From 25aad2807e04e2f0bc5dc339140915d6ca8ef3c7 Mon Sep 17 00:00:00 2001
From: Matthew Landauer <matthew@openaustralia.org>
Date: Mon, 4 Mar 2013 16:10:23 +1100
Subject: Don't allow external requests to have their state changed

---
 spec/controllers/request_controller_spec.rb | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'spec/controllers/request_controller_spec.rb')

diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb
index 899ce9572..4fd674b53 100644
--- a/spec/controllers/request_controller_spec.rb
+++ b/spec/controllers/request_controller_spec.rb
@@ -1256,6 +1256,20 @@ describe RequestController, "describe_state_requires_admin" do
             post_redirect = PostRedirect.get_last_post_redirect
             response.should redirect_to(:controller => 'user', :action => 'signin', :token => post_redirect.token)
         end
+
+        context "external request" do
+            before (:each) { info_request.should_receive(:is_external?).and_return(true) }
+
+            it "should not set the state" do
+                info_request.should_not_receive(:set_described_state)
+                post :describe_state_requires_admin, :message => "Something weird happened", :url_title => "info_request"
+            end
+
+            it "should redirect to the request page" do
+                post :describe_state_requires_admin, :message => "Something weird happened", :url_title => "info_request"
+                response.should redirect_to request_url(info_request)
+            end
+        end
     end
 
     context "logged in" do
-- 
cgit v1.2.3