I'm working on the exercises from Chapter 10 of the Rails Tutorial and ran in to a snag with the exercise that has me ensure that an admin user can't delete themselves. My initial idea was to simply check the id of the current user and compare it against params[:id] to make sure that they're not equal. My destroy action in my Users controller looked like this:
def destroy
if current_user.id == params[:id].to_i
flash[:notice] = "You cannot delete yourself."
else
User.find(params[:id]).destroy
flash[:success] = "User destroyed."
end
redirect_to users_path
end
This works perfectly when I test it manually in the app but 3 of my RSpec tests fail with the same "undefined method 'to_i'" error (as seen below):
1) UsersController DELETE 'destroy' as an admin user should destory the user
Failure/Error: delete :destroy, :id => #user
NoMethodError:
undefined method `to_i' for #<User:0x000001032de188>
# ./app/controllers/users_controller.rb:48:in `destroy'
# ./spec/controllers/users_controller_spec.rb:310:in `block (5 levels) in <top (required)>'
# ./spec/controllers/users_controller_spec.rb:309:in `block (4 levels) in <top (required)>'
2) UsersController DELETE 'destroy' as an admin user should redirect to the users page
Failure/Error: delete :destroy, :id => #user
NoMethodError:
undefined method `to_i' for #<User:0x000001032b5850>
# ./app/controllers/users_controller.rb:48:in `destroy'
# ./spec/controllers/users_controller_spec.rb:315:in `block (4 levels) in <top (required)>'
3) UsersController DELETE 'destroy' as an admin user should not allow you to destroy self
Failure/Error: delete :destroy, :id => #admin
NoMethodError:
undefined method `to_i' for #<User:0x0000010327e350>
# ./app/controllers/users_controller.rb:48:in `destroy'
# ./spec/controllers/users_controller_spec.rb:321:in `block (5 levels) in <top (required)>'
# ./spec/controllers/users_controller_spec.rb:320:in `block (4 levels) in <top (required)>'
If I use the params[:id] to find the user and compare it to the current_user like I have below then it works both in the app and in RSpec.
def destroy
if current_user == User.find(params[:id])
flash[:notice] = "You cannot delete yourself."
else
User.find(params[:id]).destroy
flash[:success] = "User destroyed."
end
redirect_to users_path
end
Why would there be a problem in RSpec with the "to_i" method? If anyone is wondering I was leaning toward that approach because I thought it would best to simply compare the current user id to the id of the user targeted for deletion (via the params[:id]) instead of hitting the db to "find" the user.
For reference this is my RSpec test:
describe "DELETE 'destroy'" do
before(:each) do
#user = Factory(:user)
end
...
describe "as an admin user" do
before(:each) do
#admin = Factory(:user, :email => "admin#example.com", :admin => true)
test_sign_in(#admin)
end
it "should destory the user" do
lambda do
delete :destroy, :id => #user
end.should change(User, :count).by(-1)
end
it "should redirect to the users page" do
delete :destroy, :id => #user
response.should redirect_to(users_path)
end
it "should not allow you to destroy self" do
lambda do
delete :destroy, :id => #admin
end.should change(User, :count).by(0)
response.should redirect_to(users_path)
flash[:notice].should =~ /cannot delete yourself/
end
end
end
Any help would be appreciated!
In your specs, try using #user.id instead of #user on your :id parameter (I realize the Tutorial says to just use #user, but something may be going on where the id isn't being properly extracted):
delete :destroy, :id => #user.id
But you may consider restructuring to something like this:
#user = User.find(params[:id])
if current_user == #user
flash[:notice] = "You cannot delete yourself."
else
#user.destroy
flash[:success] = "User destroyed."
end
Related
So I started learning rails by writing a small task tracking app. Now I'm trying to refactor to be a little more secure. For example, before updating or destroying, I'm now using a scope to make sure you're looking at your own task.
After doing this though, three tests are no longer passing and I'm not sure how to fix them. What am I doing wrong? Do I need to change the tests or did I forget to do something with the factory?
Thanks!
