##// END OF EJS Templates
jro_apps » redmine
RSS
Removes all #verify calls in controllers. Verification is handled at routing level now that the default route is removed....
Jean-Philippe Lang -
r8941:b3866b05c14b
parent child
Show More
Side by Side Unified
Context file:
r8941:b3866b05c14b Loading diff...:
Show file before | Show file after | Hide comments
@@ -0,0 +1,29
1 # Redmine - project management software
2 # Copyright (C) 2006-2012 Jean-Philippe Lang
3 #
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
18 require File.expand_path('../../test_helper', __FILE__)
19
20 class USersTest < ActionController::IntegrationTest
21 fixtures :users
22
23 def test_destroy_should_not_accept_get_requests
24 assert_no_difference 'User.count' do
25 get '/users/destroy/2', {}, credentials('admin')
26 assert_response 404
27 end
28 end
29 end
Show file before | Show file after | Hide comments
@@ -82,7 +82,6 class AttachmentsController < ApplicationController
82 end
82 end
83 end
83 end
84
84
85 verify :method => :delete, :only => :destroy
86 def destroy
85 def destroy
87 # Make sure association callbacks are called
86 # Make sure association callbacks are called
88 @attachment.container.attachments.delete(@attachment)
87 @attachment.container.attachments.delete(@attachment)
Show file before | Show file after | Hide comments
@@ -20,10 +20,6 class AuthSourcesController < ApplicationController
20
20
21 before_filter :require_admin
21 before_filter :require_admin
22
22
23 # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
24 verify :method => :post, :only => [ :destroy, :create, :update ],
25 :redirect_to => { :template => :index }
26
27 def index
23 def index
28 @auth_source_pages, @auth_sources = paginate auth_source_class.name.tableize, :per_page => 10
24 @auth_source_pages, @auth_sources = paginate auth_source_class.name.tableize, :per_page => 10
29 render "auth_sources/index"
25 render "auth_sources/index"
Show file before | Show file after | Hide comments
@@ -63,7 +63,6 class BoardsController < ApplicationController
63 @board = @project.boards.build(params[:board])
63 @board = @project.boards.build(params[:board])
64 end
64 end
65
65
66 verify :method => :post, :only => :create, :redirect_to => { :action => :index }
67 def create
66 def create
68 @board = @project.boards.build(params[:board])
67 @board = @project.boards.build(params[:board])
69 if @board.save
68 if @board.save
@@ -77,7 +76,6 class BoardsController < ApplicationController
77 def edit
76 def edit
78 end
77 end
79
78
80 verify :method => :put, :only => :update, :redirect_to => { :action => :index }
81 def update
79 def update
82 if @board.update_attributes(params[:board])
80 if @board.update_attributes(params[:board])
83 redirect_to_settings_in_projects
81 redirect_to_settings_in_projects
@@ -86,7 +84,6 class BoardsController < ApplicationController
86 end
84 end
87 end
85 end
88
86
89 verify :method => :delete, :only => :destroy, :redirect_to => { :action => :index }
90 def destroy
87 def destroy
91 @board.destroy
88 @board.destroy
92 redirect_to_settings_in_projects
89 redirect_to_settings_in_projects
Show file before | Show file after | Hide comments
@@ -22,7 +22,6 class CommentsController < ApplicationController
22 before_filter :find_project_from_association
22 before_filter :find_project_from_association
23 before_filter :authorize
23 before_filter :authorize
24
24
25 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
26 def create
25 def create
27 raise Unauthorized unless @news.commentable?
26 raise Unauthorized unless @news.commentable?
28
27
@@ -35,7 +34,6 class CommentsController < ApplicationController
35 redirect_to :controller => 'news', :action => 'show', :id => @news
34 redirect_to :controller => 'news', :action => 'show', :id => @news
36 end
35 end
37
36
38 verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
39 def destroy
37 def destroy
40 @news.comments.find(params[:comment_id]).destroy
38 @news.comments.find(params[:comment_id]).destroy
41 redirect_to :controller => 'news', :action => 'show', :id => @news
39 redirect_to :controller => 'news', :action => 'show', :id => @news
Show file before | Show file after | Hide comments
@@ -51,7 +51,6 class EnumerationsController < ApplicationController
51 end
51 end
52 end
52 end
53
53
54 verify :method => :delete, :only => :destroy, :render => { :nothing => true, :status => :method_not_allowed }
55 def destroy
54 def destroy
56 if !@enumeration.in_use?
