Search code examples
ruby-on-railsrubyruby-on-rails-5pundit

Pundit::NotDefinedError: unable to find policy `UserPolicy`

I must be doing something wrong or I need glasses. I am following this tutorial here:

http://vaidehijoshi.github.io/blog/2015/09/29/using-pundit-the-cool-kid-of-authorization/

I've created the application_policy.rb file and user_policy.rb files inside the app/policies folder as instructed.

Pundit doesn't seem to detect my UserPolicy file inside IntegrationTests.

My Setup

  • Ruby on Rails 5 RC1
  • Ruby 2.2.4p230
  • Knock gem for JWT authentication
  • Pundit 1.1.0

user_policy.rb

class UserPolicy < ApplicationPolicy    
  def update?
    user == resource
  end
end

In my UserController, I have the defined REST API actions. Currently, I'm just testing the "update" action:

UsersController

def update
  user = User.find_by({id: params[:id]})

  authorize user

  render json: { error: "Failed to find" }, status: :not_found and return unless user

  if user.update!(user_params)
    render json: user
  else
    render json: { error: "Not found" }, status: :not_found
  end
end

users_controller_test.rb

test "update other user's data should raise NotAuthorized exception" do
  @user_two = users(:two)

  put user_path(@user_two.id), params: { first_name: "Jim" }, headers: @authorization_header
  assert_response :success # forcing fail test for now to test plumbing
end

I am getting the following errors:

.E

Error:
UsersControllerTest#test_update_other_user's_data_should_raise_NotAuthorized_exception:
Pundit::NotDefinedError: unable to find policy `UserPolicy` for `#<User id: 298486374, first_name: "MyString", last_name: "MyString", email: "MyString", password_digest: "MyString", created_at: "2016-05-27 13:30:07", updated_at: "2016-05-27 13:30:07", role_id: nil>`
    app/controllers/users_controller.rb:42:in `update'
    test/controllers/users_controller_test.rb:60:in `block in <class:UsersControllerTest>'

Any ideas what I might be doing wrong?

Edit

If it's any help, my UserControllerTest file looks like this:

require 'test_helper'

class UsersControllerTest < ActionDispatch::IntegrationTest
  def authenticate
    token = Knock::AuthToken.new(payload: { sub: users(:one).id }).token
    @authorization_header = { HTTP_AUTHORIZATION: "Bearer #{token}" }
  end

  setup do
    # load "#{Rails.root}/db/seeds.rb"
    Rails.application.load_seed
    authenticate
    @user = users(:one)
  end

  test "logged in user should return ok" do
    get users_path, headers: @authorization_header
    assert_response :ok
  end

  test "not logged in user should return unauthorized" do
    get users_path
    assert_response :unauthorized
  end

  test "user json should not contain password_digest" do
    get user_path(@user.id), headers: @authorization_header
    assert_response :ok
    json = JSON.parse(response.body)
    assert json.key?("password_digest") == false
  end

  test "create user without authorization header should return created" do
    user = {
      first_name: "Bob",
      last_name: "Brown",
      email: "bob@gmail.com",
      password: "abc",
      password_confirmation: "abc"
    }

    post users_path, params: user
    assert_response :created
    json = JSON.parse(response.body)
    assert !json.empty?
  end

  test "update user should return ok" do
    put user_path(@user.id), params: { first_name: "Bob"}, headers: @authorization_header
    assert_response :ok

    updated_user = User.find_by({id: @user.id})

    assert_equal "Bob", updated_user.first_name
  end

  test "update other user's data should raise NotAuthorized exception" do
    @user_two = users(:two)

    put user_path(@user_two.id), params: { first_name: "Jim" }, headers: @authorization_header
    assert_response :success
  end

  test "delete user shoudl return ok" do
    assert_difference "User.count", -1 do
      delete user_path(@user.id), headers: @authorization_header
    end
  end
end

All my tests were passing before I added the Pundit stuff an hour ago.

Solution

  • Okay....I don't know what the heck happened but apparently, I quit all my Mac terminal AND Atom IDE where I typed my code.

    Then I opened my terminal and did a rails test command again, and this time it worked:

    ....E

Error:
UsersControllerTest#test_update_other_user's_data_should_raise_NotAuthorized_exception:
Pundit::NotAuthorizedError: not allowed to update? this #<User id: 298486374, first_name: "MyString", last_name: "MyString", email: "MyString", password_digest: "MyString", created_at: "2016-05-27 15:19:51", updated_at: "2016-05-27 15:19:51", role_id: nil>
    app/controllers/users_controller.rb:42:in `update'
    test/controllers/users_controller_test.rb:60:in `block in <class:UsersControllerTest>'

    Bizarre...

    TL;DR

    1. Quit your IDE and Terminal
    2. Reopen your Terminal, then try again