I am trying to test a CanCan ability in my app that also uses Authlogic. I have verified the correct behavior works when using the actual site, but I want to write a functional test that will alert me if this behavior breaks in the future. My ability file is simple, and looks as follows:

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new

    can :read, User
    can :manage, User, :id => user.id
    cannot :create, User
    can :destroy, UserSession

    if user.role? :guest
      can :create, UserSession
      cannot :destroy UserSession
    end
  end
end

My test for the UserSessionsController is also simple, and looks like this:

test "should redirect new for member" do
  default_user = login :default_user

  assert default_user.role? :member
  assert_raise(CanCan::AccessDenied) { get :new }
  assert_redirected_to root_path
end

Just for reference, my test_helper.rb looks like this:

ENV["RAILS_ENV"] = "test"
require File.expand_path('../../config/environment', __FILE__)
require 'rails/test_help'
require 'authlogic/test_case'

class ActiveSupport::TestCase
  fixtures :all
  setup :activate_authlogic

  def login(user_login)
    UserSession.create users(user_login)
    users(user_login)
  end
end

When I run my code, my test fails, however:

test_should_redirect_new_for_member                                  FAIL
        CanCan::AccessDenied expected but nothing was raised.
        Assertion at test/functional/user_sessions_controller_test.rb:13:in `block in <class:UserSessionsControllerTest>'

If I comment out the assert_raise, the redirect assertion also fails. Does anyone see anything wrong with my code that is causing this test to fail?