55 if !@enumeration.in_use?
57 # No associated objects
56 # No associated objects
Show file before | Show file after | Hide comments
@@ -42,7 +42,6 class IssueCategoriesController < ApplicationController
42 @category = @project.issue_categories.build(params[:issue_category])
42 @category = @project.issue_categories.build(params[:issue_category])
43 end
43 end
44
44
45 verify :method => :post, :only => :create
46 def create
45 def create
47 @category = @project.issue_categories.build(params[:issue_category])
46 @category = @project.issue_categories.build(params[:issue_category])
48 if @category.save
47 if @category.save
@@ -73,7 +72,6 class IssueCategoriesController < ApplicationController
73 def edit
72 def edit
74 end
73 end
75
74
76 verify :method => :put, :only => :update
77 def update
75 def update
78 if @category.update_attributes(params[:issue_category])
76 if @category.update_attributes(params[:issue_category])
79 respond_to do |format|
77 respond_to do |format|
@@ -91,7 +89,6 class IssueCategoriesController < ApplicationController
91 end
89 end
92 end
90 end
93
91
94 verify :method => :delete, :only => :destroy
95 def destroy
92 def destroy
96 @issue_count = @category.issues.size
93 @issue_count = @category.issues.size
97 if @issue_count == 0 || params[:todo] || api_request?
94 if @issue_count == 0 || params[:todo] || api_request?
Show file before | Show file after | Hide comments
@@ -39,7 +39,6 class IssueRelationsController < ApplicationController
39 end
39 end
40 end
40 end
41
41
42 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
43 def create
42 def create
44 @relation = IssueRelation.new(params[:relation])
43 @relation = IssueRelation.new(params[:relation])
45 @relation.issue_from = @issue
44 @relation.issue_from = @issue
@@ -70,7 +69,6 class IssueRelationsController < ApplicationController
70 end
69 end
71 end
70 end
72
71
73 verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
74 def destroy
72 def destroy
75 raise Unauthorized unless @relation.deletable?
73 raise Unauthorized unless @relation.deletable?
76 @relation.destroy
74 @relation.destroy
Show file before | Show file after | Hide comments
@@ -62,7 +62,6 class IssueStatusesController < ApplicationController
62 end
62 end
63 end
63 end
64
64
65 verify :method => :delete, :only => :destroy, :redirect_to => { :action => :index }
66 def destroy
65 def destroy
67 IssueStatus.find(params[:id]).destroy
66 IssueStatus.find(params[:id]).destroy
68 redirect_to :action => 'index'
67 redirect_to :action => 'index'
Show file before | Show file after | Hide comments
@@ -53,10 +53,6 class IssuesController < ApplicationController
53 helper :gantt
53 helper :gantt
54 include Redmine::Export::PDF
54 include Redmine::Export::PDF
55
55
56 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
57 verify :method => :post, :only => :bulk_update, :render => {:nothing => true, :status => :method_not_allowed }
58 verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
59
60 def index
56 def index
61 retrieve_query
57 retrieve_query
62 sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
58 sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
@@ -275,7 +271,6 class IssuesController < ApplicationController
275 end
271 end
276 end
272 end
277
273
278 verify :method => :delete, :only => :destroy, :render => { :nothing => true, :status => :method_not_allowed }
279 def destroy
274 def destroy
280 @hours = TimeEntry.sum(:hours, :conditions => ['issue_id IN (?)', @issues]).to_f
275 @hours = TimeEntry.sum(:hours, :conditions => ['issue_id IN (?)', @issues]).to_f
281 if @hours > 0
276 if @hours > 0
Show file before | Show file after | Hide comments
@@ -18,10 +18,6
18 class MailHandlerController < ActionController::Base
18 class MailHandlerController < ActionController::Base
19 before_filter :check_credential
19 before_filter :check_credential
20
20
21 verify :method => :post,
22 :only => :index,
23 :render => { :nothing => true, :status => 405 }
24
25 # Submits an incoming email to MailHandler
21 # Submits an incoming email to MailHandler
26 def index
22 def index
27 options = params.dup
23 options = params.dup
Show file before | Show file after | Hide comments
