0
我有以下的政策Rspec的和權威人士,匹配器測試禁止授權
module Admin
class PostPolicy < AdminPolicy
def index?
true
end
def show?
scope.where(:id => record.id).exists? && user.present? && user == record.user
end
def create?
true
end
def update?
user.present? && user == record.user
end
def destroy?
user.present? && user == record.user
end
def delete?
destroy?
end
end
end
,我使用pundit-matchers
寶石寫一些RSpec的測試。
RSpec.describe Admin::PostPolicy do
subject { described_class.new(user, [:admin, post]) }
let(:user) { FactoryGirl.create(:user) }
context 'permit authorization' do
let(:post) { FactoryGirl.create(:post, user_id: user.id) }
it { is_expected.to permit_action(:edit) }
it { is_expected.to permit_action(:delete) }
end
context 'deny authorization' do
let(:post) { FactoryGirl.create(:post, user_id: user.id + 1) }
it { is_expected.to forbid_action(:edit) }
it { is_expected.to forbid_action(:delete) }
end
end
上permit authorization
測試是綠色的,但是當我嘗試測試deny authorization
我收到以下錯誤
ActiveRecord::RecordInvalid:
Validation failed: User must exist
我怎樣才能解決這個問題,爲了得到綠色的考驗嗎?其邏輯是允許用戶編輯和刪除自己的帖子,而不是其他的用戶