From 1f9bbd6b42b377c9ab3906293c2d166b4e2fb138 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 10 Jul 2016 10:58:00 +0000
Subject: Wrap journal attributes with a journal parameter and use
 safe_attributes (#22575).

git-svn-id: http://svn.redmine.org/redmine/trunk@15621 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 test/functional/journals_controller_test.rb | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'test/functional')

diff --git a/test/functional/journals_controller_test.rb b/test/functional/journals_controller_test.rb
index 304f205f7..424a4aa8b 100644
--- a/test/functional/journals_controller_test.rb
+++ b/test/functional/journals_controller_test.rb
@@ -199,7 +199,7 @@ class JournalsControllerTest < ActionController::TestCase
 
   def test_update_xhr
     @request.session[:user_id] = 1
-    xhr :post, :update, :id => 2, :notes => 'Updated notes'
+    xhr :post, :update, :id => 2, :journal => {:notes => 'Updated notes'}
     assert_response :success
     assert_template 'update'
     assert_equal 'text/javascript', response.content_type
@@ -209,7 +209,7 @@ class JournalsControllerTest < ActionController::TestCase
 
   def test_update_xhr_with_private_notes_checked
     @request.session[:user_id] = 1
-    xhr :post, :update, :id => 2, :private_notes => '1'
+    xhr :post, :update, :id => 2, :journal => {:private_notes => '1'}
     assert_response :success
     assert_template 'update'
     assert_equal 'text/javascript', response.content_type
@@ -221,7 +221,7 @@ class JournalsControllerTest < ActionController::TestCase
   def test_update_xhr_with_private_notes_unchecked
     Journal.find(2).update_attributes(:private_notes => true)
     @request.session[:user_id] = 1
-    xhr :post, :update, :id => 2
+    xhr :post, :update, :id => 2, :journal => {:private_notes => '0'}
     assert_response :success
     assert_template 'update'
     assert_equal 'text/javascript', response.content_type
@@ -230,20 +230,21 @@ class JournalsControllerTest < ActionController::TestCase
     assert_include 'journal-2-private_notes', response.body
   end
 
-  def test_update_xhr_with_private_notes_changes_and_without_set_private_notes_permission
+  def test_update_xhr_without_set_private_notes_permission_should_ignore_private_notes
     @request.session[:user_id] = 2
     Role.find(1).add_permission! :edit_issue_notes
     Role.find(1).add_permission! :view_private_notes
     Role.find(1).remove_permission! :set_notes_private
 
-    xhr :post, :update, :id => 2, :private_notes => '1'
-    assert_response 403
+    xhr :post, :update, :id => 2, :journal => {:private_notes => '1'}
+    assert_response :success
+    assert_equal false, Journal.find(2).private_notes
   end
 
   def test_update_xhr_with_empty_notes_should_delete_the_journal
     @request.session[:user_id] = 1
     assert_difference 'Journal.count', -1 do
-      xhr :post, :update, :id => 2, :notes => ''
+      xhr :post, :update, :id => 2, :journal => {:notes => ''}
       assert_response :success
       assert_template 'update'
       assert_equal 'text/javascript', response.content_type
-- 
cgit v1.2.3