6d9e4a9330
The user can access this page without being logged in. We identify the user through the "subscriptions_token" parameter and show a list of the notifications that can be enable/disable. We will return a 404 error in case someone accesses the page with a non-existent token. We also control the case that some anonymous user tries to access the page without any token, by returning the CanCan::AccessDenied exception.
17 lines
502 B
Ruby
17 lines
502 B
Ruby
require "rails_helper"
|
|
|
|
describe SubscriptionsController do
|
|
describe "GET edit" do
|
|
it "returns a 404 code with a wrong token" do
|
|
expect { get :edit, params: { token: "non_existent" } }.to raise_error ActiveRecord::RecordNotFound
|
|
end
|
|
|
|
it "doesn't allow access to anonymous users without a token" do
|
|
get :edit, params: { token: "" }
|
|
|
|
expect(response).to redirect_to "/"
|
|
expect(flash[:alert]).to eq "You do not have permission to access this page."
|
|
end
|
|
end
|
|
end
|