The idea is to make it so admin users can’t destroy themselves.
I have written the following test:
describe "as admin user" do
let(:admin) { FactoryGirl.create(:admin) }
before { valid_signin admin }
describe "should not be able to delete himself by submitting a DELETE request to the Users#destroy action" do
specify do
expect { delete user_path(admin) }.not_to change(User, :count).by(-1)
end
end
end
and modified the destroy action thus:
def destroy
@user = User.find(params[:id])
unless current_user?(@user)
User.find(params[:id]).destroy
flash[:success] = "User destroyed."
redirect_to users_url
end
end
(You can only access the destroy action if you’re an admin user).
The test should now pass but it does not. I get the following error message:
Failure/Error: expect { delete user_path(admin) }.not_to change(User, :count).by(-1)
ActionView::MissingTemplate:
Missing template users/destroy, application/destroy with {:locale=>[:en], :formats=>[:html], :handlers=>[:erb, :builder, :coffee]}.
I do not understand the missing template error message, and I do not see why the test does not pass.
Try changing your
destroyaction to something like this and see if your test passes:I think the issue is that you’re only redirecting to the
users_urlif you successfully destroy a user. If you don’t (ie the admin is attempting to destroy itself), then there is no redirect, and Rails will begin looking for a view called destroy.html.erb, not find one anywhere, and raise an exception. This is also why the user variable in the method changes from@usertouser: a local variable will do instead of an instance variable as it doesn’t need to be used in a view.If this isn’t the issue, please edit your question to include a link to the Github repo with your current code.