Legal stuff about this site and your private life:

  • We use a cookie to keep your preferences (language, NSFW status, login status) during navigation.
  • We use your local storage to save the announces you closed (like this one).
  • We don't save informations you don't give
  • We don't share your email address if you comment or register
  • There is no tracker of any kind.

If you're not OK with this, move your way.

Rails: Check Pundit authorization in RSpec

Pundit provide two helper methods to help you ensure the actions are authorized/scoped: verify_authorized and verify_policy_scoped. They are meant to be used in an after_action hook.

As the check is made after the action, I see no point of using it in production, so I use it in RSpec:

# rails_helper.rb
# ...
config.before(:suite) do
  FactoryBot.create :user, :known
  ApplicationController.send(:after_action, :verify_authorized, {except: [:index]})
  ApplicationController.send(:after_action, :verify_policy_scoped, {only: [:index]})
end
# ...

This way, it's still checked during all the tests using controllers.

Rail: sending emails via a rake task won't work if you use the_mail.deliver_later. Use the_mail.deliver, instead.

Keep in mind that .deliver will be blocking in the context of the Rails server.