From 7b368ac4825686458be38460d8a77f4e9e0139ef Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 9 Jul 2014 22:03:59 +0200 Subject: adopt ticket list test to new behaviour We completely ingnore the user_id param for non admins now. So if someone tries to show somebody elses tickets they will see their own instead. --- engines/support/test/functional/tickets_controller_test.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'engines/support/test') diff --git a/engines/support/test/functional/tickets_controller_test.rb b/engines/support/test/functional/tickets_controller_test.rb index ebaa3a4..e36f5f6 100644 --- a/engines/support/test/functional/tickets_controller_test.rb +++ b/engines/support/test/functional/tickets_controller_test.rb @@ -64,11 +64,12 @@ class TicketsControllerTest < ActionController::TestCase assert_access_denied end - test "ticket list of other user is not visible" do + test "normal user only gets own ticket list" do other_user = find_record :user login get :index, :user_id => other_user.id - assert_access_denied + assert_equal @current_user, assigns(:user) + assert_nil assigns(:tickets).detect{|t| t.created_by != @user} end test "should create unauthenticated ticket" do -- cgit v1.2.3