diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-06-26 19:49:02 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-06-26 19:49:02 +0000 |
| commit | b03e03b7704a50639f143806471386fab4900835 (patch) | |
| tree | 072426e6ef00d2cfe0a95b27405e149663339a7d /test/functional/news_controller_test.rb | |
| parent | d5bec063e7b656974b09f9d5f9bf29326a041b7c (diff) | |
| download | redmine-b03e03b7704a50639f143806471386fab4900835.tar.gz redmine-b03e03b7704a50639f143806471386fab4900835.zip | |
Global News view should not be allowed without permission (#7068).
git-svn-id: http://svn.redmine.org/redmine/trunk@16721 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test/functional/news_controller_test.rb')
| -rw-r--r-- | test/functional/news_controller_test.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb index 91db40cb0..f62d21bf1 100644 --- a/test/functional/news_controller_test.rb +++ b/test/functional/news_controller_test.rb @@ -47,6 +47,14 @@ class NewsControllerTest < Redmine::ControllerTest assert_response 404 end + def test_index_without_permission_should_fail + Role.all.each {|r| r.remove_permission! :view_news} + @request.session[:user_id] = 2 + + get :index + assert_response 403 + end + def test_show get :show, :params => { :id => 1 |