Authentication should only apply to admin interface when *both* email *and* password are unset

author: Seb Bacon <seb.bacon@gmail.com> 2011-07-26 17:19:14 +0100
committer: Seb Bacon <seb.bacon@gmail.com> 2011-07-27 08:50:27 +0100
commit: 67829b434b56b60fa281b8a147003d86e28c074a (patch)
tree: 32c1f929a1c523e5bd844048c20e6a0fadf65f0e /spec/controllers/admin_public_body_controller_spec.rb
parent: 51dbaf3e40f4da6219633e50cc59aefb04366000 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb
index cb622dabd..3a768686d 100644
--- a/spec/controllers/admin_public_body_controller_spec.rb
+++ b/spec/controllers/admin_public_body_controller_spec.rb
@@ -65,6 +65,15 @@ describe AdminPublicBodyController, "when administering public bodies" do
         post :destroy, { :id => 3 }
         PublicBody.count.should == 1
     end
+    it "when no username set, skip admin authorisation" do
+        config = MySociety::Config.load_default()
+        config['ADMIN_USERNAME'] = ''
+        config['ADMIN_PASSWORD'] = 'fuz'
+        @request.env["HTTP_AUTHORIZATION"] = ""
+        PublicBody.count.should == 2
+        post :destroy, { :id => 3 }
+        PublicBody.count.should == 1
+    end
 
 
 end
author	Seb Bacon <seb.bacon@gmail.com>	2011-07-26 17:19:14 +0100
committer	Seb Bacon <seb.bacon@gmail.com>	2011-07-27 08:50:27 +0100
commit	67829b434b56b60fa281b8a147003d86e28c074a (patch)
tree	32c1f929a1c523e5bd844048c20e6a0fadf65f0e /spec/controllers/admin_public_body_controller_spec.rb
parent	51dbaf3e40f4da6219633e50cc59aefb04366000 (diff)