Ruby On Rails Lesson
Requiring the Right User
Of course, requiring users to sign in isn’t quite enough; users should only be allowed to edit their own information. We can test for this by first signing in as an incorrect user and then hitting the edit and update actions (Listing 9.14). Note that, since users should never even try to edit another user’s profile, we redirect not to the signin page but to the root URL.
Note here that a factory can take an option: