There are 2 problems with this spec:

1. It checks for default visiblity level however there is not code in
controller to handle such default. Same check can be performed on model
directly.
2. It passes empty application_setting hash while controller requires
application_setting not to be empty by using `require` with `permit`
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>