@@ -22,9 +22,6 class MessagesController < ApplicationController
22 before_filter :find_message, :except => [:new, :preview]
22 before_filter :find_message, :except => [:new, :preview]
23 before_filter :authorize, :except => [:preview, :edit, :destroy]
23 before_filter :authorize, :except => [:preview, :edit, :destroy]
24
24
25 verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show }
26 verify :xhr => true, :only => :quote
27
28 helper :watchers
25 helper :watchers
29 helper :attachments
26 helper :attachments
30 include AttachmentsHelper
27 include AttachmentsHelper
Show file before | Show file after | Hide comments
@@ -35,9 +35,6 class MyController < ApplicationController
35 'right' => ['issuesreportedbyme']
35 'right' => ['issuesreportedbyme']
36 }.freeze
36 }.freeze
37
37
38 verify :xhr => true,
39 :only => [:add_block, :remove_block, :order_blocks]
40
41 def index
38 def index
42 page
39 page
43 render :action => 'page'
40 render :action => 'page'
Show file before | Show file after | Hide comments
@@ -69,7 +69,6 class ProjectsController < ApplicationController
69 @project = Project.new(params[:project])
69 @project = Project.new(params[:project])
70 end
70 end
71
71
72 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
73 def create
72 def create
74 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
73 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
75 @trackers = Tracker.all
74 @trackers = Tracker.all
@@ -182,8 +181,6 class ProjectsController < ApplicationController
182 def edit
181 def edit
183 end
182 end
184
183
185 # TODO: convert to PUT only
186 verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
187 def update
184 def update
188 @project.safe_attributes = params[:project]
185 @project.safe_attributes = params[:project]
189 if validate_parent_id && @project.save
186 if validate_parent_id && @project.save
@@ -206,7 +203,6 class ProjectsController < ApplicationController
206 end
203 end
207 end
204 end
208
205
209 verify :method => :post, :only => :modules, :render => {:nothing => true, :status => :method_not_allowed }
210 def modules
206 def modules
211 @project.enabled_module_names = params[:enabled_module_names]
207 @project.enabled_module_names = params[:enabled_module_names]
212 flash[:notice] = l(:notice_successful_update)
208 flash[:notice] = l(:notice_successful_update)
@@ -227,7 +223,6 class ProjectsController < ApplicationController
227 redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
223 redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
228 end
224 end
229
225
230 verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
231 # Delete @project
226 # Delete @project
232 def destroy
227 def destroy
233 @project_to_destroy = @project
228 @project_to_destroy = @project
Show file before | Show file after | Hide comments
@@ -50,7 +50,6 class QueriesController < ApplicationController
50 build_query_from_params
50 build_query_from_params
51 end
51 end
52
52
53 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
54 def create
53 def create
55 @query = Query.new(params[:query])
54 @query = Query.new(params[:query])
56 @query.user = User.current
55 @query.user = User.current
@@ -70,7 +69,6 class QueriesController < ApplicationController
70 def edit
69 def edit
71 end
70 end
72
71
73 verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
74 def update
72 def update
75 @query.attributes = params[:query]
73 @query.attributes = params[:query]
76 @query.project = nil if params[:query_is_for_all]
74 @query.project = nil if params[:query_is_for_all]
@@ -86,7 +84,6 class QueriesController < ApplicationController
86 end
84 end
87 end
85 end
88
86
89 verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
90 def destroy
87 def destroy
91 @query.destroy
88 @query.destroy
92 redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :set_filter => 1
89 redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :set_filter => 1
Show file before | Show file after | Hide comments
@@ -68,7 +68,6 class RolesController < ApplicationController
68 end
68 end
69 end
69 end
70
70
71 verify :method => :delete, :only => :destroy, :redirect_to => { :action => :index }
72 def destroy
71 def destroy
73 @role.destroy
72 @role.destroy
