如何在Rails / Capybara / Cucumber或Rspec中测试帖子

I'm using rspec, cucumber and capybara and I'm looking for a way to test that a malicious user can't hack a form then post to an url he/she doesn't have permission to. I have my permissions set up in cancan such that this "should" work, however, the only way I can test it is by hacking a form myself.I'm using rspec, cucumber and capybara and I'm