So, I’ve been trying to set up a before_filter for checking permissions for whether or not someone can delete an object. But it hasn’t been working… eventually I do the following:
before_filter :test_hack, :only => :destroy
def test_hack
return false
end
the destroy method here:
def destroy
@content = Content.find(params[:id])
#will get rid of this when the before filter works...
# but this doesn't stop it from getting deleted either
if not has_permission_to_change?(@content)
puts "This content is not gonig to get deleted"
flash[:error] = 'You do not have permission to delete this content.'
else
@content.destroy
end
the failing test:
should "not allow the deleting of #{plural_name} on different accounts" do
login_as(@user)
p = Factory(factory_name, :account => Factory(:account))
assert_difference("#{klass}.count", 0) do
begin
delete :destroy, :id => p.id
raise "program flow should not reach this message"
rescue ActiveRecord::RecordNotFound
assert true
end
end
Content belongs_to an account
console output:
Loaded suite test/functional/contents_controller_test
Started
This content is not gonig to get deleted
E
Finished in 0.649422 seconds.
1) Error:
test: destroy contents! should not allow the deleting of contents on different accounts. (ContentsControllerTest):
RuntimeError: program flow should not reach this message
Once again, the bahavior of your test is absolutely normal:
Your line
raise "program flow should not reach this message"will ALWAYS be executed since there is an object with theidyou pass: you just created itYou should just keep:
And I an’t see where your
before_filteris useful here