Don’t reveal private report lat/lon in ‘report another’ link

author: Dave Arter <davea@mysociety.org> 2019-08-19 11:23:56 +0100
committer: Dave Arter <davea@mysociety.org> 2019-08-19 11:23:56 +0100
commit: 23bfb619e0dc45ee0697691e79df271f66a04714 (patch)
tree: deb064635159e6c58a89c30ee717f6b8c1583aaf /t/app/controller
parent: 4ed2eaefc4f76330dad4c28c95481bc259b9db18 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/t/app/controller/report_display.t b/t/app/controller/report_display.t
index bb5b0a72d..ddd69f18c 100644
--- a/t/app/controller/report_display.t
+++ b/t/app/controller/report_display.t
@@ -79,6 +79,9 @@ subtest "change report to non_public and check for 403 status" => sub {
     is $mech->res->code, 403, "access denied";
     is $mech->uri->path, "/report/$report_id", "at /report/$report_id";
     $mech->content_contains('permission to do that. If you are the problem reporter');
+    $mech->content_lacks('Report another problem here');
+    $mech->content_lacks($report->latitude);
+    $mech->content_lacks($report->longitude);
     ok $report->update( { non_public => 0 } ), 'make report public';
 };
 
@@ -95,6 +98,9 @@ subtest "check owner of report can view non public reports" => sub {
     is $mech->res->code, 403, "access denied to user who is not report creator";
     is $mech->uri->path, "/report/$report_id", "at /report/$report_id";
     $mech->content_contains('permission to do that. If you are the problem reporter');
+    $mech->content_lacks('Report another problem here');
+    $mech->content_lacks($report->latitude);
+    $mech->content_lacks($report->longitude);
     $mech->log_out_ok;
     ok $report->update( { non_public => 0 } ), 'make report public';
 };
author	Dave Arter <davea@mysociety.org>	2019-08-19 11:23:56 +0100
committer	Dave Arter <davea@mysociety.org>	2019-08-19 11:23:56 +0100
commit	23bfb619e0dc45ee0697691e79df271f66a04714 (patch)
tree	deb064635159e6c58a89c30ee717f6b8c1583aaf /t/app/controller
parent	4ed2eaefc4f76330dad4c28c95481bc259b9db18 (diff)