Home/ Questions/Q 8450975
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T11:06:52+00:00

In this section I’m supposed to restrict the user to edit and update only

  • 0

In this section I’m supposed to restrict the user to edit and update only his own profile. All my tests pass up to this point, except for this one:

     describe "as wrong user" do
       let(:user) { FactoryGirl.create(:user) }
       let(:wrong_user) { FactoryGirl.create(:user, email: "wrong@example.com") }
       before { sign_in user }

       describe "visiting Users#edit page" do
         before { visit edit_user_path(wrong_user) }
         it { should_not have_selector('title', text: full_title('Edit user')) }
       end

       describe "submitting a PUT request to the Users#update action" do
         before { put user_path(wrong_user) }
         specify { response.should redirect_to(root_path) }
       end
     end

Specifically the last part, the redirection, this is what I get when I run the test:

  1) Authentication authorization as wrong user submitting a PUT request to the Users#update action 
     Failure/Error: specify { response.should redirect_to(root_path) }
       Expected response to be a redirect to <http://www.example.com/> but was a redirect to <http://www.example.com/signin>
     # ./spec/requests/authentication_spec.rb:86:in `block (5 levels) in <top (required)>'

But in the website, when I attempt to do this same thing it works just fine, the user is redirected to the root_path of the application.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I checked out your code from your Github repo, and it seems that your modifications to app/helpers/sessions_helper.rb are responsible for your failing tests. Compare your file to the tutorial’s file. You are using a session hash instead of a cookies hash in your methods. I fixed your "submitting a PUT request to the Users#update action" and "submitting a DELETE request to the Users#destroy action" errors by changing the code thus:

    app/helpers/sessions_helper.rb

    module SessionsHelper
  # ...

  def sign_in(user)
    # session[:remember_token] = user.remember_token
    cookies.permanent[:remember_token] = user.remember_token
    self.current_user = user
  end

  def sign_out
    self.current_user = nil
    # session.delete(:remember_token)
    cookies.delete(:remember_token)
  end

  def current_user
    # @current_user ||= User.find_by_remember_token(session[:remember_token])
    @current_user ||= User.find_by_remember_token(cookies[:remember_token])
  end

  # ...
end

    There was an exercise in Rails 3.0 version of The Rails Tutorial where you replaced the cookies hash completely with a session hash, but I recall never being able to do it properly, and it doesn’t seem to be in the 3.2 version anyway, so it would seem that you’re safest sticking with a cookies hash in this file.

    • 0