##// END OF EJS Templates
jro_apps » redmine
RSS
Verify issues are updated by HTTP PUT only. Regression from r3486....
Eric Davis -
r3406:f5f5a5f64f29
parent child
Show More
Side by Side Unified
Context file:
r3406:f5f5a5f64f29 Loading diff...:
Show file before | Show file after | Hide comments
@@ -50,7 +50,9 class IssuesController < ApplicationController
50 verify :method => [:post, :delete],
50 verify :method => [:post, :delete],
51 :only => :destroy,
51 :only => :destroy,
52 :render => { :nothing => true, :status => :method_not_allowed }
52 :render => { :nothing => true, :status => :method_not_allowed }
53
53
54 verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
55
54 def index
56 def index
55 retrieve_query
57 retrieve_query
56 sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
58 sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
Show file before | Show file after | Hide comments
@@ -657,6 +657,20 class IssuesControllerTest < ActionController::TestCase
657 assert_select_rjs :show, "update"
657 assert_select_rjs :show, "update"
658 end
658 end
659
659
660 def test_update_using_invalid_http_verbs
661 @request.session[:user_id] = 2
662 subject = 'Updated by an invalid http verb'
663
664 get :update, :id => 1, :issue => {:subject => subject}
665 assert_not_equal subject, Issue.find(1).subject
666
667 post :update, :id => 1, :issue => {:subject => subject}
668 assert_not_equal subject, Issue.find(1).subject
669
670 delete :update, :id => 1, :issue => {:subject => subject}
671 assert_not_equal subject, Issue.find(1).subject
672 end
673
660 def test_put_update_without_custom_fields_param
674 def test_put_update_without_custom_fields_param
661 @request.session[:user_id] = 2
675 @request.session[:user_id] = 2
662 ActionMailer::Base.deliveries.clear
676 ActionMailer::Base.deliveries.clear
General Comments 0
You need to be logged in to leave comments. Login now