Created
June 26, 2014 13:51
-
-
Save netzfisch/acc249f828884c739848 to your computer and use it in GitHub Desktop.
RSpec example for rails authorisation with Pundit's policy_scope method
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| describe PostPolicy do | |
| let(:scope) { Post.where(:published => true } | |
| subject(:policy_scope) { PostPolicy::Scope.new(user, scope).resolve } | |
| permissions ".scope" do | |
| context "for an ordinary user" | |
| let(:user) { User.new(:admin => false) } | |
| it "hides unpublished post" do | |
| post = Post.create(:published => false) | |
| expect(policy_scope).to eq [] | |
| end | |
| it "shows published post" do | |
| post = Post.create(:published => true) | |
| expect(policy_scope).to eq [post] | |
| end | |
| end | |
| context "for an admin user" | |
| let(:user) { User.new(:admin => true) } | |
| it "shows unpublished post" do | |
| post = Post.create(:published => false) | |
| expect(policy_scope).to eq [post] | |
| end | |
| it "shows published post" do | |
| post = Post.create(:published => true) | |
| expect(policy_scope).to eq [post] | |
| end | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment