Skip to content
Browse files

Related to Issue #733; destroy should also require a valid current user

  • Loading branch information...
1 parent de057dc commit 5a38483b3564d9d4d7bd3c4f00d35c8606fde45c @carols10cents carols10cents committed Dec 2, 2012
Showing with 8 additions and 1 deletion.
  1. +1 −1 app/controllers/updates_controller.rb
  2. +7 −0 test/acceptance/update_test.rb
View
2 app/controllers/updates_controller.rb
@@ -1,6 +1,6 @@
class UpdatesController < ApplicationController
before_filter :process_params
- before_filter :require_user, :only => [:timeline, :replies, :export, :create]
+ before_filter :require_user, :only => [:timeline, :replies, :export, :create, :destroy]
def index
@title = "updates"
View
7 test/acceptance/update_test.rb
@@ -190,6 +190,13 @@
end
end
end
+
+ it "doesn't let you directly send a delete request without a valid user" do
+ u = Fabricate(:update)
+ delete "/updates/#{u.id}"
+
+ last_response.status.must_equal 302
+ end
end
describe "reply and share links for each update" do

0 comments on commit 5a38483

Please sign in to comment.
Something went wrong with that request. Please try again.