From 7b368ac4825686458be38460d8a77f4e9e0139ef Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 9 Jul 2014 22:03:59 +0200
Subject: adopt ticket list test to new behaviour

We completely ingnore the user_id param for non admins now. So if someone tries to show somebody elses tickets they will see their own instead.
---
 engines/support/test/functional/tickets_controller_test.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'engines')

diff --git a/engines/support/test/functional/tickets_controller_test.rb b/engines/support/test/functional/tickets_controller_test.rb
index ebaa3a4..e36f5f6 100644
--- a/engines/support/test/functional/tickets_controller_test.rb
+++ b/engines/support/test/functional/tickets_controller_test.rb
@@ -64,11 +64,12 @@ class TicketsControllerTest < ActionController::TestCase
     assert_access_denied
   end
 
-  test "ticket list of other user is not visible" do
+  test "normal user only gets own ticket list" do
     other_user = find_record :user
     login
     get :index, :user_id => other_user.id
-    assert_access_denied
+    assert_equal @current_user, assigns(:user)
+    assert_nil assigns(:tickets).detect{|t| t.created_by != @user}
   end
 
   test "should create unauthenticated ticket" do
-- 
cgit v1.2.3