I'm new to rails and I'm stuck in chapter 9.2.2 "Requiring the Right User", when I add the 2nd user archer to the users.yml file and add the other code to the user_controller_test.rb and the users_controller.rb, the run bundle exec rake test, I get 30 errors stating that:
ERROR["test_layout_links", SiteLayoutTest, 0.019046]
test_layout_links#SiteLayoutTest (0.02s)
ActiveRecord::StatementInvalid: ActiveRecord::StatementInvalid: SQLite3::SQLException: table users has no column named archer: INSERT INTO "users" ("name", "email", "password_digest", "archer", "created_at", "updated_at", "id") VALUES ('Michael Example', 'michael#example.com', '$2a$04$kDHpg7Zah2wc3X.YbWs5E.pytz8byEkUYo6O7uyPCftblGq3BEogW', '---
name: Sterling Archer
email: duchess#example.gov
password_digest:
users.yml code
michael:
name: Michael Example
email: michael#example.com
password_digest: <%= User.digest('password') %>
archer:
name: Sterling Archer
email: duchess#example.gov
password_digest: <%= User.digest('password') %>
users_controller_test.rb code
require 'test_helper'
class UsersControllerTest < ActionController::TestCase
def setup
#user = users(:michael)
#other_user = users(:archer)
end
test "should get new" do
get :new
assert_response :success
end
test "should redirect edit when not logged in" do
get :edit, id: #user
assert_not flash.empty?
assert_redirected_to login_url
end
test "should redirect update when not logged in" do
patch :update, id: #user, user: { name: #user.name, email: #user.email }
assert_not flash.empty?
assert_redirected_to login_url
end
test "should redirect edit when logged in as wrong user" do
log_in_as(#other_user)
get :edit, id: #user
assert flash.empty?
assert_redirected_to root_url
end
test "should redirect update when logged in as wrong user" do
log_in_as(#other_user)
patch :update, id: #user, user: { name: #user.name, email: #user.email }
assert flash.empty?
assert_redirected_to root_url
end
end
user_controller.rb code
class UsersController < ApplicationController
before_action :logged_in_user, only: [:edit, :update]
before_action :correct_user, only: [:edit, :update]
def show
#user = User.find(params[:id])
end
def new
#user = User.new
end
def create
#user = User.new(user_params)
if #user.save
log_in #user
flash[:success] = "Welcome to the Sample Application of the Great Bakerboi!"
redirect_to #user
else
render 'new'
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
if #user.update_attributes(user_params)
flash[:success] = "Profile updated"
redirect_to #user
else
render 'edit'
end
end
private
def user_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
# Before filters
# Confirms a logged-in user.
def logged_in_user
unless logged_in?
flash[:danger] = "Please log in."
redirect_to login_url
end
end
Confirms the correct user.
def correct_user
#user = User.find(params[:id])
redirect_to(root_url) unless #user == current_user
end
end
The problem is that you have inadvertently indented the definition of :archer in users.yml.
Related
I cannot get the test to pass for the password reset. It shows the following:
1) Error:
PasswordResetsTest#test_password_resets:
NoMethodError: undefined method `[]' for nil:NilClass
app/controllers/password_resets_controller.rb:10:in `create'
test/integration/password_resets_test.rb:14:in `block in <class:PasswordResetsTest>'
I am not sure what is causing the nil. Please help.
PasswordResetsController
class PasswordResetsController < ApplicationController
before_action :get_user, only: [:edit, :update]
before_action :valid_user, only: [:edit, :update]
before_action :check_expiration, only: [:edit, :update] # Case (1)
def new
end
def create
#user = User.find_by(email: params[:password_reset][:email].downcase)
if #user
#user.create_reset_digest
#user.send_password_reset_email
flash[:info] = "Email sent with password reset instructions"
redirect_to root_url
else
flash.now[:danger] = "Email address not found"
render 'new'
end
end
def edit
end
def update
if params[:user][:password].empty? # Case (3)
#user.errors.add(:password, "can't be empty")
render 'edit'
elsif #user.update_attributes(user_params) # Case (4)
log_in #user
flash[:success] = "Password has been reset."
redirect_to #user
else
render 'edit' # Case (2)
end
end
private
def user_params
params.require(:user).permit(:password, :password_confirmation)
end
# Before filters
def get_user
#user = User.find_by(email: params[:email])
end
# Confirms a valid user.
def valid_user
unless (#user && #user.activated? &&
#user.authenticated?(:reset, params[:id]))
redirect_to root_url
end
end
# Checks expiration of reset token.
def check_expiration
if #user.password_reset_expired?
