summaryrefslogtreecommitdiff
path: root/engines
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-07-09 22:03:59 +0200
committerAzul <azul@leap.se>2014-07-09 22:03:59 +0200
commit7b368ac4825686458be38460d8a77f4e9e0139ef (patch)
tree83472ae6cb3bbab1479e585e90de1fad9f45382b /engines
parentace262b61703318d377752c863c48ac3f880f7e6 (diff)
adopt ticket list test to new behaviour
We completely ingnore the user_id param for non admins now. So if someone tries to show somebody elses tickets they will see their own instead.
Diffstat (limited to 'engines')
-rw-r--r--engines/support/test/functional/tickets_controller_test.rb5
1 files changed, 3 insertions, 2 deletions
diff --git a/engines/support/test/functional/tickets_controller_test.rb b/engines/support/test/functional/tickets_controller_test.rb
index ebaa3a4..e36f5f6 100644
--- a/engines/support/test/functional/tickets_controller_test.rb
+++ b/engines/support/test/functional/tickets_controller_test.rb
@@ -64,11 +64,12 @@ class TicketsControllerTest < ActionController::TestCase
assert_access_denied
end
- test "ticket list of other user is not visible" do
+ test "normal user only gets own ticket list" do
other_user = find_record :user
login
get :index, :user_id => other_user.id
- assert_access_denied
+ assert_equal @current_user, assigns(:user)
+ assert_nil assigns(:tickets).detect{|t| t.created_by != @user}
end
test "should create unauthenticated ticket" do