diff options
-rw-r--r-- | app/controllers/projects_controller.rb | 6 | ||||
-rw-r--r-- | test/functional/projects_controller_test.rb | 11 |
2 files changed, 14 insertions, 3 deletions
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 1dffedc0e..6557af3e4 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -32,9 +32,6 @@ class ProjectsController < ApplicationController end end - # TODO: convert to PUT only - verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed } - helper :sort include SortHelper helper :custom_fields @@ -71,6 +68,7 @@ class ProjectsController < ApplicationController @project = Project.new(params[:project]) end + verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed } def create @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position") @trackers = Tracker.all @@ -183,6 +181,8 @@ class ProjectsController < ApplicationController def edit end + # TODO: convert to PUT only + verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed } def update @project.safe_attributes = params[:project] if validate_parent_id && @project.save diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb index d3a12f290..0b77daa50 100644 --- a/test/functional/projects_controller_test.rb +++ b/test/functional/projects_controller_test.rb @@ -288,6 +288,17 @@ class ProjectsControllerTest < ActionController::TestCase end end + context "GET :create" do + setup do + @request.session[:user_id] = 1 + end + + should "not be allowed" do + get :create + assert_response :method_not_allowed + end + end + def test_show_by_id get :show, :id => 1 assert_response :success |