A controller test fails and does not seem to apply strong params correctly. I have the following controller method:
def update
@page = Image.find(params[:id])
@organization = @page.organization
if @page.update_attributes(edit_params)
redirect_to @page
else
render 'edit'
end
end
def edit_params
list_params_allowed = [:content]
if is_admin?(current_user, @organization) || logged_in_systemadmin? #These helper methods work perfectly and are used throughout the app without problems. The first determines if the currently logged in user is an admin of @organization.
list_params_allowed += [:title]
end
params.require(:page).permit(list_params_allowed)
end
This means that if a non-admin is logged in, he should not be able to edit the title of a page; only the content. However, the controller test below fails because a new title does get saved. Does anyone see why this is?
test "trying to manipulate title while not admin" do
log_in_as(@user) # This user isn't an admin; this helper method is used in many tests and works fine
patch :update, id: @page, page: {title: "new title", content: "new content"}
assert flash[:success]
@page.reload
assert_equal @page.content, "new content"
assert_not_equal @page.title, "new title" # This is the line that fails
end
Aucun commentaire:
Enregistrer un commentaire