some interesting viewpoints so far. How do people feel about something like this:
Given every type of user
When they visit account/manage
Then only Admins and Managers should get access
Given("every type of user") do
@users = {
:admin => new_admin,
:manager => new_manager,
:supervisor => new_supervisor,
:reviewer => new_reviewer,
:user => new_user
}
end
When("they visit $url") do |url|
@url = url
end
Then("only $allow_list should get access") do |allow_list|
allow_list = allow_list.split(' and ').collect {|x| x.downcase.singularize.intern}
allow_list.each do |x|
user = @users.delete(x)
# log user in
get @url
response.should_not be_redirect
end
@users.each do |x|
#log user in
get @url
response.should redirect_to("not_authorised")
end
end
any major BDD violations there? I personally don't mind the somewhat complex steps because as Ben pointed out, the plain text stories are more manageable this way and still very readable.
Neil M. Young wrote:
I'm finding that I'm writing sets of very similar scenarios to check access permissions for each of my actions.
snip