flash[:danger] = "Password reset has expired."
redirect_to new_password_reset_url
end
end
end
PasswordsResetsTest
require 'test_helper'
class PasswordResetsTest < ActionDispatch::IntegrationTest
def setup
ActionMailer::Base.deliveries.clear
#user = users(:michael)
end
test "password resets" do
get new_password_reset_path
assert_template 'password_resets/new'
# Invalid email
post password_resets_path, params: { password_reset: { email: "" } }
assert_not flash.empty?
assert_template 'password_resets/new'
# Valid email
post password_resets_path,
params: { password_reset: { email: #user.email } }
assert_not_equal #user.reset_digest, #user.reload.reset_digest
assert_equal 1, ActionMailer::Base.deliveries.size
assert_not flash.empty?
assert_redirected_to root_url
# Password reset form
user = assigns(:user)
# Wrong email
get edit_password_reset_path(user.reset_token, email: "")
assert_redirected_to root_url
# Inactive user
user.toggle!(:activated)
get edit_password_reset_path(user.reset_token, email: user.email)
assert_redirected_to root_url
user.toggle!(:activated)
# Right email, wrong token
get edit_password_reset_path('wrong token', email: user.email)
assert_redirected_to root_url
# Right email, right token
get edit_password_reset_path(user.reset_token, email: user.email)
assert_template 'password_resets/edit'
assert_select "input[name=email][type=hidden][value=?]", user.email
# Invalid password & confirmation
patch password_reset_path(user.reset_token),
params: { email: user.email,
user: { password: "foobaz",
password_confirmation: "barquux" } }
assert_select 'div#error_explanation'
# Empty password
patch password_reset_path(user.reset_token),
params: { email: user.email,
user: { password: "",
password_confirmation: "" } }
assert_select 'div#error_explanation'
# Valid password & confirmation
patch password_reset_path(user.reset_token),
params: { email: user.email,
user: { password: "foobaz",
password_confirmation: "foobaz" } }
assert is_logged_in?
assert_not flash.empty?
assert_redirected_to user
end
end
Any help would be greatly appreciated.
i looked into Hartl's source and he has this line:
post password_resets_path, password_reset: { email: #user.email }
and yours is
post password_resets_path, params: { password_reset: { email: #user.email }}
this is new syntax that is compatible on Rails 5. the above solution is Rails 4.
You are missing #user.update_attribute(:reset_digest, nil) in your app/controllers/password_resets_controller.rb file. Update your file with below content.
class PasswordResetsController < ApplicationController
before_action :get_user, only: [:edit, :update]
before_action :valid_user, only: [:edit, :update]
before_action :check_expiration, only: [:edit, :update] # Case (1)
def new
end
def create
#user = User.find_by(email: params[:password_reset][:email].downcase)
if #user
#user.create_reset_digest
#user.send_password_reset_email
flash[:info] = "Email sent with password reset instructions"
redirect_to root_url
else
flash.now[:danger] = "Email address not found"
render 'new'
end
end
def edit
end
def update
if params[:user][:password].empty? # Case (3)
#user.errors.add(:password, "can't be empty")
render 'edit'
elsif #user.update_attributes(user_params) # Case (4)
log_in #user
#user.update_attribute(:reset_digest, nil)
flash[:success] = "Password has been reset."
redirect_to #user
else
render 'edit' # Case (2)
end
end
private
def user_params
params.require(:user).permit(:password, :password_confirmation)
end
# Before filters
def get_user
#user = User.find_by(email: params[:email])
end
# Confirms a valid user.
def valid_user
unless (#user && #user.activated? &&
#user.authenticated?(:reset, params[:id]))
redirect_to root_url
end
end
# Checks expiration of reset token.
def check_expiration
if #user.password_reset_expired?
flash[:danger] = "Password reset has expired."
redirect_to new_password_reset_url
end
end
end
Update as per suggested and you will be able to see green test.
Working through Hartl's tutorial, in Chapter 9, Listing 9.56 produces the following error, showing 'admin?' as an undefined method.
I've checked (and rechecked) the 2 sections of code that have been revised since the last green test. Stumped.
