RubyGems - authorized_rails_scaffolds - Versions diffs - 0.0.8 → 0.0.9 - Mend

authorized_rails_scaffolds 0.0.8 → 0.0.9

Files changed (11) hide show

data/lib/authorized_rails_scaffolds/helper.rb CHANGED Viewed

@@ -8,6 +8,7 @@ module AuthorizedRailsScaffolds
       @plural_var_name = options[:plural_var_name] || @var_name.pluralize # Pluralized non-namespaced variable name
       # Determine namespace prefix i.e awesome
       @namespace_prefix = options[:namespace_prefix] || options[:singular_table_name][0..-(@var_name.length + 2)]
+      @controller_prefix = options[:controller_prefix] || options[:class_name].split('::')[0..-2].join('::')
       # Determine Parent Prefix i.e. user_company
       parent_prefix = AuthorizedRailsScaffolds.parent_models.collect{ |x| x.underscore }.join('_')
@@ -24,6 +25,11 @@ module AuthorizedRailsScaffolds
       @single_path_prefix = "#{@route_prefix}#{var_name}"
     end
+    # Prefix for Controllers (i.e. Admin::)
+    def ns_controller_prefix
+      "#{@controller_prefix}::" unless @controller_prefix.blank?
+    end
     # Non-namespaced class name (i.e. FooBar)
     def local_class_name
       @local_class_name

data/lib/authorized_rails_scaffolds/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthorizedRailsScaffolds
-  VERSION = "0.0.8"
+  VERSION = "0.0.9"
 end

data/lib/generators/authorized_rails_scaffolds/install_macros/templates/devise_can_can/USAGE CHANGED Viewed

@@ -3,5 +3,5 @@
 #
 RSpec.configure do |config|
   config.include Devise::TestHelpers, :type => :controller
-  config.extend DeviseCanCanControllerMacros, :type => :controller
+  config.include DeviseCanCanControllerMacros, :type => :controller
 end

data/lib/generators/authorized_rails_scaffolds/install_macros/templates/devise_can_can/controller_macros.rb CHANGED Viewed

@@ -1,25 +1,44 @@
 module DeviseCanCanControllerMacros
-  def login_unauthorized_user
-    before(:each) do
-      @ability = Object.new
-      @ability.extend(CanCan::Ability)
-      @controller.stubs(:current_ability).returns(@ability)
-      @request.env["devise.mapping"] = Devise.mappings[:user]
-      @logged_in_user = FactoryGirl.create(:user)
-      sign_in @logged_in_user
+  module ClassMethods
+    def grant_ability(action, subject)
+      before(:each) do
+        stub_ability.can action, subject
+      end
+    end
+    def login_unauthorized_user
+      before(:each) do
+        stub_ability
+        @request.env["devise.mapping"] = Devise.mappings[:user]
+        @logged_in_user = FactoryGirl.create(:user)
+        sign_in @logged_in_user
+      end
+    end
+    def login_user_with_ability(action, subject)
+      before(:each) do
+        stub_ability.can action, subject
+        @request.env["devise.mapping"] = Devise.mappings[:user]
+        @logged_in_user = FactoryGirl.create(:user)
+        sign_in @logged_in_user
+      end
     end
   end
-  def login_user_with_ability(action, subject)
-    before(:each) do
+  def self.included(controller_spec)
+    controller_spec.extend(ClassMethods)
+  end
+  def stub_ability
+    unless @ability
       @ability = Object.new
       @ability.extend(CanCan::Ability)
-      @ability.can action, subject
       @controller.stubs(:current_ability).returns(@ability)
-      @request.env["devise.mapping"] = Devise.mappings[:user]
-      @logged_in_user = FactoryGirl.create(:user)
-      sign_in @logged_in_user
     end
+    @ability
   end
 end

data/lib/generators/authorized_rails_scaffolds/install_templates/templates/scaffold/controller.rb CHANGED Viewed

