Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #734 from carols10cents/issue_733

Issue 733
  • Loading branch information...
commit 9464c481dc3c93afa250467ef508fe16d40933a3 2 parents b406ec6 + 5a38483
Carol (Nichols || Goulding) carols10cents authored
2  app/controllers/updates_controller.rb
View
@@ -1,6 +1,6 @@
class UpdatesController < ApplicationController
before_filter :process_params
- before_filter :require_user, :only => [:timeline, :replies, :export]
+ before_filter :require_user, :only => [:timeline, :replies, :export, :create, :destroy]
def index
@title = "updates"
31 test/acceptance/update_test.rb
View
@@ -44,18 +44,26 @@
end
end
- it "makes an update" do
- log_in_as_some_user
+ describe "create a new update" do
+ it "makes an update" do
+ log_in_as_some_user
- update_text = "Testing, testing"
+ update_text = "Testing, testing"
- VCR.use_cassette('publish_update') do
- visit "/"
- fill_in 'update-textarea', :with => update_text
- click_button :'update-button'
+ VCR.use_cassette('publish_update') do
+ visit "/"
+ fill_in 'update-textarea', :with => update_text
+ click_button :'update-button'
+ end
+
+ text.must_include update_text
end
- text.must_include update_text
+ it "does not allow unauthenticated users to create an update" do
+ post "/updates", {:text => "probably spam"}
+
+ last_response.status.must_equal 302
+ end
end
["/updates", "/replies", "/"].each do |url|
@@ -182,6 +190,13 @@
end
end
end
+
+ it "doesn't let you directly send a delete request without a valid user" do
+ u = Fabricate(:update)
+ delete "/updates/#{u.id}"
+
+ last_response.status.must_equal 302
+ end
end
describe "reply and share links for each update" do
Please sign in to comment.
Something went wrong with that request. Please try again.