Why is admin_signed_in? false even after logging in as admin?

rubyonrails-talk
#1

Back story:
I’m developing a new Rails site for the local Ruby user group. I’m using Devise to provide authentication for separate user and admin classes.

Current task:
I’m working on the create/new function for the sponsor class. Sponsors are an independent class and are not tied to users, admins, or other classes. However, only admins should be allowed to create sponsors.

The problem:
In my sponsor controller tests, I’m unable to prevent users and unauthenticated visitors from creating new sponsors without also preventing admins from doing so. Troubleshooting with the puts command reveals that the admin_signed_in? value is false EVEN AFTER loggin in.

The source code of this app is at https://github.com/jhsu802701/ruby_mn_site/tree/sponsors_create_controller .

Excerpt from test/controllers/sponsors_controller_test.rb:

  test 'superadmin can create a new sponsor' do
    login_as @a1

    assert_difference 'Sponsor.count', 1 do
      add_past
    end

    assert_difference 'Sponsor.count', 1 do
      add_current
    end

    logout :admin
  end

  test 'regular admin can create a new sponsor' do
    login_as @a3

    assert_difference 'Sponsor.count', 1 do
      add_past
    end

    assert_difference 'Sponsor.count', 1 do
      add_current
    end

    logout :admin
  end

  test 'user cannot create a new sponsor' do
    login_as @u1

    assert_no_difference 'Sponsor.count' do
      add_past
    end

    assert_no_difference 'Sponsor.count' do
      add_current
    end

    logout :user
  end

  test 'an unregistered visitor cannot create a new sponsor' do
    assert_no_difference 'Sponsor.count' do
      add_past
    end

    assert_no_difference 'Sponsor.count' do
      add_current
    end
  end

``

app/controllers/sponsors_controller.rb

#2

On 11 December 2015 at 17:54, Jason Hsu, Ruby on High Speed Rails

Back story:
I'm developing a new Rails site for the local Ruby user group. I'm using
Devise to provide authentication for separate user and admin classes.

Current task:
I'm working on the create/new function for the sponsor class. Sponsors are
an independent class and are not tied to users, admins, or other classes.
However, only admins should be allowed to create sponsors.

The problem:
In my sponsor controller tests, I'm unable to prevent users and
unauthenticated visitors from creating new sponsors without also preventing
admins from doing so. Troubleshooting with the puts command reveals that
the admin_signed_in? value is false EVEN AFTER loggin in.

You do not appear to have shown us the admin_signed_in? method.

Colin

#3

The admin_signed_in? method comes from the Devise gem.

#4

Are you using the :admin scope to do the login?

I.e., somewhere in your login_as helper there should be something like?

  sign_in :admin, some_user_who_is_admin

-Rob

#5

Thanks. Yes, this was the problem. Now I understand that this is the proper procedure for logging in for functional tests.

This raises another question: Given my use of if statements in my def create function, is there any point to using before_filter or before_action in the controller? The before_filter/before_action statement doesn’t replace the need for those if statements.

#6

Thanks. Yes, this was the problem. Now I understand that this is the proper procedure for logging in for functional tests.

This raises another question: Given my use of if statements in my def create function, is there any point to using before_filter or before_action in the controller? The before_filter/before_action statement doesn’t replace the need for those if statements.

You could have a before_action that was something like:

More Resources

Keep up to date with Rails on Twitter and This Week in Rails

Policies: Conduct, License, Maintenance, Security, Trademarks