So, I've been trying to set up a before_filter for checking permissions for whether or not someone can delete an object. But it hasn't been working... eventually I do the following:
before_filter :test_hack, :only => :destroy
def test_hack
return false
end
the destroy method here:
def destroy
@content = Content.find(params[:id])
#will get rid of this when the before filter works...
# but this doesn't stop it from getting deleted either
if not has_permission_to_change?(@content)
puts "This content is not gonig to get deleted"
flash[:error] = 'You do not have permission to delete this content.'
else
@content.destroy
end
the failing test:
should "not allow the deleting of #{plural_name} on different accounts" do
login_as(@user)
p = Factory(factory_name, :account => Factory(:account))
as开发者_运维技巧sert_difference("#{klass}.count", 0) do
begin
delete :destroy, :id => p.id
raise "program flow should not reach this message"
rescue ActiveRecord::RecordNotFound
assert true
end
end
Content belongs_to an account
console output:
Loaded suite test/functional/contents_controller_test
Started
This content is not gonig to get deleted
E
Finished in 0.649422 seconds.
1) Error:
test: destroy contents! should not allow the deleting of contents on different accounts. (ContentsControllerTest):
RuntimeError: program flow should not reach this message
Once again, the bahavior of your test is absolutely normal:
Your line raise "program flow should not reach this message"
will ALWAYS be executed since there is an object with the id
you pass: you just created it
You should just keep:
assert_difference("#{klass}.count", 0) do
delete :destroy, :id => p.id
end
And I an't see where your before_filter
is useful here
In your test,
delete :destroy, :id => p.id
won't raise any exceptions, so the execution continues normally, reaching the next line
raise "program flow should not reach this message"
and the test fails, because this is not caught. The before_filter has nothing to do with it, according to your test output, it's not even invoked.
精彩评论