context "A user who is not logged in" do
  setup { @request.session[:user_id] = nil }

  should_login_before :index, :get
  should_login_before :show, :get
  should_login_before :new, :get
  should_login_before :create, :post
  should_login_before :edit, :get
  should_login_before :update, :put
  should_login_before :destroy, :delete
end

context "A regular_user" do
  setup { login_as :regular_user }

  should_be_denied_access_to :index, :get
  should_be_denied_access_to :show, :get
  should_be_denied_access_to :new, :get
  should_be_denied_access_to :create, :post
  should_be_denied_access_to :edit, :get
  should_be_denied_access_to :update, :put
  should_be_denied_access_to :destroy, :delete
end

def self.should_login_before action, http_method
  should "login before #{http_method.to_s.upcase} to #{action}" do 
    send(http_method, action)
    assert_equal flash[:failure], 'Please log in.'
    assert_redirected_to login_path
  end
end

def self.should_be_denied_access_to action, http_method
  should "should be denied access to #{http_method.to_s.upcase} to #{action}" do 
    send(http_method, action)
    assert_equal flash[:failure], 'You do not have access to that page.'
    assert_redirected_to home_path
  end
end