@news.destroy
redirect_to project_news_index_path(@project)
end
-
- private
-
- def find_optional_project
- return true unless params[:project_id]
- @project = Project.find(params[:project_id])
- authorize
- rescue ActiveRecord::RecordNotFound
- render_404
- end
end
menu.push :calendar, { :controller => 'calendars', :action => 'show' }, :caption => :label_calendar
menu.push :news, {:controller => 'news', :action => 'index'},
+ :if => Proc.new {User.current.allowed_to?(:view_news, nil, :global => true)},
:caption => :label_news_plural
end
assert_response 404
end
+ def test_index_without_permission_should_fail
+ Role.all.each {|r| r.remove_permission! :view_news}
+ @request.session[:user_id] = 2
+
+ get :index
+ assert_response 403
+ end
+
def test_show
get :show, :params => {
:id => 1