Hi folks,
I'm trying to write up some cucumber tests to ensure cancan permissions are set correctly, and I'm having an odd problem:
When I log in through the following code, capybara says I've logged in as expected. However, when I then go to a resource which requires the given login, I get CanCan's "not authorized" message. Capybara prints out "logged in as testsuperadmin with role superadmin" (the desired role) on the very same "denied access" page.
Accessing the same page manually, not through cucumber/capybara, authorization is granted & everything works fine. Authentication is handled by devise.
I've tried adding @allow-rescue above the scenario and ActionController::Base.allow_rescue = true to features/support/env.rb - neither had any effect.
Any suggestions? This one really has me stumped.
Cheers...
#app/models/ability.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
if user.role? :superadmin
can :manage, :all
elsif user.role? :admin
can :manage, [Broker, User]
elsif user.role? :staff
can :manage, Broker
elsif user.role? :broker
can :manage, Broker, :user_id => user.id
can :read, Broker
elsif user.role? :customer
can :manage, User, :id => user.id
else can :read, [Broker]
end
end
end
# features/brokers.feature
@allow-rescue
Scenario: Successfully create Broker
Given I am logged in as "testsuperadmin" with password "testpassword"
When I go to the create broker page
Then show me the page # Authorization denied here, but signed in successfully if this line moved between "Given I am logged in" ... and "When I go to to create broker page"
......
# features/steps/devise_steps.rb
Given /^I am logged in as "([^\"]*)" with password "([^\"]*)"$/ do |username, password|
#visit path_to(sign in page)
visit "/users/sign_out"
visit "/users/sign_in"
fill_in("user[username]", :with => username)
fill_in("user[password]", :with => password)
click_button("Sign in")
end
# app/controllers/brokers_controller.rb
class BrokersController < ApplicationController
load_and_authorize_resource
# ...
def new
@broker = Broker.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @broker }
end
end