I've been playing with protector for a while and found a bit weird behavior for Models with validations.
Following example works fine.
Model:
class Blog < ActiveRecord::Base
protect do |context|
if context
can :create
end
end
end
And test:
describe Blog do
it 'can be created using create' do
expect{
Blog.restrict!(true).create!(name: 'Blog')
}.to change(Blog, :count).by(1)
end
end
But once you add an attribute validation, test starts to fail.
class Blog < ActiveRecord::Base
validates :name, presence: true
protect do |context|
if context
can :create
end
end
end
It can be fixed by adding can :read statement.
I'm not sure that it is a bug, but it looks weird, since can :create allows to assign any attributes, but validations couldn't be performed.
Seems it happens because protector overrides attribute reading methods, used by validations, and checks for read permissions.
inossidabile
commented
10 years ago
I've been playing with protector for a while and found a bit weird behavior for Models with validations.
Following example works fine.
Model:
And test:
But once you add an attribute validation, test starts to fail.
It can be fixed by adding
can :readstatement. I'm not sure that it is a bug, but it looks weird, sincecan :createallows to assign any attributes, but validations couldn't be performed. Seems it happens because protector overrides attribute reading methods, used by validations, and checks for read permissions.