summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--engines/support/app/controllers/tickets_controller.rb8
-rw-r--r--engines/support/test/functional/tickets_controller_test.rb10
2 files changed, 17 insertions, 1 deletions
diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb
index 8cccc2f..c20ef6a 100644
--- a/engines/support/app/controllers/tickets_controller.rb
+++ b/engines/support/app/controllers/tickets_controller.rb
@@ -19,7 +19,7 @@ class TicketsController < ApplicationController
end
def create
- @ticket = Ticket.new(params[:ticket])
+ @ticket = Ticket.new ticket_params
#protecting posted_by isn't working, so this should protect it:
@ticket.comments.last.posted_by = current_user.id
@@ -89,6 +89,12 @@ class TicketsController < ApplicationController
@title = t("layouts.title.tickets")
end
+ def ticket_params
+ # make sure we have everything we need...
+ params.require(:ticket).require(:comments_attributes).require('0')
+ params.require(:ticket)
+ end
+
private
#
diff --git a/engines/support/test/functional/tickets_controller_test.rb b/engines/support/test/functional/tickets_controller_test.rb
index 5c2b346..2f1e661 100644
--- a/engines/support/test/functional/tickets_controller_test.rb
+++ b/engines/support/test/functional/tickets_controller_test.rb
@@ -78,6 +78,16 @@ class TicketsControllerTest < ActionController::TestCase
assert_nil assigns(:tickets).detect{|t| t.created_by != @user}
end
+
+ test "should rerender form on missing info" do
+ params = { :subject => "unauth ticket test subject",
+ :comments_attributes => {"0" => {}}
+ }
+ assert_raises ActionController::ParameterMissing do
+ post :create, :ticket => params
+ end
+ end
+
test "should create unauthenticated ticket" do
params = {:subject => "unauth ticket test subject", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}}