aboutsummaryrefslogtreecommitdiffstats
path: root/spec/controllers/request_controller_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/controllers/request_controller_spec.rb')
-rw-r--r--spec/controllers/request_controller_spec.rb14
1 files changed, 14 insertions, 0 deletions
diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb
index be9df90c4..6adba4464 100644
--- a/spec/controllers/request_controller_spec.rb
+++ b/spec/controllers/request_controller_spec.rb
@@ -1254,6 +1254,20 @@ describe RequestController, "describe_state_requires_admin" do
end
end
+ context "logged in but not owner of request" do
+ it "should not allow you to change the state" do
+ info_request = info_requests(:fancy_dog_request)
+ session[:user_id] = users(:silly_name_user).id
+ info_request.user_id.should_not == users(:silly_name_user).id
+
+ InfoRequest.should_receive(:find_by_url_title!).with("info_request").and_return(info_request)
+ info_request.should_not_receive(:set_described_state)
+
+ post :describe_state_requires_admin, :message => "Something weird happened", :url_title => "info_request"
+ response.should render_template('user/wrong_user')
+ end
+ end
+
context "logged out" do
it "should redirect to the login page" do
info_request = info_requests(:fancy_dog_request)
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 10:04:10 +0000