2 files changed, 46 insertions, 0 deletions

diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb
index 53db4f412..0a90cd64b 100644
--- a/spec/controllers/admin_public_body_controller_spec.rb
+++ b/spec/controllers/admin_public_body_controller_spec.rb
@@ -52,6 +52,12 @@ describe AdminPublicBodyController, "when administering public bodies" do
         get :show, :id => 2
         session[:using_admin].should == 1
     end
+end
+
+describe AdminPublicBodyController, "when administering public bodies and paying attention to authentication" do
+
+    integrate_views
+    fixtures :public_bodies, :public_body_translations
 
     it "disallows non-authenticated users to do anything" do
         @request.env["HTTP_AUTHORIZATION"] = ""
@@ -82,6 +88,19 @@ describe AdminPublicBodyController, "when administering public bodies" do
         PublicBody.count.should == 1
         session[:using_admin].should == 1
     end
+    it "forces authorisation when password and username set" do
+        config = MySociety::Config.load_default()
+        config['ADMIN_USERNAME'] = 'biz'
+        config['ADMIN_PASSWORD'] = 'fuz'
+        @request.env["HTTP_AUTHORIZATION"] = ""
+        PublicBody.count.should == 2
+        basic_auth_login(@request, "baduser", "badpassword")
+        post :destroy, { :id => 3 }
+        response.code.should == "401"
+        PublicBody.count.should == 2
+        session[:using_admin].should == nil
+    end
+
 
 
 end
diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb
index aa3027c00..494713a4a 100644
--- a/spec/controllers/request_controller_spec.rb
+++ b/spec/controllers/request_controller_spec.rb
@@ -329,6 +329,33 @@ end
 #    response.headers["Status"].should == "404 Not Found"
 #  end
 
+describe RequestController, "when searching for an authority" do
+    fixtures :public_bodies, :users
+
+    # Whether or not sign-in is required for this step is configurable,
+    # so we make sure we're logged in, just in case
+    before do
+        @user = users(:bob_smith_user)
+    end
+    
+    it "should return nothing for the empty query string" do
+        session[:user_id] = @user.id
+        get :select_authority, :query => ""
+        
+        response.should render_template('select_authority')
+        assigns[:xapian_requests].results.size == 0
+    end
+
+    it "should return matching bodies" do
+        session[:user_id] = @user.id
+        get :select_authority, :query => "Quango"
+        
+        response.should render_template('select_authority')
+        assigns[:xapian_requests].results.size == 1
+        assigns[:xapian_requests].results[0][:model].name.should == public_bodies(:geraldine_public_body).name
+    end
+end
+
 describe RequestController, "when creating a new request" do
     integrate_views
     fixtures :info_requests, :outgoing_messages, :public_bodies, :public_body_translations, :users