diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2016-10-26 17:01:56 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2016-10-26 17:20:11 +0100 |
| commit | 50379992dc95e242fd29f6e3473c70f2106749bc (patch) | |
| tree | c460b1b425ccf58720566cbfb72e79163eb471a0 /t | |
| parent | b42f354d5c4ad7f237a826033c3c176821e4a085 (diff) | |
Error if logged-in user visits admin without permission.
This is less confusing than redirecting to /auth and then to /my
(as they're logged in). Fixes #1566.
Diffstat (limited to 't')
| -rw-r--r-- | t/app/controller/admin.t | 18 | ||||
| -rw-r--r-- | t/cobrand/zurich.t | 8 |
2 files changed, 10 insertions, 16 deletions
diff --git a/t/app/controller/admin.t b/t/app/controller/admin.t index 6086cf3ac..1ab0cb488 100644 --- a/t/app/controller/admin.t +++ b/t/app/controller/admin.t @@ -1396,10 +1396,8 @@ subtest "Users without from_body can't access admin" => sub { $mech->log_in_ok( $user->email ); - $mech->get_ok('/admin'); - is $mech->uri->path, '/my', "redirected to correct page"; - is $mech->res->code, 200, "got 200 for final destination"; - is $mech->res->previous->code, 302, "got 302 for redirect"; + ok $mech->get('/admin'); + is $mech->res->code, 403, "got 403"; $mech->log_out_ok; }; @@ -1423,10 +1421,8 @@ subtest "Users with from_body can't access another council's admin" => sub { }, sub { $mech->log_in_ok( $oxfordshireuser->email ); - $mech->get_ok('/admin'); - is $mech->uri->path, '/my', "redirected to correct page"; - is $mech->res->code, 200, "got 200 for final destination"; - is $mech->res->previous->code, 302, "got 302 for redirect"; + ok $mech->get('/admin'); + is $mech->res->code, 403, "got 403"; $mech->log_out_ok; }; @@ -1438,10 +1434,8 @@ subtest "Users with from_body can't access fixmystreet.com admin" => sub { }, sub { $mech->log_in_ok( $oxfordshireuser->email ); - $mech->get_ok('/admin'); - is $mech->uri->path, '/my', "redirected to correct page"; - is $mech->res->code, 200, "got 200 for final destination"; - is $mech->res->previous->code, 302, "got 302 for redirect"; + ok $mech->get('/admin'); + is $mech->res->code, 403, "got 403"; $mech->log_out_ok; }; diff --git a/t/cobrand/zurich.t b/t/cobrand/zurich.t index 1ea55b003..b59e546dd 100644 --- a/t/cobrand/zurich.t +++ b/t/cobrand/zurich.t @@ -138,8 +138,8 @@ FixMyStreet::override_config { my $user = $mech->log_in_ok( 'dm1@example.org') ; $user->from_body( undef ); $user->update; - $mech->get_ok( '/admin' ); - is $mech->uri->path, '/my', "got sent to /my"; + ok $mech->get( '/admin' ); + is $mech->res->code, 403, 'Got 403'; $user->from_body( $division->id ); $user->update; @@ -361,9 +361,9 @@ subtest 'SDM' => sub { FixMyStreet::override_config { ALLOWED_COBRANDS => [ 'zurich' ], }, sub { - $mech->get_ok( '/admin' ); + ok $mech->get( '/admin' ); }; - is $mech->uri->path, '/my', "got sent to /my"; + is $mech->res->code, 403, 'Got 403'; $user->from_body( $subdivision->id ); $user->update; |