How to test attr_accessible fields in RSpec

Question

So we have been setting up attr_accessible and attr_protected on many fields through out our Rails 3.2 app. For now we really don't test to ensure that these fields are protected.

So I decided to google some answers and stumbled upon this solution:

RSpec::Matchers.define :be_accessible do |attribute|
  match do |response|
    response.send("#{attribute}=", :foo)
    response.send("#{attribute}").eql? :foo
  end
  description { "be accessible :#{attribute}" }
  failure_message_for_should { ":#{attribute} should be accessible" }
  failure_message_for_should_not { ":#{attribute} should not be accessible" }
end

But this solution only test's to see if the method is responding. What I need is a way for me to test that attributes can and can't be mass assigned. I honestly love the syntax

it { should_not be_accessible :field_name }
it { should be_accessible :some_field }

Does anyone have a better solution to this problem?

Answer 1

You can check if the attribute is on #accessible_attributes list

RSpec::Matchers.define :be_accessible do |attribute|
  match do |response|
    response.class.accessible_attributes.include?(attribute)
  end
  description { "be accessible :#{attribute}" }
  failure_message_for_should { ":#{attribute} should be accessible" }
  failure_message_for_should_not { ":#{attribute} should not be accessible" }
end

Answer 2

I was looking for something similar and then I was told about the shoulda-matcher allow_mass_assigment_of. That ended up working for me without creating a custom matcher.

it { should allow_mass_assignment_of :some_field }
it { should_not allow_mass_assignment_of :field_name }

Hope this helps someone else.

Answer 3

If for some reason RSpec is tripping up on juicedM3's answer above like mine was you can do something like this:

specify { expect { Model.new(unaccessible_attr: value) }.to raise_error(ActiveModel::MassAssignmentSecurity::Error) }