I am writing a few low level tests for my controllers to verify security. New to rspec and am seeing some unexpected activity:
If I run this spec:
describe “GET index” do
it “does not load for guest role” do
flash[:notice].should match RESTRICTED_PAGE_NOTICE
class PracticesController < ApplicationController
@practices = Practice.all
respond_to do |format|
format.html # index.html.erb
But the controller also inherits from the application controller which:
flash[:notice] = RESTRICTED_PAGE_NOTICE
redirect_to login_path if action_name != ‘new’ && action_name != ‘create’
I have verified the redirect and message in a browser, so this code is executing as expected in ‘reality’.
Then why do I get this error:
- PracticesController GET index does not load for guest role
Failure/Error: response.should redirect_to(login_path)
Expected response to be a <:redirect>, but was <200>.
Expected block to return true value.
It is true, if the controller is isolated and not inheriting from the app controller, it would be a 200. But with the app controller it should redirect before it ever hits the method.
The line in the app controller “flash[:notice] = RESTRICTED_PAGE_NOTICE” clearly gets evaluated as the line in the spec “flash[:notice].should match RESTRICTED_PAGE_NOTICE” passes, BUT this line in the app controller “redirect_to login_path if action_name != ‘new’ && action_name != ‘create’” does not get evaluated as rspec says I have a 200 response? I am really confused and don’t like what feels to be a weird paradox…
Can anyone enlighten me?