Comments (1)
palkan
commented on May 28, 2024
1
Correct. In tests, you must be explicit about the authorization target object or the policy class that must be used. The goal of the test is to verify the correct policy has been used.
We can hardly infer the expected class from a test class (well, maybe, we can assume that described_class is a controller class, so we can get the name and turn it into a policy name, but that would made tests too vague). And I can see how that can lead to false positives: you change the controller name (say, PostsController > DrafsController); now a DraftPolicy is used implicitly and in tests we also implicitly check for it; but you might want to continue using PostPolicy—the test wouldn't catch this.
If I do this, how can I test it using RSpec?
expect { get posts_path }.to be_authorized_to(:index?, Post)
# or
expect { get posts_path }.to be_authorized_to(:index?, :post)Though I think the following would be even better:
expect { get posts_path }.to be_authorized_to(:index?).with(PostPolicy)from action_policy.
Related Issues (20)
- undefined method `relation_scope' HOT 3
- Need help decoupling a policy from a controller
- feat: pass with: as string or symbol to perform policy lookup that respects the current namespace HOT 2
- Class based lookup with strict namespace and matching explicit namespace doesn't work HOT 2
- deprecation warning with Ruby 3.1 HOT 2
- Add option to disable authorization context memoization HOT 12
- Add ability to authorize nil records if :with option is provided HOT 2
- NoMethodError: undefined method `params_filter' for MyPolicy:Class in tests HOT 1
- Authorizing fields based on params_filter HOT 1
- Unknown policy scope type :active_record_relation HOT 3
- Policy-generator not working with Ruby 3.2 HOT 1
- uninitialized constant ActionController::Parameters HOT 4
- I18n does not seem to work with I18n Active Record HOT 1
- Add --parent option to policy generator HOT 2
- Update a documentation about #be_an_alias_of matcher HOT 2
- Documentation Contrast HOT 3
- Can't alias `create?` to `manage?` HOT 1
- Cannot use `controller_authorize_current_user` with `ActionPolicy::Base` HOT 1
- Rspec fails with v0.6.6 when `eager_load` is set to `true` HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from action_policy.