diff options
author | Louise Crow <louise.crow@gmail.com> | 2013-08-22 15:23:46 +0100 |
---|---|---|
committer | Louise Crow <louise.crow@gmail.com> | 2013-09-16 12:42:19 +0100 |
commit | fd0c811cc4e01435ca89a419a521f6ac31a858b1 (patch) | |
tree | 477952cff8d4aec4e7ae8ca67d91f5ae0f64aeac /spec/controllers/request_controller_spec.rb | |
parent | c954d92fe4f558a5f4375016ee6cf517d3ec5ddd (diff) |
Restore the download for hidden requests
This was disabled for hidden requests as the download was by redirect,
allowing people who have not been authenticated to conceivably access
the download. We'll be moving to send_file instead, so can restore it.
Diffstat (limited to 'spec/controllers/request_controller_spec.rb')
-rw-r--r-- | spec/controllers/request_controller_spec.rb | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb index 8f8e3afa0..c5ee8cbf7 100644 --- a/spec/controllers/request_controller_spec.rb +++ b/spec/controllers/request_controller_spec.rb @@ -858,12 +858,6 @@ describe RequestController, "when handling prominence" do response.should render_template('show') end - it 'should not allow download of the entire request by admin user (or anyone)' do - session[:user_id] = FactoryGirl.create(:admin_user).id - get :download_entire_request, :url_title => @info_request.url_title - expect_hidden('hidden') - end - it 'should not cache an attachment when showing an attachment to the requester or admin' do session[:user_id] = @info_request.user.id incoming_message = @info_request.incoming_messages.first |