Functional tests philosophy : test features or requirement?

I'm currently writing some functional tests, and I started wondering what's the best philosophy between these two.

Situation

My application has some secured page, that need the user's group to have the right credentials to have access. These user are split into 2 groups : the 'collaborator group', and the 'accountable group'. Credentials are given to the groups.

Possible philosophies

Solution 1: Tests the credentials a.k.a. Test the features.

For each secured page, I test the access with 2 users : one with the right credential, and only this one, and one without the right credential.

Pros: Tests only the fact that the page is secured against a specific credential

Cons: Doesn't test the "final" application behavior, as wanted (and user) by the client.

Solution 2: Test the groups a.k.a. test the requirements

For each secured page, I test the access with a user of each group, and check that only the allowed groups gain access to the secured page.

Pros: Tests the "final" application behavior, as wanted (and user) by the client.

Cons:

• Tests are tieds with the tests fixtures
• T开发者_如何学编程ests will have to change if the business rules changes or if more groups are created.

Thank you.

I think the second solution is the good one. The credentials will be tested as far as they are associated with a group.

Pros: Tests the "final" application behavior, as wanted (and user) by the client.

This is the most important part. Functional tests aims to test the final application in every possible cases. If you want to test the fact that your credentials have the same behavior with a user or a group, you'd better use unit tests.

Cons: Tests will have to change if the business rules changes or if more groups are created.

Your tests cases will always have to be updated if the business of your application changes. As you do with your unit tests. If your modify the code of a function, you check if your unit tests are still able to control each case. It's the same way with functional tests.

Maintaining your tests (and the fixtures they need to run) is a very tedious task, but it's the only way to ensure you're code is strong.

Hope it helped.

I would do both tests. The first one like you pointed out, does not need updating, but is testing the crucially important fact that users without entitlements do not have access. The second is the more comprehensive test and like @TimotheeMartin pointed out, tests will always need to be updated when the code changes.