Update Test suite to handle admin priviledges

Author: Cyrus-Kiprop

app/controllers/authentication_controller.rb

@@ -1,6 +1,7 @@
 class AuthenticationController < ApplicationController
  # return auth token once user is authenticated
  skip_before_action :authorize_request, only: :authenticate
+ skip_before_action :admin?
 
  def authenticate
  auth_token =

app/controllers/users_controller.rb

@@ -1,5 +1,6 @@
 class UsersController < ApplicationController
  skip_before_action :authorize_request, only: :create
+ skip_before_action :admin?
 
  # POST /signup
  # return authenticated token upon signup

app/controllers/v1/measurements_controller.rb

@@ -2,6 +2,7 @@ module V1
  class MeasurementsController < ApplicationController
  before_action :set_measure
  before_action :set_measure_item, only: %i[show update destroy]
+ skip_before_action :admin?
 
  # GET /measures/:measure_id/measurements
  def index

spec/requests/measures_request_spec.rb

@@ -3,11 +3,14 @@
 RSpec.describe 'Measures', type: :request do
  # initialize test data
  let(:user) { create(:user) }
+ let(:admin) { create(:user, admin: true) }
  let!(:measures) { create_list(:measure, 10, user_id: user.id) }
  let(:measure_id) { measures.first.id }
 
+
+
  # authorize_request
- let(:headers) { valid_headers }
+ let(:headers) { valid_headers(user.id) }
 
  # Test suite for GET /measures
  describe 'GET /measures' do
@@ -62,11 +65,27 @@
  {body_part_name: 'Thighs' }.to_json
  end
 
+
+ context 'when non-admin users try to access this endpoint' do
+ before { post '/measures', params: valid_attributes, headers: valid_headers(user.id) }
+
+ it 'return unauthorized request' do
+ expect(response.body).to match("{\"message\":\"Unauthorized request\"}")
+ end
+
+ it 'returns status code 201' do
+ expect(response).to have_http_status(422)
+ end
+ end
+
+
+ let(:headers) { valid_headers(admin.id) }
+
  context 'when the request is valid' do
  before { post '/measures', params: valid_attributes, headers: headers }
 
  it 'creates a todo' do
- expect(json['user_id']).to eq(user.id)
+ expect(json['user_id']).to eq(admin.id)
  end
 
  it 'returns status code 201' do
@@ -76,6 +95,7 @@
 
  context 'when the request is invalid' do
  let(:invalid_attributes) { { }.to_json }
+
  before { post '/measures', params: invalid_attributes, headers: headers }
 
  it 'returns status code 422' do
@@ -91,6 +111,7 @@
 
  # Test suite for DELETE /measures/:id
  describe 'DELETE /measures/:id' do
+ let(:headers) { valid_headers(admin.id) }
  before { delete "/measures/#{measure_id}", params: {}, headers: headers }
 
  it 'returns status code 204' do

spec/support/controller_spec_helper.rb

@@ -10,13 +10,17 @@ def expired_token_generator(user_id)
  end
 
  # return valid headers
- def valid_headers
+ def valid_headers(id=user.id)
  {
- "Authorization" => token_generator(user.id),
+ "Authorization" => token_generator(id),
  "Content-Type" => "application/json"
  }
  end
 
+ def admin_headers
+
+ end
+
  # return invalid headers
  def invalid_headers
  {