docs/testing.md in action_policy-0.4.3 vs docs/testing.md in action_policy-0.4.4

- old
+ new

@@ -110,10 +110,12 @@ **NOTE:** the DSL is included only to example with the tag `type: :policy` or in the `spec/policies` folder. If you want to add this DSL to other examples, add `include ActionPolicy::RSpec::PolicyExampleGroup`. ### Testing scopes +#### Active Record relation example + There is no single rule on how to test scopes, 'cause it dependes on the _nature_ of the scope. Here's an example of RSpec tests for Active Record scoping rules: ```ruby @@ -154,10 +156,39 @@ end end end ``` +#### Action Controller params example + +Here's an example of RSpec tests for Action Controller parameters scoping rules: + +```ruby +describe PostPolicy do + describe "params scope" do + let(:user) { build_stubbed :user } + let(:context) { {user: user} } + + let(:params) { {name: "a", password: "b"} } + let(:target) { ActionController::Parameters.new(params) } + + # it's easier to asses the hash representation, not the AC::Params object + subject { policy.apply_scope(target, type: :action_controller_params).to_h } + + context "as user" do + it { is_expected.to eq({name: "a"}) } + end + + context "as manager" do + before { user.update!(role: :manager) } + + it { is_expected.to eq({name: "a", password: "b"}) } + end + end +end +``` + ## Testing authorization To test the act of authorization you have to make sure that the `authorize!` method is called with the appropriate arguments. Action Policy provides tools for such kind of testing for Minitest and RSpec. @@ -328,6 +359,32 @@ expect { subject }.to have_authorized_scope(:scope) .with_scope_options(matching(with_deleted: a_falsey_value)) .with_target { |target| expect(target).to eq(User.all) } +``` + + +## Testing views + +When you test views that call policies methods as `allowed_to?`, your may have `Missing policy authorization context: user` error. +You may need to stub `current_user` to resolve the issue. + +Consider an RSpec example: + +```ruby +describe "users/index.html.slim" do + let(:user) { build_stubbed :user } + let(:users) { create_list(:user, 2) } + + before do + allow(controller).to receive(:current_user).and_return(user) + + assign :users, users + render + end + + describe "displays user#index correctly" do + it { expect(rendered).to have_link(users.first.email, href: edit_user_path(users.first)) } + end +end ```