ERROR["test_should_redirect_destroy_when_not_logged_in", UsersControllerTest, 2016-02-26 21:29:01 -0500]
test_should_redirect_destroy_when_not_logged_in#UsersControllerTest (1456540141.41s)
NoMethodError: NoMethodError: undefined method `admin?' for nil:NilClass
app/controllers/users_controller.rb:73:in `admin_user'
test/controllers/users_controller_test.rb:48:in `block (2 levels) in <class:UsersControllerTest>'
test/controllers/users_controller_test.rb:47:in `block in <class:UsersControllerTest>'
app/controllers/users_controller.rb:73:in `admin_user'
test/controllers/users_controller_test.rb:48:in `block (2 levels) in <class:UsersControllerTest>'
test/controllers/users_controller_test.rb:47:in `block in <class:UsersControllerTest>'
39/39: [==========================================================] 100% Time: 00:00:00, Time: 00:00:00
Finished in 0.97767s
39 tests, 152 assertions, 0 failures, 1 errors, 0 skips
Note that the admin field was added to the database during a migration, which I understand should automatically produce a boolean admin? method
class AddAdminToUsers < ActiveRecord::Migration
def change
add_column :users, :admin, :boolean, default: false
end
end
users_controller_test.rb is where the problem apparently resides, specifically in the lines:
test "should redirect destroy when not logged in" do
assert_no_difference 'User.count' do
delete :destroy, id: #user
...while the complete file looks like this:
require 'test_helper'
class UsersControllerTest < ActionController::TestCase
def setup
#user = users(:michael)
#other_user = users(:archer)
end
test "should redirect index when not logged in" do
get :index
assert_redirected_to login_url
end
test "should get new" do
get :new
assert_response :success
end
test "should redirect edit when not logged in" do
get :edit, id: #user
assert_not flash.empty?
assert_redirected_to login_url
end
test "should redirect to update when not logged in" do
patch :update, id: #user, user: { name: #user.name, email: #user.email }
assert_not flash.empty?
assert_redirected_to login_url
end
test "should redirect edit when logged in as wrong user" do
log_in_as(#other_user)
get :edit, id: #user
assert flash.empty?
assert_redirected_to root_url
end
test "should redirect update when logged in as wrong user" do
log_in_as(#other_user)
patch :update, id: #user, user: {name: #user.name, email: #user.email }
assert flash.empty?
assert_redirected_to root_url
end
test "should redirect destroy when not logged in" do
assert_no_difference 'User.count' do
delete :destroy, id: #user
end
assert_redirected_to login_url
end
test "should redirect destroy when logged in as a non-admin" do
log_in_as(#other_user)
assert_no_difference 'User.count' do
delete :destroy, id: #user
end
assert_redirected_to root_url
end
end
and here's the contents of users.yaml
# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
michael:
name: Michael Example
email: michael#example.com
password_digest: <%= User.digest('password') %>
admin: true
archer:
name: Sterling Archer
email: duchess#example.gov
password_digest: <%= User.digest('password') %>
lana:
name: Lana Kane
email: hands#example.gov
password_digest: <%= User.digest('password') %>
mallory:
name: Mallory Archer
email: boss#example.gov
password_digest: <%= User.digest('password') %>
<% 30.times do |n| %>
user_<%= n %>:
name: <%= "User #{n}" %>
email: <%= "user-#{n}#example.com" %>
password_digest: <%= User.digest('password') %>
<% end %>
Just to add to this. Whilst bf34's answer does the trick it may not be the correct solution.
Currently doing this tutorial and had the same issue. The reason it was purely current_user.admin? is because it shouldn't even reach this check if not logged in.
After a bit of rereading of my code I discovered that I didn't have the before_action of logged_in_user for the destroy method (see second line).
app/controllers/users_controller.rb:
class UsersController < ApplicationController
before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
before_action :correct_user, only: [:edit, :update]
before_action :admin_user, only: :destroy
def index
#users = User.paginate(page: params[:page])
end
def show
#user = User.find(params[:id])
end
def new
#user = User.new
end
def create
#user = User.new(user_params)
if #user.save
log_in #user
flash[:success] = "Welcome to the Sample App!"
redirect_to #user
else
render 'new'
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
if #user.update_attributes(user_params)
# Handle a successful update.
flash[:success] = "Profile updated"
redirect_to #user
else
render 'edit'
end
end
def destroy
User.find(params[:id]).destroy
flash[:success] = "User deleted"
redirect_to users_url
end
private
def user_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
# Before filters
# Confirms a logged-in user.
def logged_in_user
unless logged_in?
store_location
flash[:danger] = "Please log in."
redirect_to login_url
end
end
# Confirms the correct user.
def correct_user
#user = User.find(params[:id])
redirect_to(root_url) unless current_user?(#user)
end
def admin_user
redirect_to(root_url) unless current_user.admin?
end
end
from the error message it looks like you're calling admin? on current_user but you don't have anyone logged in, so current_user is nil. Try doing current_user.try(:admin?) instead which will return nil if current_user is also nil.
