Commit 1f7490a2 authored by Robert Speicher's avatar Robert Speicher Committed by Dmitriy Zaporozhets

Update spec/features/security specs

parent 20a871cc
...@@ -6,7 +6,7 @@ describe "Profile access", feature: true do ...@@ -6,7 +6,7 @@ describe "Profile access", feature: true do
end end
describe "GET /login" do describe "GET /login" do
it { expect(new_user_session_path).not_to be_404_for :visitor } it { expect(new_user_session_path).not_to be_not_found_for :visitor }
end end
describe "GET /profile/keys" do describe "GET /profile/keys" do
......
RSpec::Matchers.define :be_valid_commit do RSpec::Matchers.define :be_valid_commit do
match do |actual| match do |actual|
actual != nil actual &&
actual.id == ValidCommit::ID actual.id == ValidCommit::ID &&
actual.message == ValidCommit::MESSAGE actual.message == ValidCommit::MESSAGE &&
actual.author_name == ValidCommit::AUTHOR_FULL_NAME actual.author_name == ValidCommit::AUTHOR_FULL_NAME
end end
end end
def emulate_user(user)
user = case user
when :user then create(:user)
when :visitor then nil
when :admin then create(:admin)
else user
end
login_with(user) if user
end
RSpec::Matchers.define :be_allowed_for do |user| RSpec::Matchers.define :be_allowed_for do |user|
match do |url| match do |url|
include UrlAccess emulate_user(user)
url_allowed?(user, url) visit url
status_code != 404 && current_path != new_user_session_path
end end
end end
RSpec::Matchers.define :be_denied_for do |user| RSpec::Matchers.define :be_denied_for do |user|
match do |url| match do |url|
include UrlAccess emulate_user(user)
url_denied?(user, url) visit url
status_code == 404 || current_path == new_user_session_path
end end
end end
RSpec::Matchers.define :be_404_for do |user| RSpec::Matchers.define :be_not_found_for do |user|
match do |url| match do |url|
include UrlAccess emulate_user(user)
url_404?(user, url) visit url
status_code == 404
end end
end end
...@@ -34,7 +47,7 @@ RSpec::Matchers.define :include_module do |expected| ...@@ -34,7 +47,7 @@ RSpec::Matchers.define :include_module do |expected|
end end
description do description do
"include the #{expected} module" "includes the #{expected} module"
end end
failure_message do failure_message do
...@@ -42,36 +55,6 @@ RSpec::Matchers.define :include_module do |expected| ...@@ -42,36 +55,6 @@ RSpec::Matchers.define :include_module do |expected|
end end
end end
module UrlAccess
def url_allowed?(user, url)
emulate_user(user)
visit url
(status_code != 404 && current_path != new_user_session_path)
end
def url_denied?(user, url)
emulate_user(user)
visit url
(status_code == 404 || current_path == new_user_session_path)
end
def url_404?(user, url)
emulate_user(user)
visit url
status_code == 404
end
def emulate_user(user)
user = case user
when :user then create(:user)
when :visitor then nil
when :admin then create(:admin)
else user
end
login_with(user) if user
end
end
# Extend shoulda-matchers # Extend shoulda-matchers
module Shoulda::Matchers::ActiveModel module Shoulda::Matchers::ActiveModel
class ValidateLengthOfMatcher class ValidateLengthOfMatcher
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment