0

我尝试搜索这个并发现了许多问题,没有一个可以给我一个有效的答案。我应该进行测试以确保管理员用户无法删除自己。

这是我在 authentication_pages_spec.rb 中的内容

describe "as admin user" do
  let(:admin) { FactoryGirl.create(:admin) }
  before { sign_in admin }

  describe "can't delete self" do
    before { delete user_path(admin) }
    specify { response.should redirect_to(users_path), 
              flash[:error].should =~ /Cannot delete own admin account!/i }
  end      
end

这是我在 users_controller.rb 中的内容

def destroy
    user = User.find(params[:id])
    if (current_user == user) && (current_user.admin?)
      flash[:error] = "Cannot delete own admin account!"
    else
      user.destroy
      flash[:success] = "User destroyed."
    end
  redirect_to users_path
end

测试失败并显示结果:

1) Authentication authorization as admin user can't delete self 
     Failure/Error: flash[:error].should =~ /Cannot delete own admin account!/i }
       expected: /Cannot delete own admin account!/i
            got: nil (using =~)
     # ./spec/requests/authentication_pages_spec.rb:139:in `block (5 levels) in <top (required)>'

Finished in 3.75 seconds
83 examples, 1 failure

Failed examples:

rspec ./spec/requests/authentication_pages_spec.rb:138 # Authentication authorization as admin user can't delete self 
4

1 回答 1

3

这就是我所做的。希望它至少可以作为参考。

规范/请求/authentication_pages.spec

describe "authorization" do
  ...

  context "as an admin user" do
    let(:admin) { create(:admin) }

    before do
      visit signin_path
      sign_in(admin)
    end

    context "prevents admin users from destroying themselves" do
      it "does not delete the user" do
        expect do
          delete user_path(admin)
        end.not_to change(User, :count)
      end

      context "after failing to delete" do
        let(:no_suicide) { "Cannot delete own admin account!" }

        before { delete user_path(admin) }
        specify do
          response.should redirect_to(users_url),
                                      flash[:error].should == no_suicide
        end
      end
    end
  end
end

应用程序/控制器/users_controller.rb

class UsersController < ApplicationController
  ...

  before_filter :admin_user, only: :destroy

  ...

  def destroy
    user = User.find(params[:id])
    if !current_user?(user)
      user.destroy
      flash[:success] = "User destroyed."
    else
      flash[:error] = "Cannot delete own admin account!"
    end
    redirect_to users_url
  end

  ...

  private

    def admin_user
      redirect_to root_url unless current_user.admin?
    end

    ...
end
于 2012-11-02T05:42:21.400 回答