74 redirect_to :action => 'index'
73 redirect_to :action => 'index'
Show file before | Show file after | Hide comments
@@ -121,7 +121,6 class TimelogController < ApplicationController
121 @time_entry.attributes = params[:time_entry]
121 @time_entry.attributes = params[:time_entry]
122 end
122 end
123
123
124 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
125 def create
124 def create
126 @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
125 @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
127 @time_entry.attributes = params[:time_entry]
126 @time_entry.attributes = params[:time_entry]
@@ -156,7 +155,6 class TimelogController < ApplicationController
156 @time_entry.attributes = params[:time_entry]
155 @time_entry.attributes = params[:time_entry]
157 end
156 end
158
157
159 verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
160 def update
158 def update
161 @time_entry.attributes = params[:time_entry]
159 @time_entry.attributes = params[:time_entry]
162
160
@@ -200,7 +198,6 class TimelogController < ApplicationController
200 redirect_back_or_default({:controller => 'timelog', :action => 'index', :project_id => @projects.first})
198 redirect_back_or_default({:controller => 'timelog', :action => 'index', :project_id => @projects.first})
201 end
199 end
202
200
203 verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
204 def destroy
201 def destroy
205 @time_entries.each do |t|
202 @time_entries.each do |t|
206 begin
203 begin
Show file before | Show file after | Hide comments
@@ -71,7 +71,6 class TrackersController < ApplicationController
71 render :action => 'edit'
71 render :action => 'edit'
72 end
72 end
73
73
74 verify :method => :delete, :only => :destroy, :redirect_to => { :action => :index }
75 def destroy
74 def destroy
76 @tracker = Tracker.find(params[:id])
75 @tracker = Tracker.find(params[:id])
77 unless @tracker.issues.empty?
76 unless @tracker.issues.empty?
Show file before | Show file after | Hide comments
@@ -86,7 +86,6 class UsersController < ApplicationController
86 @auth_sources = AuthSource.find(:all)
86 @auth_sources = AuthSource.find(:all)
87 end
87 end
88
88
89 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
90 def create
89 def create
91 @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
90 @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
92 @user.safe_attributes = params[:user]
91 @user.safe_attributes = params[:user]
@@ -131,7 +130,6 class UsersController < ApplicationController
131 @membership ||= Member.new
130 @membership ||= Member.new
132 end
131 end
133
132
134 verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
135 def update
133 def update
136 @user.admin = params[:user][:admin] if params[:user][:admin]
134 @user.admin = params[:user][:admin] if params[:user][:admin]
137 @user.login = params[:user][:login] if params[:user][:login]
135 @user.login = params[:user][:login] if params[:user][:login]
@@ -177,7 +175,6 class UsersController < ApplicationController
177 redirect_to :controller => 'users', :action => 'edit', :id => @user
175 redirect_to :controller => 'users', :action => 'edit', :id => @user
178 end
176 end
179
177
180 verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
181 def destroy
178 def destroy
182 @user.destroy
179 @user.destroy
183 respond_to do |format|
180 respond_to do |format|
@@ -186,7 +183,6 class UsersController < ApplicationController
186 end
183 end
187 end
184 end
188
185
189 verify :method => [:post, :put], :only => :edit_membership, :render => {:nothing => true, :status => :method_not_allowed }
190 def edit_membership
186 def edit_membership
191 @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
187 @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
192 @membership.save
188 @membership.save
@@ -209,7 +205,6 class UsersController < ApplicationController
209 end
205 end
210 end
206 end
211
207
212 verify :method => :delete, :only => :destroy_membership, :render => {:nothing => true, :status => :method_not_allowed }
213 def destroy_membership
208 def destroy_membership
214 @membership = Member.find(params[:membership_id])
209 @membership = Member.find(params[:membership_id])
215 if @membership.deletable?
210 if @membership.deletable?
