diff options
author | Azul <azul@leap.se> | 2014-07-09 22:03:59 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2014-07-09 22:03:59 +0200 |
commit | 7b368ac4825686458be38460d8a77f4e9e0139ef (patch) | |
tree | 83472ae6cb3bbab1479e585e90de1fad9f45382b /engines | |
parent | ace262b61703318d377752c863c48ac3f880f7e6 (diff) |
adopt ticket list test to new behaviour
We completely ingnore the user_id param for non admins now. So if someone tries to show somebody elses tickets they will see their own instead.
Diffstat (limited to 'engines')
-rw-r--r-- | engines/support/test/functional/tickets_controller_test.rb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/engines/support/test/functional/tickets_controller_test.rb b/engines/support/test/functional/tickets_controller_test.rb index ebaa3a4..e36f5f6 100644 --- a/engines/support/test/functional/tickets_controller_test.rb +++ b/engines/support/test/functional/tickets_controller_test.rb @@ -64,11 +64,12 @@ class TicketsControllerTest < ActionController::TestCase assert_access_denied end - test "ticket list of other user is not visible" do + test "normal user only gets own ticket list" do other_user = find_record :user login get :index, :user_id => other_user.id - assert_access_denied + assert_equal @current_user, assigns(:user) + assert_nil assigns(:tickets).detect{|t| t.created_by != @user} end test "should create unauthenticated ticket" do |