@@ -19,9 +19,9 @@ orm_instance = Rails::Generators::ActiveModel.new var_name
 -%>
 <% module_namespacing do -%>
-class <%= controller_class_name %>Controller < ApplicationController
+class <%= controller_class_name %>Controller < <%= t_helper.ns_controller_prefix %>ApplicationController
   <%- AuthorizedRailsScaffolds.parent_models.each_with_index do |model, model_index| -%>
-  load_resource :<%= model.underscore %><% if model_index > 0 %>, :through => :<%= AuthorizedRailsScaffolds.parent_models[model_index - 1].underscore %><% end %>
+  load_and_authorize_resource :<%= model.underscore %><% if model_index > 0 %>, :through => :<%= AuthorizedRailsScaffolds.parent_models[model_index - 1].underscore %><% end %>
   <%- end -%>
   load_and_authorize_resource :<%= var_name%><% if AuthorizedRailsScaffolds.parent_models.any? %>, :through => :<%= AuthorizedRailsScaffolds.parent_models.last.underscore %><% end %>

data/lib/generators/authorized_rails_scaffolds/install_templates/templates/spec/controller_spec.rb CHANGED Viewed

@@ -57,39 +57,45 @@ describe <%= controller_class_name %>Controller do
 <%- end -%>
 <% unless options[:singleton] -%>
   describe "GET index" do
-    context 'without a user' do
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :index, {<%= t_helper.index_action_params_prefix %>}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :index, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
       end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :index, {<%= t_helper.index_action_params_prefix %>}
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :index, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should redirect_to(root_url) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
-        it { should redirect_to(root_url) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
       end
-    end
-    context 'as user with read ability' do
-      login_user_with_ability :read, <%= local_class_name %>
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :index, {<%= t_helper.index_action_params_prefix %>}
-        end
-        it { should respond_with(:success) }
-        it { should render_template(:index) }
-        it { should render_with_layout(:application) }
-        it "assigns all <%= plural_var_name %> as @<%= plural_var_name %>" do
-          assigns(:<%= plural_var_name %>).should eq([@<%= var_name %>])
+      context 'as user with read ability' do
+        login_user_with_ability :read, <%= local_class_name %>
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :index, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should respond_with(:success) }
+          it { should render_template(:index) }
+          it { should render_with_layout(:application) }
+          it "assigns all <%= plural_var_name %> as @<%= plural_var_name %>" do
+            assigns(:<%= plural_var_name %>).should eq([@<%= var_name %>])
+          end
         end
       end
     end
@@ -97,279 +103,319 @@ describe <%= controller_class_name %>Controller do
 <% end -%>
   describe "GET show" do
-    context 'without a user' do
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+        grant_ability :read, <%= model.classify %>
+        <%- end -%>
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
       end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
       end
-    end
-    context 'as user with read ability' do
-      login_user_with_ability :read, <%= local_class_name %>
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
-        end
-        it { should respond_with(:success) }
-        it { should render_template(:show) }
-        it { should render_with_layout(:application) }
-        it "assigns the requested <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+      context 'as user with read ability' do
+        login_user_with_ability :read, <%= local_class_name %>
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should respond_with(:success) }
+          it { should render_template(:show) }
+          it { should render_with_layout(:application) }
+          it "assigns the requested <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+          end
         end
       end
     end
   end
   describe "GET new" do
-    context 'without a user' do
-      describe 'with valid request' do
-        before(:each) do
-          get :new, {<%= t_helper.index_action_params_prefix %>}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid request' do
+          before(:each) do
+            get :new, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
       end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe 'with valid request' do
-        before(:each) do
-          get :new, {<%= t_helper.index_action_params_prefix %>}
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe 'with valid request' do
+          before(:each) do
+            get :new, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
       end
-    end
-    context 'as user with create ability' do
-      login_user_with_ability :create, <%= local_class_name %>
-      describe 'with valid request' do
-        before(:each) do
-          get :new, {<%= t_helper.index_action_params_prefix %>}
-        end
-        it { should respond_with(:success) }
-        it { should render_template(:new) }
-        it { should render_with_layout(:application) }
-        it "assigns a new <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should be_a_new(<%= local_class_name %>)
+      context 'as user with create ability' do
+        login_user_with_ability :create, <%= local_class_name %>
+        describe 'with valid request' do
+          before(:each) do
+            get :new, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should respond_with(:success) }
+          it { should render_template(:new) }
