Need rubyists help in RSpec Framework

Recently I made a TDD for my project rails_todo_api it is a API only application with devise for user authentication and RSpec framework for testing. I'm new to testing and rspec. Here is my github repo: https://github.com/iak97/rails_todo_api.

I need a code review and feedback about it. What improvements and fixes I need to make to better the code. Thanks in advance!

Comments

[Stephen Dicks]

I have had a brief look and I'm not sure where you would like the comments. My main observation is that there doesn't seem to be any isolation, so user X can see and update user Y's todos if they can guess the id.

[Stephen Dicks]

A couple of other comments:

1. Your code is not very idiomatic. Todos.where(id: current_user.id) should be written as current_user.todos
2. It looks like something has gone wrong with your TDD process somewhere. Your controller request spec only specifies that you get ok and it returns either a list of known size or an 'id' field (for index and show). I would expect the test to assert what the todo actually looked like, which should then make you think about how it is rendered (which is just the default rendering I think). What does the status field actually look like? [Is it a number or text?]
3. You probably want extra endpoints for 'in progress todos', 'non-closed todos' - should a todo have an (optional?) date field? (which then can be overrun?).

I think an API like this is a bit too simple an example - it's a good starting point, but it doesn't really encourage you to do what we developers do, which is to solve problems for users. It might be better to make it a full-stack rails application with a simple UI, as it might help you think of some more use cases (what happens to done todos - should they be binnable which expires after a period?) and make it more than an academic exercise. Testing rails applications with capybara is great fun as well!

[Ajithkumar P S]

@starswan Thanks for your valuable comments and it will definitely help me to learn and grow. I will take these points and better my code. In the upcoming days will try to build a full-stack application and test it.

[Ajithkumar P S]

@starswan Thank you for taking the time to review my project and providing feedback! I appreciate your observation regarding the lack of isolation in user data and I will fix this.