Kask Kask - 4 months ago 35
Ruby Question

Railstutorial.org Michael Hartl chapter 9 exercise 3 "should not allow the admin attribute to be edited via the web"

I have started to learn Rails, and I got stuck on chapter 9 third exercise.

The exercise looks like this:

test "should not allow the admin attribute to be edited via the web" do
log_in_as(@other_user)
assert_not @other_user.admin?
patch :update, id: @other_user, user: { password: FILL_IN,
password_confirmation: FILL_IN,
admin: FILL_IN }
assert_not @other_user.FILL_IN.admin?
end


My problem is the
last Fill_IN >> assert_not @other_user.FILL_IN.admin
?

@other_user
is taken from Fixture and looks like this:

archer:
name: Sterling Archer
email: duchess@example.gov
password_digest: <%= User.digest('password') %>


Update action
looks like this:

def update
@user = User.find(params[:id])
if @user.update_attributes(user_params)
flash[:success] = "Profile updated"
redirect_to @user
else
render 'edit'
end
end


I also added
:admin
to the user_params so the
:admin param
could be modify:

def user_params
params.require(:user).permit(:name, :email, :password,
:password_confirmation, :admin)
end


The answer I thought was correct was:

test "should not allow the admin attribute to be edited via the web" do
log_in_as(@other_user)
assert_not @other_user.admin?
patch :update, id: @other_user, user: { password: @other_user.password,
password_confirmation: @other_user.password_confirmation,
admin: true }
assert_not @other_user.admin?
end


But it looks like the @other_user is not being modified, so I think that error is in last assert.

My answer is wrong, I can't get this test to failed, it is because in last assertion
"assert_not @other_user.FILL_IN.admin?"


I don't know what to put in the FILL_IN section. I tried to cut off FILL_IN but this doesn't work.

Answer

You must reload the instance variable after making changes to the underlying record. This will load in the new changes.

assert_not @other_user.reload.admin?
Comments