Devise DoubleRenderError

Question

Application-Stack: Rails3, CanCan, Devise, Shoulda

I've got some nested Resources and want to test them with Shoulda and i get the following DoubleRenderError:

Error:
test: If anonymous user tries to GET index of fav_blogs should respond with 401.    (BlogItemsControllerTest):
AbstractController::DoubleRenderError: Render and/or redirect were called multiple times  in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return".

The test is going to check whether a non authenticated user is able to access the nested resource ( he shouldn't )

TestMethod

context "If anonymous user tries to GET index of fav_blogs" do
  setup do
    get :index, :end_user_id => end_users(:end_user_one).id, :format => "xml"
  end
  should_respond_with 401
  should_not_assign_to :blog_items
end

ControllerMethod:

def index

  if params[:end_user_id] # if it is nested
    authenticate_end_user!
    authorize! :read, @end_user

    @blog_items = @end_user.blog_items
  else
    @PAGE_SIZE = 10
    page = Integer(params[:page]) || 0

    offset = @PAGE_SIZE * page
    @blog_items = BlogItem.limit( offset + @PAGE_SIZE ).offset( offset ).order('updated_at DESC').all
  end

  respond_with(@blog_items)
end

All tests with an authenticated user work fine - may someone can give me a hint. Thanks a lot! Ben

Answer 1

okay i'm done - the problem is occurring because of

authenticate_end_user!
authorize! :read, @end_user

block. The first line is going render a 401 failure in case of no authorization but anyhow, the second line will be executed. Therefore put authentication in a before_filter and the authorization in another one or your controller action. Ben