summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--app/controllers/projects_controller.rb6
-rw-r--r--test/functional/projects_controller_test.rb11
2 files changed, 14 insertions, 3 deletions
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 1dffedc0e..6557af3e4 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -32,9 +32,6 @@ class ProjectsController < ApplicationController
end
end
- # TODO: convert to PUT only
- verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
-
helper :sort
include SortHelper
helper :custom_fields
@@ -71,6 +68,7 @@ class ProjectsController < ApplicationController
@project = Project.new(params[:project])
end
+ verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
def create
@issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
@trackers = Tracker.all
@@ -183,6 +181,8 @@ class ProjectsController < ApplicationController
def edit
end
+ # TODO: convert to PUT only
+ verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
def update
@project.safe_attributes = params[:project]
if validate_parent_id && @project.save
diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb
index d3a12f290..0b77daa50 100644
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@@ -288,6 +288,17 @@ class ProjectsControllerTest < ActionController::TestCase
end
end
+ context "GET :create" do
+ setup do
+ @request.session[:user_id] = 1
+ end
+
+ should "not be allowed" do
+ get :create
+ assert_response :method_not_allowed
+ end
+ end
+
def test_show_by_id
get :show, :id => 1
assert_response :success