Testing access control with CanCan and Cucumber
I'm setting up some tests for a rails 3 app using Devise for authentication, CanCan for access control and Cucumber for integration testing. At the moment I'm working on the following test to check for proper access control (very simple at this point):
Feature: Viewing case list
In order to view my cases
As a IMEBase administration
I want to list all cases
Background: Logged In
Given a logged in user with company_id "1"
Scenario: View cases
Given all the following cases exist:
| c开发者_开发知识库laim_number | requestor | claimant | company_id |
| Test Case | Acme | John Doe | 1 |
| Another Case | Yahoo | Stan Smith | 1 |
| Hidden Case | Acme | Steve Jobs | 2 |
When I go to the cases page
Then I should see "Test Case"
And I should see "Another Case"
And I should not see "Hidden Case"
At this point my CanCan ability model just restricts access to cases based on the company_id of the user and the case. When I try this in browser, with a user for company id 1, it works fine, can only see cases with company id 1. When I run the tests, however, Cucumber fails on the last When (e.g. it sees Test Case, Another Case and Hidden Case).
I'm starting to suspect I might be trying to do something that just doesn't work (I know there are some issues with devise and CanCan). Should this be able to work? If so any clue what might be wrong?
精彩评论