From ab75f830fb7532808e026f14777e366049fb1f25 Mon Sep 17 00:00:00 2001
From: Brenda Wallace <brenda@wallace.net.nz>
Date: Sun, 25 Dec 2016 10:38:07 +1300
Subject: [PATCH 1/3] Controller garden specs for member doing what they
 shouldn't

---
 app/controllers/gardens_controller.rb       |  3 +-
 spec/controllers/gardens_controller_spec.rb | 71 +++++++++++++++++++--
 2 files changed, 67 insertions(+), 7 deletions(-)

diff --git a/app/controllers/gardens_controller.rb b/app/controllers/gardens_controller.rb
index fca489384..9e21d7332 100644
--- a/app/controllers/gardens_controller.rb
+++ b/app/controllers/gardens_controller.rb
@@ -45,8 +45,7 @@ class GardensController < ApplicationController
   # POST /gardens
   # POST /gardens.json
   def create
-    params[:garden][:owner_id] = current_member.id
-    @garden = Garden.new(garden_params)
+    @garden.owner_id = current_member.id
 
     respond_to do |format|
       if @garden.save
diff --git a/spec/controllers/gardens_controller_spec.rb b/spec/controllers/gardens_controller_spec.rb
index 790e1f8be..d22c549b1 100644
--- a/spec/controllers/gardens_controller_spec.rb
+++ b/spec/controllers/gardens_controller_spec.rb
@@ -12,11 +12,72 @@
 
 require 'rails_helper'
 
-describe GardensController do
-  login_member
+RSpec.describe GardensController, type: :controller do
+  include Devise::Test::ControllerHelpers
+  let(:valid_params) { { name: 'My second Garden' } }
 
-  def valid_attributes
-    member = FactoryGirl.create(:member)
-    { name: 'My Garden', owner_id: member.id }
+  context "when not signed in" do
+    let(:garden) { double('garden') }
+    describe 'GET new' do
+      before { get :new, id: garden.to_param }
+      it { expect(response).to redirect_to(new_member_session_path) }
+    end
+    describe 'PUT create' do
+      before { put :create, garden: valid_params }
+      it { expect(response).to redirect_to(new_member_session_path) }
+    end
+
+    describe 'changing existing records' do
+      before do
+        allow(Garden).to receive(:find).and_return(:garden)
+        expect(garden).not_to receive(:save)
+        expect(garden).not_to receive(:save!)
+        expect(garden).not_to receive(:update)
+        expect(garden).not_to receive(:update!)
+        expect(garden).not_to receive(:destroy)
+      end
+      describe 'GET edit' do
+        before { get :edit, id: garden.to_param }
+        it { expect(response).to redirect_to(new_member_session_path) }
+      end
+      describe 'POST update' do
+        before { post :update, id: garden.to_param, garden: valid_params }
+        it { expect(response).to redirect_to(new_member_session_path) }
+      end
+      describe 'DELETE' do
+        before { delete :destroy, id: garden.to_param, params: { garden: valid_params } }
+        it { expect(response).to redirect_to(new_member_session_path) }
+      end
+    end
+  end
+  context "when signed in" do
+    before(:each) { sign_in member }
+
+    let!(:member) { FactoryGirl.create(:member) }
+
+    describe "for another member's garden" do
+      let(:not_my_garden) { double('garden') }
+      before do
+        expect(Garden).to receive(:find).and_return(:not_my_garden)
+        expect(not_my_garden).not_to receive(:save)
+        expect(not_my_garden).not_to receive(:save!)
+        expect(not_my_garden).not_to receive(:update)
+        expect(not_my_garden).not_to receive(:update!)
+        expect(not_my_garden).not_to receive(:destroy)
+      end
+
+      describe 'GET edit' do
+        before { get :edit, id: not_my_garden.to_param }
+        it { expect(response).to redirect_to(root_path) }
+      end
+      describe 'POST update' do
+        before { post :update, id: not_my_garden.to_param, garden: valid_params }
+        it { expect(response).to redirect_to(root_path) }
+      end
+      describe 'DELETE' do
+        before { delete :destroy, id: not_my_garden.to_param, params: { garden: valid_params } }
+        it { expect(response).to redirect_to(root_path) }
+      end
+    end
   end
 end

