Lacking some enlightenment on why rspec says I have a 200 response when I do not

I am writing a few low level tests for my controllers to verify security. New to rspec and am seeing some unexpected activity:
If I run this spec:
describe “GET index” do
it “does not load for guest role” do
get :new
flash[:notice].should match RESTRICTED_PAGE_NOTICE
response.should redirect_to(login_path)
Which hits
class PracticesController < ApplicationController
def index
@practices = Practice.all
respond_to do |format|
format.html # index.html.erb
But the controller also inherits from the application controller which:
class ApplicationController

when ‘practices’
redirect_to login_path if action_name != ‘new’ && action_name != ‘create’
I have verified the redirect and message in a browser, so this code is executing as expected in ‘reality’.
Then why do I get this error:

  1. PracticesController GET index does not load for guest role
    Failure/Error: response.should redirect_to(login_path)
    Expected response to be a <:redirect>, but was <200>.
    Expected block to return true value.

It is true, if the controller is isolated and not inheriting from the app controller, it would be a 200. But with the app controller it should redirect before it ever hits the method.

The line in the app controller “flash[:notice] = RESTRICTED_PAGE_NOTICE” clearly gets evaluated as the line in the spec “flash[:notice].should match RESTRICTED_PAGE_NOTICE” passes, BUT this line in the app controller “redirect_to login_path if action_name != ‘new’ && action_name != ‘create’” does not get evaluated as rspec says I have a 200 response? I am really confused and don’t like what feels to be a weird paradox…

Can anyone enlighten me?