diff options
-rw-r--r-- | engines/support/app/controllers/tickets_controller.rb | 8 | ||||
-rw-r--r-- | engines/support/test/functional/tickets_controller_test.rb | 10 |
2 files changed, 17 insertions, 1 deletions
diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb index 8cccc2f..c20ef6a 100644 --- a/engines/support/app/controllers/tickets_controller.rb +++ b/engines/support/app/controllers/tickets_controller.rb @@ -19,7 +19,7 @@ class TicketsController < ApplicationController end def create - @ticket = Ticket.new(params[:ticket]) + @ticket = Ticket.new ticket_params #protecting posted_by isn't working, so this should protect it: @ticket.comments.last.posted_by = current_user.id @@ -89,6 +89,12 @@ class TicketsController < ApplicationController @title = t("layouts.title.tickets") end + def ticket_params + # make sure we have everything we need... + params.require(:ticket).require(:comments_attributes).require('0') + params.require(:ticket) + end + private # diff --git a/engines/support/test/functional/tickets_controller_test.rb b/engines/support/test/functional/tickets_controller_test.rb index 5c2b346..2f1e661 100644 --- a/engines/support/test/functional/tickets_controller_test.rb +++ b/engines/support/test/functional/tickets_controller_test.rb @@ -78,6 +78,16 @@ class TicketsControllerTest < ActionController::TestCase assert_nil assigns(:tickets).detect{|t| t.created_by != @user} end + + test "should rerender form on missing info" do + params = { :subject => "unauth ticket test subject", + :comments_attributes => {"0" => {}} + } + assert_raises ActionController::ParameterMissing do + post :create, :ticket => params + end + end + test "should create unauthenticated ticket" do params = {:subject => "unauth ticket test subject", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} |