I'm trying to test the controller - to make sure that a logged in user who is not an admin user, cannot look at another users show page, and that they can look at their own.

I'm beginning to suspect that this testing is really only relevant inside the policy tests and that I have to assume that the controllers are following the policies as described.  

The system uses:
Rails 4.2.1
Minitest
Devise
Pundit
Rolify

Is what I'm trying to do outside the scope of a functional (controller) test?  Would it be more realistic to do this as an integration test or an acceptance test or is there a way to get it done here?

Thanks in advance