**Task#controller**
def update
#task = current_user.tasks.where(id: params[:id])
authorize #task
if #task.update_attributes(task_params)
else
flash[:error] = "There was an error updating the todo."
end
respond_with(#task) do |format|
format.html { redirect_to tasks_path }
end
end
def destroy
#task = current_user.tasks.where(id: params[:id])
authorize #task
if #task.destroy
flash[:notice] = "Todo was deleted successfully."
else
flash[:error] = "There was an error deleting the todo."
end
respond_with(#task) do |format|
format.html { redirect_to tasks_path }
end
end
Test 1 and 2
**task_controller_spec**
require 'rails_helper'
describe TasksController do
include Devise::TestHelpers
before do
#user = create(:user)
sign_in #user
end
describe '#update-completed' do
it "updates a task to be completed" do
task = create(:task, user: #user)
expect( task.completed ).to eq(false)
patch :update, id: task.id, task:{completed: true}
task.reload
expect( task.completed ).to eq(true)
end
end
describe '#destroy' do
it "deletes a task" do
task = create(:task, user: #user)
delete :destroy, id: task.id
expect( #user.tasks.count ).to eq(0)
end
end
end
Test 3
**feature_spec**
require 'rails_helper'
feature "Task" do
include Warden::Test::Helpers
Warden.test_mode!
before do
#user = create(:user)
login_as(#user, :scope => :user)
end
feature "completes", js: true do
scenario "a task using a checkbox" do
task = create(:task, user: #user)
visit tasks_path
check("task[completed]")
expect( page ).to have_content('Todo completed!')
end
end
after do
Warden.test_reset!
end
end
which result in...
1) TasksController#update-completed updates a task to be completed
Failure/Error: patch :update, id: task.id, task:{completed: true}
NoMethodError:
undefined method `user' for # <ActiveRecord::AssociationRelation::ActiveRecord_AssociationRelation_Task:0xc1e4450>
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/activerecord-4.0.9/lib/active_record/relation/delegation.rb:121:in `method_missing'
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/activerecord-4.0.9/lib/active_record/relation/delegation.rb:68:in `method_missing'
# ./app/policies/application_policy.rb:26:in `update?'
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/pundit-0.3.0/lib/pundit.rb:70:in `public_send'
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/pundit-0.3.0/lib/pundit.rb:70:in `authorize'
# ./app/controllers/tasks_controller.rb:28:in `update'
2) TasksController#destroy deletes a task
Failure/Error: delete :destroy, id: task.id
NoMethodError:
undefined method `user' for #<ActiveRecord::AssociationRelation::ActiveRecord_AssociationRelation_Task:0xc51965c>
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/activerecord-4.0.9/lib/active_record/relation/delegation.rb:121:in `method_missing'
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/activerecord-4.0.9/lib/active_record/relation/delegation.rb:68:in `method_missing'
# ./app/policies/application_policy.rb:26:in `update?'
# ./app/policies/application_policy.rb:34:in `destroy?'
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/pundit-0.3.0/lib/pundit.rb:70:in `public_send'
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/pundit-0.3.0/lib/pundit.rb:70:in `authorize'
# ./app/controllers/tasks_controller.rb:42:in `destroy'
3) Task completes a task with a checkbox
Failure/Error: Unable to find matching line from backtrace
NoMethodError:
undefined method `user' for #<ActiveRecord::AssociationRelation::ActiveRecord_AssociationRelation_Task:0xbe5fb04>
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/activerecord-4.0.9/lib/active_record/relation/delegation.rb:121:in `method_missing'
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/activerecord-4.0.9/lib/active_record/relation/delegation.rb:68:in `method_missing'
# ./app/policies/application_policy.rb:26:in `update?'
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/pundit-0.3.0/lib/pundit.rb:70:in `public_send'
# /home/vagrant/.rvm/gems/ruby-2.0.0-p481/gems/pundit-0.3.0/lib/pundit.rb:70:in `authorize'
# ./app/controllers/tasks_controller.rb:28:in `update'
Task factory
**task factory**
FactoryGirl.define do
factory :task do
description "MyText"
user nil
completed false
end
end
Change
# Returns an ActiveRecord::AssociationRelation
#task = current_user.tasks.where(id: params[:id])
to
# Returns a single Task instance
#task = current_user.tasks.find(params[:id])
find docs: http://api.rubyonrails.org/classes/ActiveRecord/FinderMethods.html#method-i-find
I'm now making Rspec test for users_controller.rb. However I'm in trouble the error NoMethodError: undefined method 'user_url' as follow.
