As explained in: http://www.embracingchaos.com/2007/05/model_security_.html the problem with model security is that it requires that you have a controller for your unit tests to work.

We solved this with a mock object we called “AlwaysAdmin”

class AlwaysAdmin # this routine is most useful when using script/console! def self.fake_out_login Thread.current[:session] = Hash.new User.current=AlwaysAdmin.new end def logged_in_as_admin? true end def logged_in_as_role1? true end def logged_in? true end def admin? true end end

In our unit tests where we don’t care at all about model security, we do:

class MyTest < Test::Unit::TestCase fixtures :myfixtures def setup AlwaysAdmin.fake_out_login end end

Bruce Perens says: I’m rewriting it right now, as part of the software development of new blog software at http://new.technocrat.net . There is a source link at the bottom of the page there that returns source.tgz containing a tar of the running software version created every time I restart the application. Only the User and Session classes are done so far, not ModelSecurity. They are under vendor/plugins/user in the source.tgz archive. User and Session are RESTful now, and are an Engine so they can have views and routes.