summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2016-07-10 10:58:00 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2016-07-10 10:58:00 +0000
commit1f9bbd6b42b377c9ab3906293c2d166b4e2fb138 (patch)
tree1bbabccc76bb01dc02c83b5b00ce7d64b2dbb800 /test
parent7918285ac2e64fe046e590fbb1afb1e1f2fb9422 (diff)
downloadredmine-1f9bbd6b42b377c9ab3906293c2d166b4e2fb138.tar.gz
redmine-1f9bbd6b42b377c9ab3906293c2d166b4e2fb138.zip
Wrap journal attributes with a journal parameter and use safe_attributes (#22575).
git-svn-id: http://svn.redmine.org/redmine/trunk@15621 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test')
-rw-r--r--test/functional/journals_controller_test.rb15
1 files changed, 8 insertions, 7 deletions
diff --git a/test/functional/journals_controller_test.rb b/test/functional/journals_controller_test.rb
index 304f205f7..424a4aa8b 100644
--- a/test/functional/journals_controller_test.rb
+++ b/test/functional/journals_controller_test.rb
@@ -199,7 +199,7 @@ class JournalsControllerTest < ActionController::TestCase
def test_update_xhr
@request.session[:user_id] = 1
- xhr :post, :update, :id => 2, :notes => 'Updated notes'
+ xhr :post, :update, :id => 2, :journal => {:notes => 'Updated notes'}
assert_response :success
assert_template 'update'
assert_equal 'text/javascript', response.content_type
@@ -209,7 +209,7 @@ class JournalsControllerTest < ActionController::TestCase
def test_update_xhr_with_private_notes_checked
@request.session[:user_id] = 1
- xhr :post, :update, :id => 2, :private_notes => '1'
+ xhr :post, :update, :id => 2, :journal => {:private_notes => '1'}
assert_response :success
assert_template 'update'
assert_equal 'text/javascript', response.content_type
@@ -221,7 +221,7 @@ class JournalsControllerTest < ActionController::TestCase
def test_update_xhr_with_private_notes_unchecked
Journal.find(2).update_attributes(:private_notes => true)
@request.session[:user_id] = 1
- xhr :post, :update, :id => 2
+ xhr :post, :update, :id => 2, :journal => {:private_notes => '0'}
assert_response :success
assert_template 'update'
assert_equal 'text/javascript', response.content_type
@@ -230,20 +230,21 @@ class JournalsControllerTest < ActionController::TestCase
assert_include 'journal-2-private_notes', response.body
end
- def test_update_xhr_with_private_notes_changes_and_without_set_private_notes_permission
+ def test_update_xhr_without_set_private_notes_permission_should_ignore_private_notes
@request.session[:user_id] = 2
Role.find(1).add_permission! :edit_issue_notes
Role.find(1).add_permission! :view_private_notes
Role.find(1).remove_permission! :set_notes_private
- xhr :post, :update, :id => 2, :private_notes => '1'
- assert_response 403
+ xhr :post, :update, :id => 2, :journal => {:private_notes => '1'}
+ assert_response :success
+ assert_equal false, Journal.find(2).private_notes
end
def test_update_xhr_with_empty_notes_should_delete_the_journal
@request.session[:user_id] = 1
assert_difference 'Journal.count', -1 do
- xhr :post, :update, :id => 2, :notes => ''
+ xhr :post, :update, :id => 2, :journal => {:notes => ''}
assert_response :success
assert_template 'update'
assert_equal 'text/javascript', response.content_type