Adding test to check that users can't update changesets that they don't own.

[rails.git] / test / functional / changeset_controller_test.rb

diff --git a/test/functional/changeset_controller_test.rb b/test/functional/changeset_controller_test.rb
index 2ff6bee331cf803e7df940c181b6475150686c54..59c92e19beb2cecb4c7d7fe66cccdb1dde2c8d6a 100644 (file)
--- a/test/functional/changeset_controller_test.rb
+++ b/test/functional/changeset_controller_test.rb
@@ -741,16 +741,25 @@ EOF
   ##
   # check updating tags on a changeset
   def test_changeset_update
-    basic_authorization "test@openstreetmap.org", "test"
-
     changeset = changesets(:normal_user_first_change)
     new_changeset = changeset.to_xml
     new_tag = XML::Node.new "tag"
     new_tag['k'] = "tagtesting"
     new_tag['v'] = "valuetesting"
     new_changeset.find("//osm/changeset").first << new_tag
-
     content new_changeset
+
+    # try without any authorization
+    put :update, :id => changeset.id
+    assert_response :unauthorized
+
+    # try with the wrong authorization
+    basic_authorization "test@example.com", "test"
+    put :update, :id => changeset.id
+    assert_response :conflict
+
+    # now this should work...
+    basic_authorization "test@openstreetmap.org", "test"
     put :update, :id => changeset.id
     assert_response :success