##// END OF EJS Templates
jro_apps » redmine
RSS
Fixes a data disclosure issue introduced in r3941....
Jean-Philippe Lang -
r4421:93847ae33740
parent child
Show More
Side by Side Unified
Context file:
r4421:93847ae33740 Loading diff...:
Show file before | Show file after | Hide comments
@@ -19,6 +19,7 class JournalsController < ApplicationController
19 19 before_filter :find_journal, :only => [:edit]
20 20 before_filter :find_issue, :only => [:new]
21 21 before_filter :find_optional_project, :only => [:index]
22 before_filter :authorize, :only => [:new, :edit]
22 23 accept_key_auth :index
23 24
24 25 helper :issues
Show file before | Show file after | Hide comments
@@ -40,14 +40,20 class JournalsControllerTest < ActionController::TestCase
40 40
41 41 def test_reply_to_issue
42 42 @request.session[:user_id] = 2
43 get :new, :id => 1
43 get :new, :id => 6
44 44 assert_response :success
45 45 assert_select_rjs :show, "update"
46 46 end
47
48 def test_reply_to_issue_without_permission
49 @request.session[:user_id] = 7
50 get :new, :id => 6
51 assert_response 403
52 end
47 53
48 54 def test_reply_to_note
49 55 @request.session[:user_id] = 2
50 get :new, :id => 1, :journal_id => 2
56 get :new, :id => 6, :journal_id => 4
51 57 assert_response :success
52 58 assert_select_rjs :show, "update"
53 59 end
General Comments 0
You need to be logged in to leave comments. Login now