##// END OF EJS Templates
jro_apps » redmine
RSS
Verify HTTP method on ProjectsController#create....
Jean-Philippe Lang -
r4526:072c4ad14cf0
parent child
Show More
Side by Side Unified
Context file:
r4526:072c4ad14cf0 Loading diff...:
Show file before | Show file after | Hide comments
@@ -32,9 +32,6 class ProjectsController < ApplicationController
32 end
32 end
33 end
33 end
34
34
35 # TODO: convert to PUT only
36 verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
37
38 helper :sort
35 helper :sort
39 include SortHelper
36 include SortHelper
40 helper :custom_fields
37 helper :custom_fields
@@ -71,6 +68,7 class ProjectsController < ApplicationController
71 @project = Project.new(params[:project])
68 @project = Project.new(params[:project])
72 end
69 end
73
70
71 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
74 def create
72 def create
75 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
73 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
76 @trackers = Tracker.all
74 @trackers = Tracker.all
@@ -183,6 +181,8 class ProjectsController < ApplicationController
183 def edit
181 def edit
184 end
182 end
185
183
184 # TODO: convert to PUT only
185 verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
186 def update
186 def update
187 @project.safe_attributes = params[:project]
187 @project.safe_attributes = params[:project]
188 if validate_parent_id && @project.save
188 if validate_parent_id && @project.save
Show file before | Show file after | Hide comments
@@ -288,6 +288,17 class ProjectsControllerTest < ActionController::TestCase
288 end
288 end
289 end
289 end
290
290
291 context "GET :create" do
292 setup do
293 @request.session[:user_id] = 1
294 end
295
296 should "not be allowed" do
297 get :create
298 assert_response :method_not_allowed
299 end
300 end
301
291 def test_show_by_id
302 def test_show_by_id
292 get :show, :id => 1
303 get :show, :id => 1
293 assert_response :success
304 assert_response :success
General Comments 0
You need to be logged in to leave comments. Login now