From 49758c23ccca57483413a4df10308e95fb7c8cc4 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Tue, 4 Nov 2014 21:56:54 +0000 Subject: Move admin incoming message actions to use RESTful routes. So data changing actions require a POST and can be protected against CSRF. --- spec/integration/download_request_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'spec/integration/download_request_spec.rb') diff --git a/spec/integration/download_request_spec.rb b/spec/integration/download_request_spec.rb index 638198cde..648d46a6e 100644 --- a/spec/integration/download_request_spec.rb +++ b/spec/integration/download_request_spec.rb @@ -56,7 +56,7 @@ describe 'when making a zipfile available' do admin = login(FactoryGirl.create(:admin_user)) post_data = {:incoming_message => {:prominence => 'requester_only', :prominence_reason => 'boring'}} - admin.post_via_redirect "/en/admin/incoming/update/#{info_request.incoming_messages.first.id}", post_data + admin.put_via_redirect "/en/admin/incoming_messages/#{info_request.incoming_messages.first.id}", post_data admin.response.should be_success # Admin retains the requester only things @@ -104,7 +104,7 @@ describe 'when making a zipfile available' do post_data = {:outgoing_message => {:prominence => 'requester_only', :prominence_reason => 'boring', :body => 'Some information please'}} - admin.post_via_redirect "/en/admin/outgoing/update/#{info_request.outgoing_messages.first.id}", post_data + admin.put_via_redirect "/en/admin/outgoing/update/#{info_request.outgoing_messages.first.id}", post_data admin.response.should be_success # Admin retains the requester only things @@ -237,7 +237,7 @@ describe 'when making a zipfile available' do admin = login(FactoryGirl.create(:admin_user)) post_data = {:incoming_message => {:prominence => 'requester_only', :prominence_reason => 'boring'}} - admin.post_via_redirect "/en/admin/incoming/update/#{info_request.incoming_messages.first.id}", post_data + admin.put_via_redirect "/en/admin/incoming_messages/#{info_request.incoming_messages.first.id}", post_data admin.response.should be_success # Admin retains the requester only things -- cgit v1.2.3 From 7aae38fb8c0469d9db030689d2eb5e31cfaac6af Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Thu, 6 Nov 2014 09:13:13 +0000 Subject: Move outgoing message admin actions to RESTful model. --- spec/integration/download_request_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'spec/integration/download_request_spec.rb') diff --git a/spec/integration/download_request_spec.rb b/spec/integration/download_request_spec.rb index 648d46a6e..48b42b11d 100644 --- a/spec/integration/download_request_spec.rb +++ b/spec/integration/download_request_spec.rb @@ -104,7 +104,7 @@ describe 'when making a zipfile available' do post_data = {:outgoing_message => {:prominence => 'requester_only', :prominence_reason => 'boring', :body => 'Some information please'}} - admin.put_via_redirect "/en/admin/outgoing/update/#{info_request.outgoing_messages.first.id}", post_data + admin.put_via_redirect "/en/admin/outgoing_messages/#{info_request.outgoing_messages.first.id}", post_data admin.response.should be_success # Admin retains the requester only things @@ -285,7 +285,7 @@ describe 'when making a zipfile available' do post_data = {:outgoing_message => {:prominence => 'requester_only', :prominence_reason => 'boring', :body => 'Some information please'}} - admin.post_via_redirect "/en/admin/outgoing/update/#{info_request.outgoing_messages.first.id}", post_data + admin.put_via_redirect "/en/admin/outgoing_messages/#{info_request.outgoing_messages.first.id}", post_data admin.response.should be_success # Admin retains the requester only things -- cgit v1.2.3