again, we will start from TDD!!!
1. since both edit and update need the same authentication, we can put their test together:
describe "authentication of edit/update pages" do before(:each) do @user = Factory(:user) end describe "for not signed-in users" do it "should redirect to sign in page" do get :edit, :id => @user response.should redirect_to signin_path end it "should deny access to update" do put :update, :id => @user, :user => {} response.should redirect_to signin_path end end end
2. we will add before_filter to user controller to make this test pass:
class UsersController < ApplicationController before_filter :authenticate, :only => [:edit, :update] . private def authenticate deny_access unless signed_in? end end
we still need to define the deny_access method, since it is kind of authentication, I'll put it into session helper:
def deny_access redirect_to signin_path, :notice => "please sign in first." end
note, this line of code is equivalent with two
flash[:notice] = "" redirect_to signin_path
you can also use:
redirect_to signin_path, :alert => "fdsfdsfsdf"
but you can't use :success or :error in this contruction.
3. except need of user to sign in, we still need to make sure current user can't edit other user info.
start from TDD again!!!
describe UsersController do render_views . . . describe "authentication of edit/update pages" do . . . describe "for signed-in users" do before(:each) do wrong_user = Factory(:user, :email => "user@example.net") test_sign_in(wrong_user) end it "should require matching users for 'edit'" do get :edit, :id => @user response.should redirect_to(root_path) end it "should require matching users for 'update'" do put :update, :id => @user, :user => {} response.should redirect_to(root_path) end end end end
4. now to make the test pass, we need to add a new before filter to user controller.
class UsersController < ApplicationController before_filter :authenticate, :only => [:edit, :update] before_filter :correct_user, :only => [:edit, :update] . . . def edit @title = "Edit user" end . . . private def authenticate deny_access unless signed_in? end def correct_user @user = User.find(params[:id]) redirect_to(root_path) unless current_user?(@user) end end
module SessionsHelper . . . def current_user?(user) user == current_user end def deny_access redirect_to signin_path, :notice => "Please sign in to access this page." end private . . . end
now we have make our site very safe.
5. now we are doing some useful thing:
if a unsigned in user try to visit a protected page, he is redirected to the sign in page, then after he sign in, he is always redirected to the profile page, what we want is to redirect the user to the page he was trying to visit.
this is a very good work flow to be tested by the integration test!
so let's write a integration test for this flow first.
require 'spec_helper' describe "FriendlyForwardings" do it "should forward to the requested page after signin" do user = Factory(:user) visit edit_user_path(user) # The test automatically follows the redirect to the signin page. fill_in :email, :with => user.email fill_in :password, :with => user.password click_button # The test follows the redirect again, this time to users/edit. response.should render_template('users/edit') end end
you may wondering, why I use
should render_template()
instead of
should redirect_to()
because, in integration test, it will follow the redirect, so response.should redirect_to will not work.
6. next, we will do the implementation to make the test pass.
how do we do this?
a. since http is stateless, we have to use session to store the requested url in last request, then get it from session in the new request.(the things in session will expire when browser close.)
b. we will use the request object to get the url.
module SessionsHelper . . . def deny_access store_location redirect_to signin_path, :notice => "Please sign in to access this page." end def redirect_back_or(default) redirect_to(session[:return_to] || default) clear_return_to end private . . . def store_location session[:return_to] = request.fullpath end def clear_return_to session[:return_to] = nil end end
发表评论
-
12.3.3 scaling issue of the status feed
2011-10-30 17:54 800the problem of the implementati ... -
12.3 the status feed
2011-10-30 15:34 8491. we need to get all the micro ... -
12.2 a working follow button with Ajax
2011-10-29 18:10 9011. in the last chapter, in the ... -
12.2 a web interface for following and followers.
2011-10-28 22:14 8671.before we do the UI, we need ... -
12. following user, 12.1 relationship model
2011-10-18 14:29 7361. we need to use a relationshi ... -
11.3 manipulating microposts.
2011-10-17 15:31 8851. since all micropost actions ... -
11.2 show microposts.
2011-10-17 12:01 6941. add test to test the new use ... -
11.1 user micropost -- a micropost model.
2011-10-17 10:43 10941. we will first generate a mic ... -
10.4 destroying users.
2011-10-16 15:47 724in this chapter, we will add de ... -
10.3 showing users list
2011-10-15 20:41 762in this chapter, we will do use ... -
10.1 updating users.
2011-10-14 18:30 6971. git checkout -b updating-use ... -
9.4 sign out
2011-10-13 15:21 724whew!!!, last chapter is a long ... -
9.3 sign in success.
2011-10-12 15:39 7351. we will first finish the cre ... -
9.1 about flash.now[:error] vs flash[:error]
2011-10-12 15:37 713There’s a subtle difference ... -
9.2 sign in failure
2011-10-12 12:19 652start from TDD!!! 1. requir ... -
9.1 sessions
2011-10-12 10:00 640a session is a semi-permanent c ... -
what test framework should you use?
