aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/controllers/request_controller.rb2
-rw-r--r--spec/controllers/request_controller_spec.rb18
2 files changed, 17 insertions, 3 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 1698635e8..bba614851 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -507,7 +507,7 @@ class RequestController < ApplicationController
def describe_state_requires_admin
@info_request = InfoRequest.find_by_url_title!(params[:url_title])
- if !authenticated_as_user?(@info_request.user,
+ unless @info_request.is_owning_user?(authenticated_user) || authenticated_as_user?(@info_request.user,
:web => _("To classify the response to this FOI request"),
:email => _("Then you can classify the FOI response you have got from ") + @info_request.public_body.name + ".",
:email_subject => _("Classify an FOI response from ") + @info_request.public_body.name)
diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb
index 9df100d76..005a77f17 100644
--- a/spec/controllers/request_controller_spec.rb
+++ b/spec/controllers/request_controller_spec.rb
@@ -1269,9 +1269,11 @@ describe RequestController, "describe_state_requires_admin" do
end
context "logged in but not owner of request" do
+ let(:user) { users(:silly_name_user) }
+
before :each do
- session[:user_id] = users(:silly_name_user).id
- info_request.user_id.should_not == users(:silly_name_user).id
+ session[:user_id] = user.id
+ info_request.user_id.should_not == user.id
end
it "should not allow you to change the state" do
@@ -1280,6 +1282,18 @@ describe RequestController, "describe_state_requires_admin" do
post :describe_state_requires_admin, :message => "Something weird happened", :url_title => "info_request"
response.should render_template('user/wrong_user')
end
+
+ context "and has admin powers" do
+ before :each do
+ user.update_attribute(:admin_level, "super")
+ end
+
+ it "should set the state" do
+ info_request.should_receive(:set_described_state).with("requires_admin", nil, "Something weird happened")
+
+ post :describe_state_requires_admin, :message => "Something weird happened", :url_title => "info_request"
+ end
+ end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 13:47:58 +0000