I have run into 4 errors on section 9.2.2.
Errors
ERROR["test_unsuccessful_edit", UsersEditTest, 2015-11-05 04:35:59 -0600]
test_unsuccessful_edit#UsersEditTest (1446719759.23s)
NoMethodError: NoMethodError: undefined method correct_user?' for #<UsersController:0x007fcdf48ad378>
app/controllers/users_controller.rb:58:incorrect_user'
test/integration/users_edit_test.rb:10:in block in <class:UsersEditTest>'
app/controllers/users_controller.rb:58:incorrect_user'
test/integration/users_edit_test.rb:10:in `block in '
ERROR["test_successful_edit", UsersEditTest, 2015-11-05 04:35:59 -0600]
test_successful_edit#UsersEditTest (1446719759.28s)
NoMethodError: NoMethodError: undefined method correct_user?' for #<UsersController:0x007fcdefcea198>
app/controllers/users_controller.rb:58:incorrect_user'
test/integration/users_edit_test.rb:21:in block in <class:UsersEditTest>'
app/controllers/users_controller.rb:58:incorrect_user'
test/integration/users_edit_test.rb:21:in `block in '
ERROR["test_should_redirect_edit_when_logged_in_as_wrong_user", UsersControllerTest, 2015-11-05 04:35:59 -0600]
test_should_redirect_edit_when_logged_in_as_wrong_user#UsersControllerTest (1446719759.42s)
NoMethodError: NoMethodError: undefined method correct_user?' for #<UsersController:0x007fcdf529f778>
app/controllers/users_controller.rb:58:incorrect_user'
test/controllers/users_controller_test.rb:29:in block in <class:UsersControllerTest>'
app/controllers/users_controller.rb:58:incorrect_user'
test/controllers/users_controller_test.rb:29:in `block in '
ERROR["test_should_redirect_update_when_logged_in_as_wrong_user", UsersControllerTest, 2015-11-05 04:35:59 -0600]
test_should_redirect_update_when_logged_in_as_wrong_user#UsersControllerTest (1446719759.44s)
NoMethodError: NoMethodError: undefined method correct_user?' for #<UsersController:0x007fcdf531e118>
app/controllers/users_controller.rb:58:incorrect_user'
test/controllers/users_controller_test.rb:36:in block in <class:UsersControllerTest>'
app/controllers/users_controller.rb:58:incorrect_user'
test/controllers/users_controller_test.rb:36:in `block in '
32/32: [======================] 100% Time: 00:00:01, Time: 00:00:01
Finished in 1.70355s
32 tests, 64 assertions, 0 failures, 4 errors, 0 skips
Users_controller.rb
class UsersController < ApplicationController
before_action :logged_in_user, only: [:edit, :update]
before_action :correct_user, only: [:edit, :update]
def show
#user = User.find(params[:id])
end
def new
#user = User.new
end
def create
#user = User.new(user_params)
if #user.save
log_in #user
flash[:success] = "Welcome to the Sample App!"
redirect_to #user
else
render 'new'
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
if #user.update_attributes(user_params)
flash[:success] = "Profile updated"
redirect_to #user
else
render 'edit'
end
end
private
def user_params
params.require(:user).permit(:name, :email, :password,
:password_confirmation)
end
# Before Filters
# Confirms a logged-in user.
def logged_in_user
unless logged_in?
flash[:danger] = "Please log in."
redirect_to login_url
end
end
# Confirms the correct user.
def correct_user
#user = User.find(params[:id])
redirect_to(root_url) unless correct_user?(#user)
end
end
User_controller_test
require 'test_helper'
class UsersControllerTest < ActionController::TestCase
def setup
#user = users(:michael)
#other_user = users(:archer)
end
test "should get new" do
get :new
assert_response :success
end
test "should redirect edit when logged in" do
get :edit, id: #user
assert_not flash.empty?
assert_redirected_to login_url
end
test "should redirect update when not logged in" do
patch :update, id: #user, user: { name: #user.name, email: #user.email }
assert_not flash.empty?
assert_redirected_to login_url
end
test "should redirect edit when logged in as wrong user" do
log_in_as(#other_user)
get :edit, id: #user
assert flash.empty?
