return 403 for non public reports

author: Struan Donald <struan@exo.org.uk> 2012-08-31 10:48:14 +0100
committer: Struan Donald <struan@exo.org.uk> 2012-08-31 13:01:08 +0100
commit: 1567ec21cf085c87b5e92d5755e8cccaec4e656d (patch)
tree: a58933ec260c53e450e6182eacb11eb65580f835 /t/app
parent: 12e567387969c3d13d0519de353d65df8072417c (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/t/app/controller/report_display.t b/t/app/controller/report_display.t
index 6c2733e36..c7ba8ab48 100644
--- a/t/app/controller/report_display.t
+++ b/t/app/controller/report_display.t
@@ -98,6 +98,15 @@ subtest "change report to hidden and check for 410 status" => sub {
     ok $report->update( { state => 'confirmed' } ), 'confirm report again';
 };
 
+subtest "change report to non_public and check for 403 status" => sub {
+    ok $report->update( { non_public => 1 } ), 'make report non public';
+    ok $mech->get("/report/$report_id"), "get '/report/$report_id'";
+    is $mech->res->code, 403, "access denied";
+    is $mech->uri->path, "/report/$report_id", "at /report/$report_id";
+    $mech->content_contains('That report cannot be viewed on FixMyStreet.');
+    ok $report->update( { non_public => 0 } ), 'make report public';
+};
+
 subtest "test a good report" => sub {
     $mech->get_ok("/report/$report_id");
     is $mech->uri->path, "/report/$report_id", "at /report/$report_id";
author	Struan Donald <struan@exo.org.uk>	2012-08-31 10:48:14 +0100
committer	Struan Donald <struan@exo.org.uk>	2012-08-31 13:01:08 +0100
commit	1567ec21cf085c87b5e92d5755e8cccaec4e656d (patch)
tree	a58933ec260c53e450e6182eacb11eb65580f835 /t/app
parent	12e567387969c3d13d0519de353d65df8072417c (diff)