+          it { should render_with_layout(:application) }
+          it "assigns a new <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should be_a_new(<%= local_class_name %>)
+          end
         end
       end
     end
   end
   describe "GET edit" do
-    context 'without a user' do
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
       end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
       end
-    end
-    context 'as user with update ability' do
-      login_user_with_ability :update, <%= local_class_name %>
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
-        end
-        it { should respond_with(:success) }
-        it { should render_template(:edit) }
-        it { should render_with_layout(:application) }
-        it "assigns the requested <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+      context 'as user with update ability' do
+        login_user_with_ability :update, <%= local_class_name %>
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should respond_with(:success) }
+          it { should render_template(:edit) }
+          it { should render_with_layout(:application) }
+          it "assigns the requested <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+          end
         end
       end
     end
   end
   describe "POST create" do
-    context 'without a user' do
-      describe 'with valid params' do
-        before(:each) do
-          post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
-        end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
-      end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe "with valid params" do
-        before(:each) do
-          post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
-        end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
-      end
-    end
-    context 'as user with create ability' do
-      login_user_with_ability :create, <%= local_class_name %>
-      describe "with valid params" do
-        it "creates a new <%= local_class_name %>" do
-          expect {
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid params' do
+          before(:each) do
             post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
-          }.to change(<%= local_class_name %>, :count).by(1)
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
       end
-      describe 'with valid params' do
-        before(:each) do
-          post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
-        end
-        it "assigns a newly created <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should be_a(<%= local_class_name %>)
-          assigns(:<%= var_name %>).should be_persisted
-        end
-        it "redirects to the created <%= var_name %>" do
-          response.should redirect_to(<%= t_helper.controller_show_route "#{local_class_name}.last" %>)
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe "with valid params" do
+          before(:each) do
+            post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
       end
-      describe "with invalid params" do
-        before(:each) do
-          # Trigger the behavior that occurs when invalid params are submitted
-          <%= local_class_name %>.any_instance.stub(:save).and_return(false)
-          post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => <%= formatted_hash(example_invalid_attributes) %>}
-        end
-        it { should render_template(:new) }
-        it { should render_with_layout(:application) }
-        it "assigns a newly created but unsaved <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should be_a_new(<%= local_class_name %>)
+      context 'as user with create ability' do
+        login_user_with_ability :create, <%= local_class_name %>
+        describe "with valid params" do
+          it "creates a new <%= local_class_name %>" do
+            expect {
+              post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
+            }.to change(<%= local_class_name %>, :count).by(1)
+          end
+        end
+        describe 'with valid params' do
+          before(:each) do
+            post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
+          end
+          it "assigns a newly created <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should be_a(<%= local_class_name %>)
+            assigns(:<%= var_name %>).should be_persisted
+          end
+          it "redirects to the created <%= var_name %>" do
+            response.should redirect_to(<%= t_helper.controller_show_route "#{local_class_name}.last" %>)
+          end
+        end
+        describe "with invalid params" do
+          before(:each) do
+            # Trigger the behavior that occurs when invalid params are submitted
+            <%= local_class_name %>.any_instance.stub(:save).and_return(false)
+            post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => <%= formatted_hash(example_invalid_attributes) %>}
+          end
+          it { should render_template(:new) }
+          it { should render_with_layout(:application) }
+          it "assigns a newly created but unsaved <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should be_a_new(<%= local_class_name %>)
+          end
         end
       end
     end
   end
   describe "PUT update" do
-    context 'without a user' do
-      describe 'with valid params' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
-        end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
-      end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe "with valid params" do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
-        end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
-      end
-    end
-    context 'as user with update ability' do
-      login_user_with_ability :update, <%= local_class_name %>
-      describe "with valid params" do
