Merge pull request #72 from azul/feature/token-based-auth

Feature: Token based auth
author: jessib <jessib@riseup.net> 2013-08-27 11:22:52 -0700
committer: jessib <jessib@riseup.net> 2013-08-27 11:22:52 -0700
commit: e481b8cbc05a858674a59ef36d695973622f6b3a (patch)
tree: 8a20143ce831d71076a8c3913664b3a67742ed6b /users/test/functional/users_controller_test.rb
parent: 441db4736e0cd003caf9c8f7b3fbdb1ffa72b969 (diff)
parent: fdf9c5f9ea605020ea371de8e221efe8e5d5ba32 (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index 0ce5cc2..96ae48c 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -59,19 +59,23 @@ class UsersControllerTest < ActionController::TestCase
     assert_access_denied
   end
 
-  test "show for non-existing user" do
+  test "may not show non-existing user without auth" do
     nonid = 'thisisnotanexistinguserid'
 
-    # when unauthenticated:
     get :show, :id => nonid
     assert_access_denied(true, false)
+  end
 
-    # when authenticated but not admin:
+  test "may not show non-existing user without admin" do
+    nonid = 'thisisnotanexistinguserid'
     login
+
     get :show, :id => nonid
     assert_access_denied
+  end
 
-    # when authenticated as admin:
+  test "redirect admin to user list for non-existing user" do
+    nonid = 'thisisnotanexistinguserid'
     login :is_admin? => true
     get :show, :id => nonid
     assert_response :redirect
author	jessib <jessib@riseup.net>	2013-08-27 11:22:52 -0700
committer	jessib <jessib@riseup.net>	2013-08-27 11:22:52 -0700
commit	e481b8cbc05a858674a59ef36d695973622f6b3a (patch)
tree	8a20143ce831d71076a8c3913664b3a67742ed6b /users/test/functional/users_controller_test.rb
parent	441db4736e0cd003caf9c8f7b3fbdb1ffa72b969 (diff)
parent	fdf9c5f9ea605020ea371de8e221efe8e5d5ba32 (diff)