我尝试搜索这个并发现了许多问题,没有一个可以给我一个有效的答案。我应该进行测试以确保管理员用户无法删除自己。
这是我在 authentication_pages_spec.rb 中的内容
describe "as admin user" do
let(:admin) { FactoryGirl.create(:admin) }
before { sign_in admin }
describe "can't delete self" do
before { delete user_path(admin) }
specify { response.should redirect_to(users_path),
flash[:error].should =~ /Cannot delete own admin account!/i }
end
end
这是我在 users_controller.rb 中的内容
def destroy
user = User.find(params[:id])
if (current_user == user) && (current_user.admin?)
flash[:error] = "Cannot delete own admin account!"
else
user.destroy
flash[:success] = "User destroyed."
end
redirect_to users_path
end
测试失败并显示结果:
1) Authentication authorization as admin user can't delete self
Failure/Error: flash[:error].should =~ /Cannot delete own admin account!/i }
expected: /Cannot delete own admin account!/i
got: nil (using =~)
# ./spec/requests/authentication_pages_spec.rb:139:in `block (5 levels) in <top (required)>'
Finished in 3.75 seconds
83 examples, 1 failure
Failed examples:
rspec ./spec/requests/authentication_pages_spec.rb:138 # Authentication authorization as admin user can't delete self