ruby-on-rails – RSpec:哪个是测试授权的正确位置?
我应该在哪里用RSpec测试授权?
使用RSpec创建Rails应用程序时,有三个文件夹似乎足够: >规范/路由 如果用户登录,我应该测试哪一个?我应该测试多种规格类型吗? 解决方法
你的问题有一个微妙的区别.授权通常引用用户在应用程序中拥有的权限.用户注册和登录用户的身份验证引用.
对于身份验证,我通常更喜欢使用集成/请求规范或接受/功能规范.功能规格最近是首选,因为Capybara DSL(页面和访问)仅在功能规格中可用.在2.x升级之前,他们曾经被允许在请求规范中. 我会测试注册,登录和注销等内容.例如, # signing_up_spec.rb feature 'Signing up' do scenario 'Successful sign up' do visit '/' within 'nav' do click_link 'Sign up' end fill_in "Email",:with => "user@ticketee.com" fill_in "Password",:with => "password" fill_in "Password confirmation",:with => "password" click_button "Sign up" page.should have_content("Please open the link to activate your account.") end end 这允许您测试更高级别的方面,并让您看到应用程序中的不同组件(控制器,视图等).根据定义,这是一个集成/验收测试.我将对sign_in_spec.rb和signing_out_spec.rb执行与上述相同的操作 现在进行授权,我会选择使用控制器规格.这允许您测试用户有权访问的各个操作.这些控制器规格本质上更精细,并且根据定义单元/功能测试.例如,假设您有一个故障单资源,并且您想测试只有某些用户可以访问某些特定功能 # tickets_controller_spec.rb describe TicketsController do let(:user) { FactoryGirl.create(:confirmed_user) } let(:project) { FactoryGirl.create(:project) } let(:ticket) { FactoryGirl.create(:ticket,:project => project,:user => user) } context "standard users" do it "cannot access a ticket for a project" do sign_in(:user,user) get :show,:id => ticket.id,:project_id => project.id response.should redirect_to(root_path) flash[:alert].should eql("The project you were looking for could not be found.") end context "with permission to view the project" do before do sign_in(:user,user) define_permission!(user,"view",project) end def cannot_create_tickets! response.should redirect_to(project) flash[:alert].should eql("You cannot create tickets on this project.") end def cannot_update_tickets! response.should redirect_to(project) flash[:alert].should eql("You cannot edit tickets on this project.") end it "cannot begin to create a ticket" do get :new,:project_id => project.id cannot_create_tickets! end it "cannot create a ticket without permission" do post :create,:project_id => project.id cannot_create_tickets! end it "cannot edit a ticket without permission" do get :edit,{ :project_id => project.id,:id => ticket.id } cannot_update_tickets! end it "cannot update a ticket without permission" do put :update,:ticket => {} } cannot_update_tickets! end it "cannot delete a ticket without permission" do delete :destroy,:id => ticket.id } response.should redirect_to(project) flash[:alert].should eql("You cannot delete tickets from this project.") end it "can create tickets,but not tag them" do Permission.create(:user => user,:thing => project,:action => "create tickets") post :create,:ticket => { :title => "New ticket!",:description => "Brand spankin' new",:tag_names => "these are tags" },:project_id => project.id Ticket.last.tags.should be_empty end end end end 我发现rspec-rails,capybara和factory_girl_rails的组合在rails应用程序中的两种类型的测试中都表现良好. 以上示例取自Rails3Book repo on github.请查看回购以获取更多示例.这是一种了解测试rails应用程序时可能性的好方法. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |