fot*_*nus 4 ruby testing tdd rspec ruby-on-rails
我应该在哪里用RSpec测试授权?
使用RSpec创建Rails应用程序时,有三个文件夹似乎足够:
如果用户登录,我应该测试哪一个?我应该测试多种规格类型吗?
你的问题有一个微妙的区别.Authorization通常引用用户在应用程序中拥有的权限.Authentication注册用户注册和登录用户.
到目前为止Authentication,我通常更喜欢使用integration/requests规格或acceptance/feature specs.功能规格最近是首选,因为Capybara DSL(page和visit)仅在功能规格中可用.在2.x升级之前,他们曾经被允许在请求规范中.
我会测试注册,登录和注销等内容.例如,
# signing_up_spec.rb
feature 'Signing up' do
scenario 'Successful sign up' do
visit '/'
within 'nav' do
click_link 'Sign up'
end
fill_in "Email", :with => "user@ticketee.com"
fill_in "Password", :with => "password"
fill_in "Password confirmation", :with => "password"
click_button "Sign up"
page.should have_content("Please open the link to activate your account.")
end
end
这允许您测试更高级别的方面,并让您看到应用程序中的不同组件(控制器,视图等).根据定义,这是一个集成/验收测试.我会像上面那样做signing_in_spec.rb和signing_out_spec.rb
现在Authorization,我会选择使用控制器规格.这允许您测试用户有权访问的各个操作.这些控制器规格本质上更精细,并且根据定义单元/功能测试.例如,假设您有一个故障单资源,并且您想测试只有某些用户可以访问某些特定功能
# tickets_controller_spec.rb
describe TicketsController do
let(:user) { FactoryGirl.create(:confirmed_user) }
let(:project) { FactoryGirl.create(:project) }
let(:ticket) { FactoryGirl.create(:ticket, :project => project,
:user => user) }
context "standard users" do
it "cannot access a ticket for a project" do
sign_in(:user, user)
get :show, :id => ticket.id, :project_id => project.id
response.should redirect_to(root_path)
flash[:alert].should eql("The project you were looking for could not be found.")
end
context "with permission to view the project" do
before do
sign_in(:user, user)
define_permission!(user, "view", project)
end
def cannot_create_tickets!
response.should redirect_to(project)
flash[:alert].should eql("You cannot create tickets on this project.")
end
def cannot_update_tickets!
response.should redirect_to(project)
flash[:alert].should eql("You cannot edit tickets on this project.")
end
it "cannot begin to create a ticket" do
get :new, :project_id => project.id
cannot_create_tickets!
end
it "cannot create a ticket without permission" do
post :create, :project_id => project.id
cannot_create_tickets!
end
it "cannot edit a ticket without permission" do
get :edit, { :project_id => project.id, :id => ticket.id }
cannot_update_tickets!
end
it "cannot update a ticket without permission" do
put :update, { :project_id => project.id,
:id => ticket.id,
:ticket => {}
}
cannot_update_tickets!
end
it "cannot delete a ticket without permission" do
delete :destroy, { :project_id => project.id, :id => ticket.id }
response.should redirect_to(project)
flash[:alert].should eql("You cannot delete tickets from this project.")
end
it "can create tickets, but not tag them" do
Permission.create(:user => user, :thing => project, :action => "create tickets")
post :create, :ticket => { :title => "New ticket!",
:description => "Brand spankin' new",
:tag_names => "these are tags"
},
:project_id => project.id
Ticket.last.tags.should be_empty
end
end
end
end
我已经发现的组合rspec-rails,capybara并且factory_girl_rails已经在这两种类型的测试服务以及内Rails应用.
上面的例子来自github上的Rails3Book repo.看一下repo以获取更多示例.这是一种了解测试rails应用程序时可能性的好方法.
| 归档时间: |
|
| 查看次数: |
2360 次 |
| 最近记录: |