assert_redirected_to root_url
end
test "should redirect update when logged in as wrong user" do
log_in_as(#other_user)
patch :update, id: #user, user: { name: #user.name, email: #user.email }
assert flash.empty?
assert_redirected_to root_url
end
end
users.yml
michael:
name: Michael Example
email: michael#example.com
password_digest: <%= User.digest('password') %>
archer:
name: Sterling Archer
email: duchess#example.gov
password_digest: <%= User.digest('password') %>
users_edit_test
require 'test_helper'
class UsersEditTest < ActionDispatch::IntegrationTest
def setup
#user = users(:michael)
end
test "unsuccessful edit" do
log_in_as(#user)
get edit_user_path(#user)
assert_template 'users/edit'
patch user_path(#user), user: { name: "",
email: "foo#invalid",
password: "foo",
password_confirmation: "bar" }
assert_template 'users/edit'
end
test "successful edit" do
log_in_as(#user)
get edit_user_path(#user)
assert_template 'users/edit'
name = "Foo Bar"
email = "foo#bar.com"
patch user_path(#user), user: { name: name,
email: email,
password: "",
password_confirmation: "" }
assert_not flash.empty?
assert_redirected_to #user
#user.reload
assert_equal name, #user.name
assert_equal email, #user.email
end
end
I think that is all that would be needed to help. I have been struggling for some time now. This is my first post, sorry if it isn't easy to read.
correct_user? isn't defined anywhere.
redirect_to(root_url) unless correct_user?(#user)
Rails's syntactic sugar is going to look for a model flag correct_user or a boolean-returning function #correct_user? getter. I'm assuming that you're trying to validate that an update request from a user actually belongs to the correct user. To do this you must have current_user stored in a session, and then check the request param[:id] == current_user.id
I am on chapter 9 and it seems that the tests are failing once again. Here is the relevant code:
sessions_helper.rb:
module SessionsHelper
#logs in the given user
def log_in(user)
session[:user_id] = user.id
end
#Remember a user in a persistent session
def remember(user)
user.remember
cookies.permanent.signed[:user_id] = user.id
cookies.permanent[:remember_token] = user.remember_token
end
def current_user?
user == current_user
end
def current_user
if (user_id = session[:user_id])
#current_user ||= User.find_by(id: user_id)
elsif (user_id = cookies.signed[:user_id])
user = User.find_by(id: user_id)
if user && user.authenticated?(cookies[:remember_token])
log_in user
#current_user = user
end
end
end
def logged_in?
!current_user.nil?
end
#Forgets a persistent session
def forget(user)
user.forget
cookies.delete(:user_id)
cookies.delete(:remember_token)
end
def log_out
forget(current_user)
session.delete(:user_id)
#current_user = nil
end
end
Here is users_edit_test.rb:
require 'test_helper'
class UsersEditTest < ActionDispatch::IntegrationTest
# test "the truth" do
# assert true
# end
def setup
#user = users(:michael)
end
test "successful edit" do
log_in_as(#user)
get edit_user_path(#user)
assert_template 'users/edit'
name = "Foo Bar"
email = "foo#bar.com"
patch user_path(#user), user: { name: name,
email: email,
password: "",
password_confirmation: ""}
assert_not flash.empty?
assert_redirected_to #user
#user.reload
assert_equal name, #user.name
assert_equal email, #user.email
end
test "unsuccessful edit" do
log_in_as(#user)
get edit_user_path(#user)
assert_template 'users/edit'
patch user_path(#user), user: { name: "",
email: "foo#invalid",
password: "foo",
password_confirmation: "bar"}
assert_template 'users/edit'
end
end
Here is users_controller.rb:
class UsersController < ApplicationController
before_action :logged_in_user, only: [:edit, :update]
before_action :correct_user, only: [:edit, :update]
def show
#user = User.find(params[:id])
# debugger
end
def new
#user = User.new
end
def create
#user = User.new(user_params)
if #user.save
#Handle a successful save
log_in #user
flash[:success] = "Welcome to the Sample App!"
redirect_to #user
else
render 'new'
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
if #user.update_attributes(user_params)
#Handle a successful update.
flash[:success] = "Profile updated"
redirect_to #user
else
render 'edit'
end
end
private
def user_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
#Before filters
# Confirms a logged-in user
def logged_in_user
flash[:danger] = "Please login to access this page."
redirect_to login_url
end
def correct_user
#user - User.find(params[:id])
redirect_to(root_url) unless #user == current_user
end
end
And lastly here are the errors:
1) Failure:
UsersEditTest#test_unsuccessful_edit [/home/robert/sample_app/test/integration/users_edit_test.rb:32]:
expecting <"users/edit"> but rendering with <[]>
2) Failure:
UsersEditTest#test_successful_edit [/home/robert/sample_app/test/integration/users_edit_test.rb:15]:
expecting <"users/edit"> but rendering with <[]>
3) Failure:
UsersControllerTest#test_should_redirect_update_when_logged_in_as_wrong_user [/home/robert/sample_app/test/controllers/users_controller_test.rb:37]:
Failed assertion, no message given.