From 241c3cfdc089ed2d214af8acfe4ddbcca7b8c63d Mon Sep 17 00:00:00 2001
From: Brenda Wallace <brenda@wallace.net.nz>
Date: Tue, 3 Jan 2017 22:02:21 +1300
Subject: [PATCH 2/3] Moves model name into spec description

so we can tell which failed.
---
 spec/features/signin_spec.rb | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/spec/features/signin_spec.rb b/spec/features/signin_spec.rb
index 41aa1ecd1..4b9e5be60 100644
--- a/spec/features/signin_spec.rb
+++ b/spec/features/signin_spec.rb
@@ -29,16 +29,22 @@ feature "signin", js: true do
     expect(current_path).to eq new_member_session_path
   end
 
-  scenario "after signin, redirect to what you were trying to do" do
-    models = %w[plantings harvests posts photos gardens seeds]
-    models.each do |model|
-      visit "/#{model}/new"
+  shared_examples "redirects to what you were trying to do" do
+    scenario do
+      visit "/#{model_name}/new"
       expect(current_path).to eq new_member_session_path
       fill_in 'Login', with: member.login_name
       fill_in 'Password', with: member.password
       click_button 'Sign in'
-      expect(current_path).to eq "/#{model}/new"
-      click_link 'Sign out'
+      expect(current_path).to eq "/#{model_name}/new"
+    end
+  end
+
+  describe "redirects to what you were trying to do" do
+    %w[plantings harvests posts photos gardens seeds].each do |m|
+      it_behaves_like "redirects to what you were trying to do" do
+        let(:model_name) { m }
+      end
     end
   end
 

From b38728c5dffd92e0f07e59254844afc582bf05e0 Mon Sep 17 00:00:00 2001
From: Brenda Wallace <brenda@wallace.net.nz>
Date: Tue, 3 Jan 2017 22:12:55 +1300
Subject: [PATCH 3/3] Add login() to signin spec to reduce code duplication

---
 spec/features/signin_spec.rb | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/spec/features/signin_spec.rb b/spec/features/signin_spec.rb
index 4b9e5be60..963345874 100644
--- a/spec/features/signin_spec.rb
+++ b/spec/features/signin_spec.rb
@@ -6,21 +6,23 @@ feature "signin", js: true do
   let(:wrangler) { create :crop_wrangling_member }
   let(:notification) { create :notification }
 
-  scenario "redirect to previous page after signin" do
-    visit crops_path # some random page
-    click_link 'Sign in'
+  def login
     fill_in 'Login', with: member.login_name
     fill_in 'Password', with: member.password
     click_button 'Sign in'
+  end
+
+  scenario "redirect to previous page after signin" do
+    visit crops_path # some random page
+    click_link 'Sign in'
+    login
     expect(current_path).to eq crops_path
   end
 
   scenario "don't redirect to devise pages after signin" do
     visit new_member_registration_path # devise signup page
     click_link 'Sign in'
-    fill_in 'Login', with: member.login_name
-    fill_in 'Password', with: member.password
-    click_button 'Sign in'
+    login
     expect(current_path).to eq root_path
   end
 
@@ -33,9 +35,7 @@ feature "signin", js: true do
     scenario do
       visit "/#{model_name}/new"
       expect(current_path).to eq new_member_session_path
-      fill_in 'Login', with: member.login_name
-      fill_in 'Password', with: member.password
-      click_button 'Sign in'
+      login
       expect(current_path).to eq "/#{model_name}/new"
     end
   end
@@ -51,9 +51,7 @@ feature "signin", js: true do
   scenario "after signin, redirect to new notifications page" do
     visit new_notification_path(recipient: recipient)
     expect(current_path).to eq new_member_session_path
-    fill_in 'Login', with: member.login_name
-    fill_in 'Password', with: member.password
-    click_button 'Sign in'
+    login
     expect(current_path).to eq new_notification_path
   end