FF
Failures:
1) UsersController PUT update user update does not succeed
Failure/Error: put :update, {:id => user.to_param}, valid_session, :user_route => user
NoMethodError:
undefined method `user_url' for #<UsersController:0x52e40e0>
# ./app/controllers/users_controller.rb:21:in `block (2 levels) in update'
# ./app/controllers/users_controller.rb:18:in `update'
# ./spec/controllers/users_controller_spec.rb:64:in `block (3 levels) in <top (required)>'
2) UsersController PUT update user update succeeds
Failure/Error: put :update, {:id => user.to_param}, valid_session, :user_route => user
NoMethodError:
undefined method `user_url' for #<UsersController:0x53bc560>
# ./app/controllers/users_controller.rb:21:in `block (2 levels) in update'
# ./app/controllers/users_controller.rb:18:in `update'
# ./spec/controllers/users_controller_spec.rb:58:in `block (3 levels) in <top (required)>'
Finished in 0.679 seconds
2 examples, 2 failures
Failed examples:
rspec ./spec/controllers/users_controller_spec.rb:61 # UsersController PUT update user update does not succeed
rspec ./spec/controllers/users_controller_spec.rb:56 # UsersController PUT update user update succeeds
Randomized with seed 33412
users_controller.rb
class UsersController < ApplicationController
def show
#user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => #user }
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
respond_to do |format|
if #user.update_attributes(params[:user])
format.html { redirect_to #user, notice: 'User was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "user#edit" }
format.json { render json: #idea.errors, status: :unprocessable_entity }
end
end
end
end
Also here is my Rspec users_controller_spec.rb. I made two tests about "POST update". One is for being updated successfully. Another is for not being updated. (About the latter, I put the stub User.stub(:update_attribute).and_return(false) which I expect that "update_attribute" returns "false" so that process proceeds to "else".)
require 'spec_helper'
describe UsersController do
let(:valid_attributes) { {
"email" => "hoge#hogehoge.com",
"password" => "12345678"
} }
def valid_session
{}
end
describe "PUT update" do
it "user update succeeds" do
user = User.create! valid_attributes
put :update, {:id => user.to_param}, valid_session
assigns(:user).should eq(user)
end
it "user update does not succeed" do
user = User.create! valid_attributes
User.stub(:update_attribute).and_return(false)
put :update, {:id => user.to_param}, valid_session
assigns(:user).should eq(user)
response.should render_template("edit")
end
end
end
I have no idea to solve this, because I cannot understand where user_url did come. So I would like to have your help.
When you use redirect_to #user, rails sends that request to UsersController#show, but it does so by calling user_url(#user). If I had to guess, you probably don't have the line that defines user_url:
resources :users
in your routes.rb file. This would automatically create the named route user_url that your controller is referencing with redirect_to #user
Alternatively, you could define the route yourself in your routes.rb file like so:
get "/users/show" => "users#show", as: :user
But that's not really the 'Rails-y' way to do it. At any time, you can run the command rake routes in the terminal to see all the named routes you have defined in your routes.rb file. If user isn't there, then you need to define it like I mentioned above.
More info on named routes here: http://guides.rubyonrails.org/routing.html#singular-resources
If you are using devise then check if the following method returns anything.
def after_sign_in_path_for(resource)
in application_controller.rb
If the method returns nothing you will receive the error:
undefined method `user_url' for #
I also ended up removing
stored_location_for(resource)
in after_sign_in_path_for(resource) because it was causing an endless loop. Refer to this answer for details.
rails:3 Devise signup Filter chain halted as :require_no_authentication rendered or redirected
I run an RSpec testcase that fills a form and submits it. I get the following error:
1) Sign Up Advertiser after adding valid information should create a user
Failure/Error: expect { click_button submit }.to change(User, :user_key)
NoMethodError:
undefined method `model_name' for Fixnum:Class
# /mnt/hgfs/Projekte/adserve.example.de/app/controllers/advertisers_controller.rb:31:in `tryToCreateUser'
# /mnt/hgfs/Projekte/adserve.example.de/app/controllers/advertisers_controller.rb:14:in `create'
# ./sign_up_advertiser_spec.rb:32:in `block (4 levels) in <top (required)>'
# ./sign_up_advertiser_spec.rb:32:in `block (3 levels) in <top (required)>'
This is the code for the controller:
class AdvertisersController < ApplicationController
...
def home
#menuindex = 0
end
def create
#user = Advertiser.new (params[:advertiser])
tryToCreateUser
end
def tryToCreateUser
if #user.save
#user = Advertiser.retrieve(#user.id)
redirect_to home, :notice => "You successfully signed up " + #user.full_name
else
render :action => "/users/new", :layout => 'application'
end
end
end
And this is what the routes.rb looks like
match "signup_advertiser" => "advertisers#new", :as => "signup_advertiser"
match "signup_publisher" => "publishers#new", :as => "signup_publisher"
get "advertisers_home" => "advertisers#home"
resources :advertisers
So I guess the mistake is in the redirect_to part. But I can't figure it out. I fiddled around with rendering a custom action in 'home' and some other stuff. I think it's something pretty basic so help would be very appreciated. Thanks.
