config.include Devise::TestHelpers, :type => :controller

    Following is the code to sign in the property_user, as directed by the Devise docs. (The locals in question are created in a global_variables.rb that is included. These are used all over the place.) 

    def signed_in_as_a_property_user
  property_user.add_role "User" 
  sign_in property_user 
end

def sign_in_as_a_property_user 
  property_user.add_role 'User' 
  post_via_redirect user_session_path, 
    'user[email]' => property_user.email,
    'user[password]' => property_user.password
end