Fix "requiring authorization" shared examples in our test suite

[coalest]

Description

We have a set of shared examples called "required authorization" (link to source). They are meant to be a DRY way to ensure that the controller actions or requests require authorization.

The problem is there a bug in the implementation which means that the shared specs will always pass.

To illustrate, running the following specs:

FooController = Class.new(ActionController::Base)

RSpec.describe FooController, type: :controller do
  let(:object) { create(:item) }

  include_examples "requiring authorization"
end

RSpec.describe "foo", type: :request do
  let(:object) { create(:item) }

  include_examples "requiring authorization"
end

produces this output:

Randomized with seed 56820

foo
  redirects the user to the sign-in page for CRUD actions

FooController
  redirects the user to the sign-in page for CRUD actions

Finished in 0.73823 seconds (files took 3.71 seconds to load)
2 examples, 0 failures

Let's fix this so that these shared examples are actually testing authorization.

Issues to resolve

• Fix the bug causing every example block to be skipped. (Hint: Look at how the constraints passed in are defined/mutated.)
• These shared examples are used in both controller specs and request specs, but look to be written exclusively for controller specs. Let's either create separate shared examples for request specs or refactor the specs to work for both controller and request specs.

[coalest]

@dorner Do you mind taking at a look at this issue and seeing if it's described correctly and that you think this is worth fixing? (Maybe this isn't a priority and we just want to delete these examples entirely since they aren't doing anything.) I wouldn't want someone to start working on this if a PR isn't wanted.