4) Failure:
UsersControllerTest#test_should_redirect_edit_when_logged_in_as_wrong_user [/home/robert/sample_app/test/controllers/users_controller_test.rb:30]:
Failed assertion, no message given.
This is annoying cause I don't see anything different from the book and the code that I have (in most parts copied and pasted from the book). In the book it apparently works, but when I run the test I get these four failures.
I see, you have a typo in your code.
In your users_controller.rb's correct_user method, you have: #user - User.find(params[:id]), which should be: #user = User.find(params[:id]).
Change that to:
def correct_user
#user = User.find(params[:id])
redirect_to(root_url) unless #user == current_user
end
See if that fixes your issue.
If not, try adding these two methods to your SessionsHelper module.
If that also does not fix your issue. I would suggest you to clone the original working repo from github and try to figure out what you have missed in your version. I have cloned this github repo and all the tests are passing.
this test fails
describe "forbidden attributes", type: :request do
# let(:user) { FactoryGirl.create(:user) }
let(:params) do
{ user: { zero_cost: true, password: user.password, password_confirmation: user.password } }
end
before do
sign_in user, no_capybara: true
patch user_path(user), params
end
specify { expect(user.reload).not_to be_zero_cost }
end
a link to my github is here for the full code
It was previously run for the admin boolean table column but I switched it to another column to see if the test would still fail, same error.
the user controller is
class UsersController < ApplicationController
before_action :signed_in_user, only: [:index, :edit, :update, :destroy]
before_action :correct_user, only: [:edit, :update]
before_action :admin_user, only: :destroy
def index
#users = User.paginate(page: params[:page])
end
def show
#user = User.find(params[:id])
end
def new
#user = User.new
end
def create
#user = User.new(user_params)
if #user.save
sign_in #user
flash[:success] = "Welcome to the Sample!"
redirect_to #user
else
render 'new'
end
end
def edit
end
def update
if #user.update_attributes(user_params)
flash[:success] ="Profile updated"
redirect_to #user
else
render 'edit'
end
end
def destroy
User.find(params[:id]).destroy
flash[:success] = "User deleted."
redirect_to users_url
end
private
def user_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
# before filters
def signed_in_user
unless signed_in?
store_location
redirect_to signin_url, notice: "Please sign in."
end
end
def correct_user
#user = User.find(params[:id])
redirect_to(root_url) unless current_user?(#user)
end
def admin_user
redirect_to(root_url) unless current_user.admin?
end
end
Remove sign_in from your test:
describe "forbidden attributes" do
let(:user) { FactoryGirl.create(:user) }
before do
patch :update, id: user.id, user: { zero_cost: true, password: user.password, password_confirmation: user.password }
end
specify {
expect(assigns(:user).zero_cost).to be_true
expect(response).to redirect_to(user_path(assigns(:user).id))
}
end
You have to create the method 'Sign in' in 'spec / support / utilities.rb' that way you can access it in your tests.
You can confirm this checking the file 'utilities.rb' in Michael Hartl sample App in GitHub:
https://github.com/mhartl/sample_app_4_0_upgrade/blob/master/spec/support/utilities.rb
the rails tutorial originally puts this test in the describe edit section but here (solution 18305598 ) it advised to put it with 'user' tests
removing the sign_in user within the before block is correct
this is the corrected working test
describe "forbidden attributes", type: :request do
let(:user) { FactoryGirl.create(:user) }
let(:params) do
{ user: { admin: true, password: user.password, password_confirmation: user.password } }
end
before do
patch user_path(user), params
end
specify { expect(user.reload).not_to be_admin }
end
this block of code at the top of the script must be run
before(:each) do
sign_in user
visit users_path
end
means I cannot run just the single test with this command
bundle exec rspec spec/features/user_pages_spec.rb -e "forbidden attributes"
because the it requires the user to be signed in