ruby-on-rails – RSpec：哪个是测试授权的正确位置？

对于身份验证,我通常更喜欢使用集成/请求规范或接受/功能规范.功能规格最近是首选,因为Capybara DSL(页面和访问)仅在功能规格中可用.在2.x升级之前,他们曾经被允许在请求规范中.

我会测试注册,登录和注销等内容.例如,

# signing_up_spec.rb

feature 'Signing up' do
  scenario 'Successful sign up' do
    visit '/'
    within 'nav' do
      click_link 'Sign up'
    end
    fill_in "Email",:with => "user@ticketee.com"
    fill_in "Password",:with => "password"
    fill_in "Password confirmation",:with => "password"
    click_button "Sign up"
    page.should have_content("Please open the link to activate your account.")
  end
end

这允许您测试更高级别的方面,并让您看到应用程序中的不同组件(控制器,视图等).根据定义,这是一个集成/验收测试.我将对sign_in_spec.rb和signing_out_spec.rb执行与上述相同的操作

现在进行授权,我会选择使用控制器规格.这允许您测试用户有权访问的各个操作.这些控制器规格本质上更精细,并且根据定义单元/功能测试.例如,假设您有一个故障单资源,并且您想测试只有某些用户可以访问某些特定功能

# tickets_controller_spec.rb

describe TicketsController do
  let(:user) { FactoryGirl.create(:confirmed_user) }
  let(:project) { FactoryGirl.create(:project) }
  let(:ticket) { FactoryGirl.create(:ticket,:project => project,:user => user) }

  context "standard users" do
    it "cannot access a ticket for a project" do
      sign_in(:user,user)
      get :show,:id => ticket.id,:project_id => project.id
      response.should redirect_to(root_path)
      flash[:alert].should eql("The project you were looking for could not be found.")
    end

    context "with permission to view the project" do
      before do
        sign_in(:user,user)
        define_permission!(user,"view",project)
      end

      def cannot_create_tickets!
        response.should redirect_to(project)
        flash[:alert].should eql("You cannot create tickets on this project.")
      end

      def cannot_update_tickets!
        response.should redirect_to(project)
        flash[:alert].should eql("You cannot edit tickets on this project.")
      end

      it "cannot begin to create a ticket" do
        get :new,:project_id => project.id
        cannot_create_tickets!
      end

      it "cannot create a ticket without permission" do
        post :create,:project_id => project.id
        cannot_create_tickets!
      end

      it "cannot edit a ticket without permission" do
        get :edit,{ :project_id => project.id,:id => ticket.id }
        cannot_update_tickets!
      end

      it "cannot update a ticket without permission" do
        put :update,:ticket => {}
                     }
        cannot_update_tickets!
      end

      it "cannot delete a ticket without permission" do
        delete :destroy,:id => ticket.id }
        response.should redirect_to(project)
        flash[:alert].should eql("You cannot delete tickets from this project.")
      end

      it "can create tickets,but not tag them" do
        Permission.create(:user => user,:thing => project,:action => "create tickets")
        post :create,:ticket => { :title => "New ticket!",:description => "Brand spankin' new",:tag_names => "these are tags"
                                 },:project_id => project.id
        Ticket.last.tags.should be_empty
      end
    end
  end
end

我发现rspec-rails,capybara和factory_girl_rails的组合在rails应用程序中的两种类型的测试中都表现良好.

以上示例取自Rails3Book repo on github.请查看回购以获取更多示例.这是一种了解测试rails应用程序时可能性的好方法.