Skip to content

Instantly share code, notes, and snippets.

@steveklabnik
Created December 12, 2011 04:02
Show Gist options
  • Save steveklabnik/1464751 to your computer and use it in GitHub Desktop.
Save steveklabnik/1464751 to your computer and use it in GitHub Desktop.
A spec for a filter
class PrivacyFilter
def self.filter(controller)
[:first_article?,
:authenticate_administrator!,
:authenticate_user!
].find do |m|
controller.send(m)
end
end
end
require "app/models/privacy_filter"
describe PrivacyFilter do
let(:controller) do
double(:first_article? => false,
:authenticate_administrator! => false,
:authenticate_user! => false)
end
it "allows access to the root article" do
controller.should_receive(:first_article?).and_return(true)
PrivacyFilter.filter(controller).should be_true
end
it "allows access for administrators" do
controller.should_receive(:authenticate_administrator!).and_return(true)
PrivacyFilter.filter(controller).should be_true
end
it "allows access to users" do
controller.should_receive(:authenticate_user!).and_return(true)
PrivacyFilter.filter(controller).should be_true
end
it "denies all others" do
PrivacyFilter.filter(controller).should be_false
end
end
@steveklabnik
Copy link
Author

@dennyabraham I don't think so. They're just standard Devise stuff. I think the bang is because they can redirect.

I'm torn between what's more readable, a one liner, or this.

@steveklabnik
Copy link
Author

Now that I'm thinking about it, that might mean that this won't even work, as a user will hit the admin filter, which will redirect to admin login...

I should really be using CanCan for this, I guess.

@garybernhardt
Copy link

Late to the party, but I really want this to be AccessPolicy.has_access?(user, article). (Raptor will let you write exactly this and specify it directly in a route... some day. garybernhardt/raptor@3e1b48e ;)

@steveklabnik
Copy link
Author

Yeah, that seems like the right API. Rails makes it awkward.

For the app, I just ended up using cancan, which is the Right Way anywaay...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment