diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2018-09-20 08:50:05 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2018-09-20 08:52:40 +0100 |
| commit | 1de47094d7a569c0055c0d23657140772c87d93d (patch) | |
| tree | 3d2ce01f31e783e60758594a52eb9cb876319c06 /t/app/controller/admin/permissions.t | |
| parent | 506938574095ebeee250cdf8987e025d8897de91 (diff) | |
Don't lose from_body if edited by non-superuser.
If an admin with the user_edit permission but not user_assign_body
edited a user with from_body set, the from_body field was lost.
Diffstat (limited to 't/app/controller/admin/permissions.t')
| -rw-r--r-- | t/app/controller/admin/permissions.t | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/t/app/controller/admin/permissions.t b/t/app/controller/admin/permissions.t index 7944cc0b1..e7f85d140 100644 --- a/t/app/controller/admin/permissions.t +++ b/t/app/controller/admin/permissions.t @@ -100,6 +100,16 @@ FixMyStreet::override_config { } } + subtest "Users can't edit users of their own council without permission" => sub { + $mech->get_ok("/admin/user_edit/$user2_id"); + $mech->submit_form_ok( { with_fields => { + email => $user2->email, + } } ); + $user2->discard_changes; + # Make sure we haven't lost the from_body info + is $user2->from_body->id, $oxfordshire->id; + }; + $oxfordshireuser->user_body_permissions->create({ body => $oxfordshire, permission_type => 'user_assign_body', |