From 782ea13f061f57563a9671894035bc91baef10ab Mon Sep 17 00:00:00 2001
From: Gareth Rees <gareth@mysociety.org>
Date: Wed, 18 Feb 2015 15:17:29 +0000
Subject: Fully prevent banned users editing their about_me

---
 spec/controllers/user_controller_spec.rb | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'spec/controllers/user_controller_spec.rb')

diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb
index 413d395c5..cde4c9188 100644
--- a/spec/controllers/user_controller_spec.rb
+++ b/spec/controllers/user_controller_spec.rb
@@ -1,6 +1,35 @@
 # coding: utf-8
 require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
 
+describe UserController do
+
+  describe :set_profile_about_me do
+
+    context 'user is banned' do
+
+      before(:each) do
+        @user = FactoryGirl.create(:user, :ban_text => 'Causing trouble')
+        session[:user_id] = @user.id
+
+        post :set_profile_about_me, :submitted_about_me => '1',
+                                    :about_me => 'Bad stuff'
+      end
+
+      it 'redirects to the profile page' do
+        expect(response).to redirect_to(set_profile_about_me_path)
+      end
+
+      it 'renders an error message' do
+        msg = 'Banned users cannot edit their profile'
+        expect(flash[:error]).to eq(msg)
+      end
+
+    end
+
+  end
+
+end
+
 # TODO: Use route_for or params_from to check /c/ links better
 # http://rspec.rubyforge.org/rspec-rails/1.1.12/classes/Spec/Rails/Example/ControllerExampleGroup.html
 describe UserController, "when redirecting a show request to a canonical url" do
-- 
cgit v1.2.3