Restricting Access

Get started with writing the tests for user code, making design decisions, and the tests pass.

We'll cover the following

Getting started with test
Design decisions
Unit testing restricting access
Access control
Second test
Saving relationships to database
Test failure
Making the test pass

Having the required login for our application, we’ve solved part of the potential security problem. The next problem involves limiting a user’s access to projects the user is associated with.

Getting started with test

Let’s start with an integration test. The test needs as its “given” a project and at least two users: one who has access and one who does not. The “when” action is an attempt to view the project show page, and the “then” specification is the successful or unsuccessful page view. We might test a couple of other security aspects, such as whether the index list of projects is filtered by what projects the user is part of, whether a user can edit or create a project, and so on. But this set of tests will give the basic idea:

Get hands-on with 1200+ tech skills courses.

Introduction

Test-Driven Fable

Test-Driven Development Basics

Test-Driven Rails

What Makes a Great Test?

Testing Models

Adding Data to Tests

Using Test Doubles as Mocks and Stubs

Integration Testing with Capybara and Cucumber

Testing JavaScript: Integration Testing

Unit-Testing Javascript

Testing Rails Display Elements

Minitest

Testing for Security

Testing External Services

Troubleshooting and Debugging

Running Tests Faster and Running Faster Tests

Testing Legacy Code

Restricting Access

Getting started with test