-        it "updates the requested <%= var_name %>" do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          # Assuming there are no other <%= var_name %> in the database, this
-          # specifies that the <%= local_class_name %> created on the previous line
-          # receives the :update_attributes message with whatever params are
-          # submitted in the request.
-          <%- if Rails.version >= '4' -%>
-          <%= local_class_name %>.any_instance.should_receive(:update).with(<%= formatted_hash(example_params_for_update) %>)
-          <%- else -%>
-          <%= local_class_name %>.any_instance.should_receive(:update_attributes).with(<%= formatted_hash(example_params_for_update) %>)
-          <%- end -%>
-          put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => <%= formatted_hash(example_params_for_update) %>}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid params' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
       end
-      describe "with valid params" do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
-        end
-        it "assigns the requested <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should eq(@<%= var_name %>)
-        end
-        it "redirects to the <%= var_name %>" do
-          response.should redirect_to(<%= t_helper.controller_show_route "@#{var_name}" %>)
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe "with valid params" do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
       end
-      describe "with invalid params" do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          # Trigger the behavior that occurs when invalid params are submitted
-          <%= local_class_name %>.any_instance.stub(:save).and_return(false)
-          put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => <%= formatted_hash(example_invalid_attributes) %>}
-        end
-        it { should render_template(:edit) }
-        it { should render_with_layout(:application) }
-        it "assigns the <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+      context 'as user with update ability' do
+        login_user_with_ability :update, <%= local_class_name %>
+        describe "with valid params" do
+          it "updates the requested <%= var_name %>" do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            # Assuming there are no other <%= var_name %> in the database, this
+            # specifies that the <%= local_class_name %> created on the previous line
+            # receives the :update_attributes message with whatever params are
+            # submitted in the request.
+            <%- if Rails.version >= '4' -%>
+            <%= local_class_name %>.any_instance.should_receive(:update).with(<%= formatted_hash(example_params_for_update) %>)
+            <%- else -%>
+            <%= local_class_name %>.any_instance.should_receive(:update_attributes).with(<%= formatted_hash(example_params_for_update) %>)
+            <%- end -%>
+            put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => <%= formatted_hash(example_params_for_update) %>}
+          end
+        end
+        describe "with valid params" do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
+          end
+          it "assigns the requested <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+          end
+          it "redirects to the <%= var_name %>" do
+            response.should redirect_to(<%= t_helper.controller_show_route "@#{var_name}" %>)
+          end
+        end
+        describe "with invalid params" do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            # Trigger the behavior that occurs when invalid params are submitted
+            <%= local_class_name %>.any_instance.stub(:save).and_return(false)
+            put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => <%= formatted_hash(example_invalid_attributes) %>}
+          end
+          it { should render_template(:edit) }
+          it { should render_with_layout(:application) }
+          it "assigns the <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+          end
         end
       end
     end
   end
   describe "DELETE destroy" do
-    context 'without a user' do
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
       end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe "with valid request" do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe "with valid request" do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
       end
-    end
-    context 'as user with destroy ability' do
-      login_user_with_ability :destroy, <%= local_class_name %>
-      it "destroys the requested <%= var_name %>" do
-        @<%= var_name %> = <%= t_helper.create_factory_model %>
-        expect {
-          delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
-        }.to change(<%= local_class_name %>, :count).by(-1)
-      end
-      describe 'with valid request' do
-        before(:each) do
+      context 'as user with destroy ability' do
+        login_user_with_ability :destroy, <%= local_class_name %>
+        it "destroys the requested <%= var_name %>" do
           @<%= var_name %> = <%= t_helper.create_factory_model %>
-          delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
-        end
-        it "redirects to the <%= var_name %> list" do
-          response.should redirect_to(<%= t_helper.controller_index_route %>)
+          expect {
+            delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          }.to change(<%= local_class_name %>, :count).by(-1)
+        end
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it "redirects to the <%= var_name %> list" do
+            response.should redirect_to(<%= t_helper.controller_index_route %>)
+          end
         end
       end
     end