##// END OF EJS Templates
jro_apps » redmine
RSS
Verify HTTP method on ProjectsController#create....
Jean-Philippe Lang -
r4526:072c4ad14cf0
parent child
Show More
Side by Side Unified
Context file:
r4526:072c4ad14cf0 Loading diff...:
Show file before | Show file after | Hide comments
@@ -32,9 +32,6 class ProjectsController < ApplicationController
32 32 end
33 33 end
34 34
35 # TODO: convert to PUT only
36 verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
37
38 35 helper :sort
39 36 include SortHelper
40 37 helper :custom_fields
@@ -71,6 +68,7 class ProjectsController < ApplicationController
71 68 @project = Project.new(params[:project])
72 69 end
73 70
71 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
74 72 def create
75 73 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
76 74 @trackers = Tracker.all
@@ -183,6 +181,8 class ProjectsController < ApplicationController
183 181 def edit
184 182 end
185 183
184 # TODO: convert to PUT only
185 verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
186 186 def update
187 187 @project.safe_attributes = params[:project]
188 188 if validate_parent_id && @project.save
Show file before | Show file after | Hide comments
@@ -288,6 +288,17 class ProjectsControllerTest < ActionController::TestCase
288 288 end
289 289 end
290 290
291 context "GET :create" do
292 setup do
293 @request.session[:user_id] = 1
294 end
295
296 should "not be allowed" do
297 get :create
298 assert_response :method_not_allowed
299 end
300 end
301
291 302 def test_show_by_id
292 303 get :show, :id => 1
293 304 assert_response :success
General Comments 0
You need to be logged in to leave comments. Login now