I am trying to test my controller and maintain separation of concerns. The first concern is "Who is able to execute which action?" I am using authlogic for authentication and be9's acl9 for authorization. But this should not matter, all my authorization concerns are handled in a before_filter. I am testing such a before_filter by something similar to this: describe SomeModelsController, "GET to in