diff --git a/app/controllers/gardens_controller.rb b/app/controllers/gardens_controller.rb index fca489384..9e21d7332 100644 --- a/app/controllers/gardens_controller.rb +++ b/app/controllers/gardens_controller.rb @@ -45,8 +45,7 @@ class GardensController < ApplicationController # POST /gardens # POST /gardens.json def create - params[:garden][:owner_id] = current_member.id - @garden = Garden.new(garden_params) + @garden.owner_id = current_member.id respond_to do |format| if @garden.save diff --git a/spec/controllers/gardens_controller_spec.rb b/spec/controllers/gardens_controller_spec.rb index 790e1f8be..d22c549b1 100644 --- a/spec/controllers/gardens_controller_spec.rb +++ b/spec/controllers/gardens_controller_spec.rb @@ -12,11 +12,72 @@ require 'rails_helper' -describe GardensController do - login_member +RSpec.describe GardensController, type: :controller do + include Devise::Test::ControllerHelpers + let(:valid_params) { { name: 'My second Garden' } } - def valid_attributes - member = FactoryGirl.create(:member) - { name: 'My Garden', owner_id: member.id } + context "when not signed in" do + let(:garden) { double('garden') } + describe 'GET new' do + before { get :new, id: garden.to_param } + it { expect(response).to redirect_to(new_member_session_path) } + end + describe 'PUT create' do + before { put :create, garden: valid_params } + it { expect(response).to redirect_to(new_member_session_path) } + end + + describe 'changing existing records' do + before do + allow(Garden).to receive(:find).and_return(:garden) + expect(garden).not_to receive(:save) + expect(garden).not_to receive(:save!) + expect(garden).not_to receive(:update) + expect(garden).not_to receive(:update!) + expect(garden).not_to receive(:destroy) + end + describe 'GET edit' do + before { get :edit, id: garden.to_param } + it { expect(response).to redirect_to(new_member_session_path) } + end + describe 'POST update' do + before { post :update, id: garden.to_param, garden: valid_params } + it { expect(response).to redirect_to(new_member_session_path) } + end + describe 'DELETE' do + before { delete :destroy, id: garden.to_param, params: { garden: valid_params } } + it { expect(response).to redirect_to(new_member_session_path) } + end + end + end + context "when signed in" do + before(:each) { sign_in member } + + let!(:member) { FactoryGirl.create(:member) } + + describe "for another member's garden" do + let(:not_my_garden) { double('garden') } + before do + expect(Garden).to receive(:find).and_return(:not_my_garden) + expect(not_my_garden).not_to receive(:save) + expect(not_my_garden).not_to receive(:save!) + expect(not_my_garden).not_to receive(:update) + expect(not_my_garden).not_to receive(:update!) + expect(not_my_garden).not_to receive(:destroy) + end + + describe 'GET edit' do + before { get :edit, id: not_my_garden.to_param } + it { expect(response).to redirect_to(root_path) } + end + describe 'POST update' do + before { post :update, id: not_my_garden.to_param, garden: valid_params } + it { expect(response).to redirect_to(root_path) } + end + describe 'DELETE' do + before { delete :destroy, id: not_my_garden.to_param, params: { garden: valid_params } } + it { expect(response).to redirect_to(root_path) } + end + end end end diff --git a/spec/features/signin_spec.rb b/spec/features/signin_spec.rb index d1eac9c42..a6224e05a 100644 --- a/spec/features/signin_spec.rb +++ b/spec/features/signin_spec.rb @@ -6,30 +6,30 @@ feature "signin", js: true do let(:wrangler) { create :crop_wrangling_member } let(:notification) { create :notification } + def login + fill_in 'Login', with: member.login_name + fill_in 'Password', with: member.password + click_button 'Sign in' + end + scenario "via email address" do visit crops_path # some random page click_link 'Sign in' - fill_in 'Login', with: member.email - fill_in 'Password', with: member.password - click_button 'Sign in' + login expect(page).to have_content("Sign out") end scenario "redirect to previous page after signin" do visit crops_path # some random page click_link 'Sign in' - fill_in 'Login', with: member.login_name - fill_in 'Password', with: member.password - click_button 'Sign in' + login expect(current_path).to eq crops_path end scenario "don't redirect to devise pages after signin" do visit new_member_registration_path # devise signup page click_link 'Sign in' - fill_in 'Login', with: member.login_name - fill_in 'Password', with: member.password - click_button 'Sign in' + login expect(current_path).to eq root_path end @@ -38,25 +38,27 @@ feature "signin", js: true do expect(current_path).to eq new_member_session_path end - scenario "after signin, redirect to what you were trying to do" do - models = %w[plantings harvests posts photos gardens seeds] - models.each do |model| - visit "/#{model}/new" + shared_examples "redirects to what you were trying to do" do + scenario do + visit "/#{model_name}/new" expect(current_path).to eq new_member_session_path - fill_in 'Login', with: member.login_name - fill_in 'Password', with: member.password - click_button 'Sign in' - expect(current_path).to eq "/#{model}/new" - click_link 'Sign out' + login + expect(current_path).to eq "/#{model_name}/new" + end + end + + describe "redirects to what you were trying to do" do + %w[plantings harvests posts photos gardens seeds].each do |m| + it_behaves_like "redirects to what you were trying to do" do + let(:model_name) { m } + end end end scenario "after signin, redirect to new notifications page" do visit new_notification_path(recipient: recipient) expect(current_path).to eq new_member_session_path - fill_in 'Login', with: member.login_name - fill_in 'Password', with: member.password - click_button 'Sign in' + login expect(current_path).to eq new_notification_path end