opf · GarstgerUnhold · May 7, 2013 · May 7, 2013
diff --git a/app/controllers/members_controller.rb b/app/controllers/members_controller.rb
@@ -14,7 +14,8 @@
 
 class MembersController < ApplicationController
   model_object Member
-  before_filter :find_model_object_and_project
+  before_filter :find_model_object_and_project, :except => [:autocomplete_for_member]
+  before_filter :find_project, :only => [:autocomplete_for_member]
   before_filter :authorize
 
   def create

diff --git a/spec/controllers/members_controller_spec.rb b/spec/controllers/members_controller_spec.rb
@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe MembersController do
+  let(:user) { FactoryGirl.create(:user) }
+  let(:project) { FactoryGirl.create(:project) }
+  let(:role) { FactoryGirl.create(:role) }
+  let(:member) { FactoryGirl.create(:member, :project => project,
+                                             :user => user,
+                                             :roles => [role]) }
+
+  before do
+    User.stub!(:current).and_return(user)
+  end
+
+  describe :autocomplete_for_member do
+    let(:params) { ActionController::Parameters.new({ "id" => project.identifier.to_s }) }
+
+    describe "WHEN the user is authorized
+              WHEN a project is provided" do
+      before do
+        role.permissions << :manage_members
+        role.save!
+        member
+
+        post :autocomplete_for_member, params, :format => :xhr
+      end
+
+      it "should be success" do
+        response.should be_success
+      end
+    end
+
+    describe "WHEN the user is not authorized" do
+      before do
+        post :autocomplete_for_member, params, :format => :xhr
+      end
+
+      it "should be forbidden" do
+        response.response_code.should == 403
+      end
+    end
+  end
+end