Yes, the problem is there. You should use home as a symbol on the redirect_to method:
def tryToCreateUser
if #user.save
#user = Advertiser.retrieve(#user.id)
redirect_to :home, :notice => "You successfully signed up " + #user.full_name
else
render :action => "/users/new", :layout => 'application'
end
end
What you do now is: redirect_to 0 since you are actually calling the controllers method "home".
Here is the rspec code for create in controller:
describe "'create' successful" do
before(:each) do
#customer = mock_model(Customer)
#customer.stub(:save).and_return(true)
session[:sales] = true
session[:user_id] = 1
session[:user_name] = "sales.name"
session[:page_step] = 1
session['page1'] = customers_path
end
it "should create one customer record" do
lambda do
put 'create', #customer
end.should change(Customer, :count).by(1)
end
it "should redirect to customers path" do
put 'create', #customer
flash[:notice].should_not be_nil
response.should redirect_to(customers_path)
end
end
Here is the create in controller:
def create
if session[:sales]
#customer = Customer.new(params[:customer], :as => :roles_new_update)
#customer.sales_id = session[:user_id]
if #customer.save
#message = "New customer #{params[:name]} was created. Please check it out"
#subject = "New customer #{params[:name]} was created BY {#session[:user_name]}"
UserMailer.notify_tl_dh_ch_ceo(#message, #subject, session[:user_id])
redirect_to session[('page' + session[:page_step].to_s).to_sym], :notice => 'Customer was created successfaully!'
else
render 'new', :notice => 'Customer was not saved!'
end
end
end
Here is the error in rspec:
1) CustomersController GET customer page 'create' successful should create one customer record
Failure/Error: put 'create', #customer
NoMethodError:
undefined method `symbolize_keys' for "1001":String
# ./spec/controllers/customers_controller_spec.rb:40:in `block (5 levels) in <top (required)>'
# ./spec/controllers/customers_controller_spec.rb:39:in `block (4 levels) in <top (required)>'
2) CustomersController GET customer page 'create' successful should redirect to customers path
Failure/Error: put 'create', #customer
NoMethodError:
undefined method `symbolize_keys' for "1002":String
# ./spec/controllers/customers_controller_spec.rb:45:i
The problem is with the mocking data of #customer. What's wrong with the mocking in spec?
Thanks.
There is nothing wrong, you simply have to make your model fetch the mock you've created.
Proceed this way:
#customer = mock_model(Customer)
#customer.stub(:save).and_return(true)
Customer.should_receive(:new).and_return(#customer)
Rereading your question I figured out that Rails could be complaining because when you pass a variable to your route, it should respond to to_param.
But your mock doesn't: it's nothing.
I'd say choose among the following:
use a Factory which is a real ActiveRecord object with the right properties
edit your test for something like put 'create', 1234 or any integer you want.
BTW, put triggers the update action which is not supposed to created objects but simply change them.
Here is the error for update in rspec:
4) CustomersController GET customer page 'update' should be successful
Failure/Error: post 'update', customer
NoMethodError:
undefined method `symbolize_keys' for "1":String
# ./spec/controllers/customers_controller_spec.rb:38:in `block (3 levels) in <top (required)>'
The rspec code:
it "'update' should be successful" do
customer = Factory(:customer)
post 'update', customer
response.should be_success
end
The update in customers controller:
def update
#customer = Customer.find(params[:id])
if #customer.update_attributes(params[:customer], :as => :roles_new_update)
if #customer.changed
#message = 'The following info have been changed\n' + #customer.changes.to_s
#subject ='Customer info was changed BY' + session[:user_name]
notify_all_in_sales_eng(#message,#subject)
end
redirect_to session[('page'+session[:page_step].to_s).to_sym], :notice => 'Customer was updated successfaully!'
else
render 'edit', :notice => 'Customer was not updated!'
end
end
Any thoughts about the error? Thanks.
I will not enter into details on RSpec, but I just met the same error and this is how I would correct it for your code:
it "'update' should be successful" do
customer = Factory(:customer)
post 'update', :id => customer.id
response.should be_success
end
I think you can't provide your object directly to the post method, you must pass it's id as in a Hash instead.
(Please note too that this code assumes your customer exists in the test database, so your Factory must create it.)