diff options
| author | Robin Houston <robin.houston@gmail.com> | 2012-01-26 00:54:22 +0000 |
|---|---|---|
| committer | Robin Houston <robin.houston@gmail.com> | 2012-01-26 00:54:22 +0000 |
| commit | 6d7bea575ec185379efb648f6bbbd520029e3a91 (patch) | |
| tree | 5b02800891270972a8946518f37fb807f2b9b7d8 | |
| parent | 50220011b2858599bea42aa3189fbcefefa3d62e (diff) | |
Fix #372
| -rw-r--r-- | app/controllers/request_controller.rb | 2 | ||||
| -rw-r--r-- | spec/controllers/request_controller_spec.rb | 36 |
2 files changed, 27 insertions, 11 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 8e9b925dd..a70e8d16c 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -76,6 +76,7 @@ class RequestController < ApplicationController @collapse_quotes = params[:unfold] ? false : true @update_status = params[:update_status] ? true : false @old_unclassified = @info_request.is_old_unclassified? && !authenticated_user.nil? + @is_owning_user = @info_request.is_owning_user?(authenticated_user) if @update_status return if !@is_owning_user && !authenticated_as_user?(@info_request.user, @@ -108,7 +109,6 @@ class RequestController < ApplicationController # For send followup link at bottom @last_response = @info_request.get_last_response - @is_owning_user = @info_request.is_owning_user?(authenticated_user) respond_to do |format| format.html { @has_json = true; render :template => 'request/show'} format.json { render :json => @info_request.json_for_api(true) } diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb index ef1c8a556..055c9b3d4 100644 --- a/spec/controllers/request_controller_spec.rb +++ b/spec/controllers/request_controller_spec.rb @@ -108,24 +108,40 @@ describe RequestController, "when showing one request" do describe 'when handling an update_status parameter' do - - before do - mock_request = mock_model(InfoRequest, :url_title => 'test_title', - :title => 'test title', - :null_object => true) - InfoRequest.stub!(:find_by_url_title).and_return(mock_request) - end - it 'should assign the "update status" flag to the view as true if the parameter is present' do - get :show, :url_title => 'test_title', :update_status => 1 + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog', :update_status => 1 assigns[:update_status].should be_true end it 'should assign the "update status" flag to the view as false if the parameter is not present' do - get :show, :url_title => 'test_title' + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog' assigns[:update_status].should be_false end + it 'should require login' do + session[:user_id] = nil + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog', :update_status => 1 + post_redirect = PostRedirect.get_last_post_redirect + response.should redirect_to(:controller => 'user', :action => 'signin', :token => post_redirect.token) + end + + it 'should work if logged in as the requester' do + session[:user_id] = users(:bob_smith_user).id + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog', :update_status => 1 + response.should render_template "request/show" + end + + it 'should not work if logged in as not the requester' do + session[:user_id] = users(:silly_name_user).id + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog', :update_status => 1 + response.should render_template "user/wrong_user" + end + + it 'should work if logged in as an admin user' do + session[:user_id] = users(:admin_user).id + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog', :update_status => 1 + response.should render_template "request/show" + end end describe 'when handling incoming mail' do |