2011-10-11 16:56 0for integration test, i have no ... -
what test framework should you use?
2011-10-11 16:56 0<p>for integration test, ... -
8.4 rspec integration tests
2011-10-11 16:53 707in integration test, you can te ... -
8.3 sign up success
2011-10-11 14:39 772Chapter 8.3 this part, we will ...
相关推荐
oracle10G 10.2.0.5.19 补丁集 p20299014 linux hp-ux aix linux 64 10.2.0.5.19补丁集,4个包。 http://download.csdn.net/detail/iaihah/9545156 http://download.csdn.net/detail/iaihah/9545166 ...
Oracle数据库的驱动包,阿里云maven镜像服务器上没有这个,下载后需要手动导包,里面有ojdbc14-10.2.0.1.0.jar和ojdbc14-10.2.0.1.0.jar安装到本地仓库说明。
标题中的"ojdbc14-10.2.0.2.0.jar.zip"是一个包含Oracle JDBC驱动程序的压缩文件,主要用于在Java应用程序中连接到Oracle数据库。Oracle JDBC驱动程序,也称为Oracle Thin Driver,是Java开发人员用来与Oracle数据库...
Oracle JDBC驱动程序是Java应用程序与Oracle数据库之间通信的桥梁,ojdbc14-10.2.0.3.0.jar是Oracle公司为Java开发者提供的一款特定版本的JDBC驱动程序,用于支持Java应用程序连接Oracle数据库。这个版本的驱动对应...
BlueSoleil_千月蓝牙10.2.497.0开心版,安装后就可以开心的使用了。压缩包内有安装说明,建议安装后进设置关闭界面上的广告,这样看起来就更加舒心了。推荐给你使用。
Oracle JDBC驱动程序是Java应用程序与Oracle数据库之间通信的桥梁,ojdbc14-10.2.0.4.0.jar文件就是Oracle公司为Java开发者提供的一个特定版本的JDBC驱动包。这个版本对应于Oracle数据库10g的某个更新集,确保了Java...
标题中的"ojdbc14-10.2.0.3.0.jar"是指Oracle JDBC驱动的一个特定版本,这是Oracle数据库与Java应用程序进行交互的重要组件。Oracle JDBC驱动程序允许Java开发者编写程序,以便连接到Oracle数据库,执行SQL查询,...
Oracle 数据驱动包 `ojdbc14-10.2.0.3.0.jar` 是 Oracle 公司为 Java 应用程序提供的一种用于连接 Oracle 数据库的关键组件。Oracle JDBC (Java Database Connectivity) 驱动允许 Java 程序通过 JDBC API 与 Oracle ...
ojdbc14-10.2.0.5.0.jar驱动是一款专为Oracle数据库设计的Java JDBC驱动程序,主要用于帮助Java应用程序与Oracle数据库进行通信。Oracle JDBC驱动分为多个版本,其中ojdbc14是针对JDBC 3.0规范的一个版本,适用于...
flashplayer_10_ax_debug10.2.152.26.exe flashplayer_10_plugin_debug10.2.152.26.exe uninstall_flash_player10.2.152.26.exe
<version>10.2.0.4.0 安装到仓库 mvn install:install-file -DgroupId=com.oracle -DartifactId=ojdbc14 -Dversion=10.2.0.4.0 -Dpackaging=jar -Dfile=D:\download\ojdbc14-10.2.0.4.0.jar
com.adobe.flashplayer-10.2.156.12.apk
Embarcadero.Delphi.10.2.Activator.v14.0
标题 "instantclient-basic-win32-10.2.0.5.zip" 指的是 Oracle Instant Client 的一个特定版本,适用于 Windows 32 位操作系统。Oracle Instant Client 是 Oracle 公司提供的一套轻量级软件包,它允许应用程序在不...
"ojdbc14-10.2.0.3.0.zip"是一个包含Oracle JDBC驱动的压缩文件,其版本号为10.2.0.3.0,这是Oracle 10g Release 2 (10.2)的一部分。在这个压缩包中,主要的文件是"ojdbc14-10.2.0.3.0.jar",它是JDBC驱动的实现。 ...
《千月蓝牙10.2.497.0.zip》是一款专为老式笔记本系统设计的蓝牙管理软件,旨在帮助用户便捷地连接和管理蓝牙设备,如耳机、音箱等。这款软件集成了驱动和应用程序,确保在老旧操作系统上也能顺畅使用蓝牙功能。 在...
instantclient-win64-10.2.0.5.zip 是Navicatl链接Oracle的时候,报错connection to server failed,probable Oracle Net admin error,驱动版本不对应造成的,在设置中换下驱动就好了