So we have been setting up attr_accessible
and attr_protected
on many fields through out our Rails 3.2 app. For now we really don't test to ensure that these fields are protected.
So I decided to google some answers and stumbled upon this solution:
RSpec::Matchers.define :be_accessible do |attribute|
match do |response|
response.send("#{attribute}=", :foo)
response.send("#{attribute}").eql? :foo
end
description { "be accessible :#{attribute}" }
failure_message_for_should { ":#{attribute} should be accessible" }
failure_message_for_should_not { ":#{attribute} should not be accessible" }
end
But this solution only test's to see if the method is responding. What I need is a way for me to test that attributes can and can't be mass assigned. I honestly love the syntax
it { should_not be_accessible :field_name }
it { should be_accessible :some_field }
Does anyone have a better solution to this problem?
You can check if the attribute is on #accessible_attributes
list
RSpec::Matchers.define :be_accessible do |attribute|
match do |response|
response.class.accessible_attributes.include?(attribute)
end
description { "be accessible :#{attribute}" }
failure_message_for_should { ":#{attribute} should be accessible" }
failure_message_for_should_not { ":#{attribute} should not be accessible" }
end
I was looking for something similar and then I was told about the shoulda-matcher allow_mass_assigment_of. That ended up working for me without creating a custom matcher.
it { should allow_mass_assignment_of :some_field }
it { should_not allow_mass_assignment_of :field_name }
Hope this helps someone else.
If for some reason RSpec is tripping up on juicedM3's answer above like mine was you can do something like this:
specify { expect { Model.new(unaccessible_attr: value) }.to raise_error(ActiveModel::MassAssignmentSecurity::Error) }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With