Show file before | Show file after | Hide comments
@@ -160,7 +160,6 class VersionsController < ApplicationController
160 redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
160 redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
161 end
161 end
162
162
163 verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
164 def destroy
163 def destroy
165 if @version.fixed_issues.empty?
164 if @version.fixed_issues.empty?
166 @version.destroy
165 @version.destroy
Show file before | Show file after | Hide comments
@@ -20,10 +20,6 class WatchersController < ApplicationController
20 before_filter :require_login, :check_project_privacy, :only => [:watch, :unwatch]
20 before_filter :require_login, :check_project_privacy, :only => [:watch, :unwatch]
21 before_filter :authorize, :only => [:new, :destroy]
21 before_filter :authorize, :only => [:new, :destroy]
22
22
23 verify :method => :post,
24 :only => [ :watch, :unwatch ],
25 :render => { :nothing => true, :status => :method_not_allowed }
26
27 def watch
23 def watch
28 if @watched.respond_to?(:visible?) && !@watched.visible?(User.current)
24 if @watched.respond_to?(:visible?) && !@watched.visible?(User.current)
29 render_403
25 render_403
Show file before | Show file after | Hide comments
@@ -118,7 +118,6 class WikiController < ApplicationController
118 end
118 end
119 end
119 end
120
120
121 verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
122 # Creates a new page or updates an existing one
121 # Creates a new page or updates an existing one
123 def update
122 def update
124 return render_403 unless editable?
123 return render_403 unless editable?
@@ -178,7 +177,6 class WikiController < ApplicationController
178 end
177 end
179 end
178 end
180
179
181 verify :method => :post, :only => :protect, :redirect_to => { :action => :show }
182 def protect
180 def protect
183 @page.update_attribute :protected, params[:protected]
181 @page.update_attribute :protected, params[:protected]
184 redirect_to :action => 'show', :project_id => @project, :id => @page.title
182 redirect_to :action => 'show', :project_id => @project, :id => @page.title
@@ -208,7 +206,6 class WikiController < ApplicationController
208 render_404 unless @annotate
206 render_404 unless @annotate
209 end
207 end
210
208
211 verify :method => :delete, :only => [:destroy], :redirect_to => { :action => :show }
212 # Removes a wiki page and its history
209 # Removes a wiki page and its history
213 # Children can be either set as root pages, removed or reassigned to another parent page
210 # Children can be either set as root pages, removed or reassigned to another parent page
214 def destroy
211 def destroy
Show file before | Show file after | Hide comments
@@ -2138,20 +2138,6 class IssuesControllerTest < ActionController::TestCase
2138 assert_equal 'This is the test_new issue', issue.subject
2138 assert_equal 'This is the test_new issue', issue.subject
2139 end
2139 end
2140
2140
2141 def test_update_using_invalid_http_verbs
2142 @request.session[:user_id] = 2
2143 subject = 'Updated by an invalid http verb'
2144
2145 get :update, :id => 1, :issue => {:subject => subject}
2146 assert_not_equal subject, Issue.find(1).subject
2147
2148 post :update, :id => 1, :issue => {:subject => subject}
2149 assert_not_equal subject, Issue.find(1).subject
2150
2151 delete :update, :id => 1, :issue => {:subject => subject}
2152 assert_not_equal subject, Issue.find(1).subject
2153 end
2154
2155 def test_put_update_without_custom_fields_param
2141 def test_put_update_without_custom_fields_param
2156 @request.session[:user_id] = 2
2142 @request.session[:user_id] = 2
2157 ActionMailer::Base.deliveries.clear
2143 ActionMailer::Base.deliveries.clear
Show file before | Show file after | Hide comments
@@ -311,12 +311,6 class ProjectsControllerTest < ActionController::TestCase
311 end
311 end
312 end
312 end
313
313
314 def test_create_should_not_accept_get
