Test that closing and deleting notes require authentication

[rails.git] / test / functional / notes_controller_test.rb

diff --git a/test/functional/notes_controller_test.rb b/test/functional/notes_controller_test.rb
index 6e6a3c17c22f436d03a14371e39166b3035d7873..99faec25f1529c8f29e580301b6a0f7f92628fc7 100644 (file)
--- a/test/functional/notes_controller_test.rb
+++ b/test/functional/notes_controller_test.rb
@@ -173,6 +173,13 @@ class NotesControllerTest < ActionController::TestCase
     end
     assert_response :bad_request
 
+    assert_no_difference('Note.count') do
+      assert_no_difference('NoteComment.count') do
+        post :create, {:lat => -1.0, :lon => -1.0, :text => ""}
+      end
+    end
+    assert_response :bad_request
+
     assert_no_difference('Note.count') do
       assert_no_difference('NoteComment.count') do
         post :create, {:lat => -100.0, :lon => -1.0, :text => "This is a comment"}
@@ -227,6 +234,11 @@ class NotesControllerTest < ActionController::TestCase
     end
     assert_response :bad_request
 
+    assert_no_difference('NoteComment.count') do
+      post :comment, {:id => notes(:open_note_with_comment).id, :text => ""}
+    end
+    assert_response :bad_request
+
     assert_no_difference('NoteComment.count') do
       post :comment, {:id => 12345, :text => "This is an additional comment"}
     end
@@ -244,6 +256,11 @@ class NotesControllerTest < ActionController::TestCase
   end
 
   def test_note_close_success
+    post :close, {:id => notes(:open_note_with_comment).id, :text => "This is a close comment", :format => "json"}
+    assert_response :unauthorized
+
+    basic_authorization(users(:public_user).email, "test")
+
     post :close, {:id => notes(:open_note_with_comment).id, :text => "This is a close comment", :format => "json"}
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
@@ -254,7 +271,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal 3, js["properties"]["comments"].count
     assert_equal "closed", js["properties"]["comments"].last["action"]
     assert_equal "This is a close comment", js["properties"]["comments"].last["text"]
-    assert_nil js["properties"]["comments"].last["user"]
+    assert_equal "test2", js["properties"]["comments"].last["user"]
 
     get :show, {:id => notes(:open_note_with_comment).id, :format => "json"}
     assert_response :success
@@ -266,10 +283,15 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal 3, js["properties"]["comments"].count
     assert_equal "closed", js["properties"]["comments"].last["action"]
     assert_equal "This is a close comment", js["properties"]["comments"].last["text"]
-    assert_nil js["properties"]["comments"].last["user"]
+    assert_equal "test2", js["properties"]["comments"].last["user"]
   end
 
   def test_note_close_fail
+    post :close
+    assert_response :unauthorized
+
+    basic_authorization(users(:public_user).email, "test")
+
     post :close
     assert_response :bad_request
 
@@ -321,6 +343,11 @@ class NotesControllerTest < ActionController::TestCase
   end
 
   def test_note_delete_success
+    delete :destroy, {:id => notes(:open_note_with_comment).id}
+    assert_response :unauthorized
+
+    basic_authorization(users(:public_user).email, "test")
+
     delete :destroy, {:id => notes(:open_note_with_comment).id}
     assert_response :success
 
@@ -329,6 +356,11 @@ class NotesControllerTest < ActionController::TestCase
   end
 
   def test_note_delete_fail
+    delete :destroy, {:id => 12345}
+    assert_response :unauthorized
+
+    basic_authorization(users(:public_user).email, "test")
+
     delete :destroy, {:id => 12345}
     assert_response :not_found