diff options
author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-07-10 10:58:00 +0000 |
---|---|---|
committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-07-10 10:58:00 +0000 |
commit | 1f9bbd6b42b377c9ab3906293c2d166b4e2fb138 (patch) | |
tree | 1bbabccc76bb01dc02c83b5b00ce7d64b2dbb800 /test/functional/journals_controller_test.rb | |
parent | 7918285ac2e64fe046e590fbb1afb1e1f2fb9422 (diff) | |
download | redmine-1f9bbd6b42b377c9ab3906293c2d166b4e2fb138.tar.gz redmine-1f9bbd6b42b377c9ab3906293c2d166b4e2fb138.zip |
Wrap journal attributes with a journal parameter and use safe_attributes (#22575).
git-svn-id: http://svn.redmine.org/redmine/trunk@15621 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test/functional/journals_controller_test.rb')
-rw-r--r-- | test/functional/journals_controller_test.rb | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/test/functional/journals_controller_test.rb b/test/functional/journals_controller_test.rb index 304f205f7..424a4aa8b 100644 --- a/test/functional/journals_controller_test.rb +++ b/test/functional/journals_controller_test.rb @@ -199,7 +199,7 @@ class JournalsControllerTest < ActionController::TestCase def test_update_xhr @request.session[:user_id] = 1 - xhr :post, :update, :id => 2, :notes => 'Updated notes' + xhr :post, :update, :id => 2, :journal => {:notes => 'Updated notes'} assert_response :success assert_template 'update' assert_equal 'text/javascript', response.content_type @@ -209,7 +209,7 @@ class JournalsControllerTest < ActionController::TestCase def test_update_xhr_with_private_notes_checked @request.session[:user_id] = 1 - xhr :post, :update, :id => 2, :private_notes => '1' + xhr :post, :update, :id => 2, :journal => {:private_notes => '1'} assert_response :success assert_template 'update' assert_equal 'text/javascript', response.content_type @@ -221,7 +221,7 @@ class JournalsControllerTest < ActionController::TestCase def test_update_xhr_with_private_notes_unchecked Journal.find(2).update_attributes(:private_notes => true) @request.session[:user_id] = 1 - xhr :post, :update, :id => 2 + xhr :post, :update, :id => 2, :journal => {:private_notes => '0'} assert_response :success assert_template 'update' assert_equal 'text/javascript', response.content_type @@ -230,20 +230,21 @@ class JournalsControllerTest < ActionController::TestCase assert_include 'journal-2-private_notes', response.body end - def test_update_xhr_with_private_notes_changes_and_without_set_private_notes_permission + def test_update_xhr_without_set_private_notes_permission_should_ignore_private_notes @request.session[:user_id] = 2 Role.find(1).add_permission! :edit_issue_notes Role.find(1).add_permission! :view_private_notes Role.find(1).remove_permission! :set_notes_private - xhr :post, :update, :id => 2, :private_notes => '1' - assert_response 403 + xhr :post, :update, :id => 2, :journal => {:private_notes => '1'} + assert_response :success + assert_equal false, Journal.find(2).private_notes end def test_update_xhr_with_empty_notes_should_delete_the_journal @request.session[:user_id] = 1 assert_difference 'Journal.count', -1 do - xhr :post, :update, :id => 2, :notes => '' + xhr :post, :update, :id => 2, :journal => {:notes => ''} assert_response :success assert_template 'update' assert_equal 'text/javascript', response.content_type |