315 @request.session[:user_id] = 1
316 get :create
317 assert_response :method_not_allowed
318 end
319
320 def test_show_by_id
314 def test_show_by_id
321 get :show, :id => 1
315 get :show, :id => 1
322 assert_response :success
316 assert_response :success
@@ -412,12 +406,6 class ProjectsControllerTest < ActionController::TestCase
412 assert_equal ['documents', 'issue_tracking', 'repository'], Project.find(1).enabled_module_names.sort
406 assert_equal ['documents', 'issue_tracking', 'repository'], Project.find(1).enabled_module_names.sort
413 end
407 end
414
408
415 def test_modules_should_not_allow_get
416 @request.session[:user_id] = 1
417 get :modules, :id => 1
418 assert_response :method_not_allowed
419 end
420
421 def test_destroy_without_confirmation
409 def test_destroy_without_confirmation
422 @request.session[:user_id] = 1 # admin
410 @request.session[:user_id] = 1 # admin
423 delete :destroy, :id => 1
411 delete :destroy, :id => 1
Show file before | Show file after | Hide comments
@@ -289,13 +289,6 class UsersControllerTest < ActionController::TestCase
289 assert_nil User.find_by_id(2)
289 assert_nil User.find_by_id(2)
290 end
290 end
291
291
292 def test_destroy_should_not_accept_get_requests
293 assert_no_difference 'User.count' do
294 get :destroy, :id => 2
295 end
296 assert_response 405
297 end
298
299 def test_destroy_should_be_denied_for_non_admin_users
292 def test_destroy_should_be_denied_for_non_admin_users
300 @request.session[:user_id] = 3
293 @request.session[:user_id] = 3
301
294
Show file before | Show file after | Hide comments
@@ -32,12 +32,6 class WatchersControllerTest < ActionController::TestCase
32 User.current = nil
32 User.current = nil
33 end
33 end
34
34
35 def test_get_watch_should_be_invalid
36 @request.session[:user_id] = 3
37 get :watch, :object_type => 'issue', :object_id => '1'
38 assert_response 405
39 end
40
41 def test_watch
35 def test_watch
42 @request.session[:user_id] = 3
36 @request.session[:user_id] = 3
43 assert_difference('Watcher.count') do
37 assert_difference('Watcher.count') do
Show file before | Show file after | Hide comments
@@ -206,4 +206,23 class IssuesTest < ActionController::IntegrationTest
206 }
206 }
207 }
207 }
208 end
208 end
209
210 def test_update_using_invalid_http_verbs
211 subject = 'Updated by an invalid http verb'
212
213 get '/issues/update/1', {:issue => {:subject => subject}}, credentials('jsmith')
214 assert_response 404
215 assert_not_equal subject, Issue.find(1).subject
216
217 post '/issues/1', {:issue => {:subject => subject}}, credentials('jsmith')
218 assert_response 405
219 assert_not_equal subject, Issue.find(1).subject
220 end
221
222 def test_get_watch_should_be_invalid
223 assert_no_difference 'Watcher.count' do
224 get '/watchers/watch?object_type=issue&object_id=1', {}, credentials('jsmith')
225 assert_response 405
226 end
227 end
209 end
228 end
Show file before | Show file after | Hide comments
@@ -18,7 +18,7
18 require File.expand_path('../../test_helper', __FILE__)
18 require File.expand_path('../../test_helper', __FILE__)
19
19
20 class ProjectsTest < ActionController::IntegrationTest
20 class ProjectsTest < ActionController::IntegrationTest
21 fixtures :projects, :users, :members
21 fixtures :projects, :users, :members, :enabled_modules
22
22
23 def test_archive_project
23 def test_archive_project
24 subproject = Project.find(1).children.first
24 subproject = Project.find(1).children.first
@@ -41,4 +41,11 class ProjectsTest < ActionController::IntegrationTest
41 get "projects/1"
41 get "projects/1"
42 assert_response :success
42 assert_response :success
43 end
43 end
44
45 def test_modules_should_not_allow_get
46 assert_no_difference 'EnabledModule.count' do
47 get '/projects/1/modules', {:enabled_module_names => ['']}, credentials('jsmith')
48 assert_response :method_not_allowed
49 end
50 end
44 end
51 end
General Comments 0
You need to be logged in to leave comments. Login now