From: Tom Hughes <tom@compton.nu>
Date: Thu, 28 Mar 2013 15:58:03 +0000 (+0000)
Subject: Test that closing and deleting notes require authentication
X-Git-Tag: live~5114^2~7
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/544113affae90f5ca661021a980ab0a9c2c2b2d1?ds=sidebyside

Test that closing and deleting notes require authentication
---

diff --git a/test/functional/notes_controller_test.rb b/test/functional/notes_controller_test.rb
index 2b880943c..99faec25f 100644
--- a/test/functional/notes_controller_test.rb
+++ b/test/functional/notes_controller_test.rb
@@ -256,6 +256,11 @@ class NotesControllerTest < ActionController::TestCase
   end
 
   def test_note_close_success
+    post :close, {:id => notes(:open_note_with_comment).id, :text => "This is a close comment", :format => "json"}
+    assert_response :unauthorized
+
+    basic_authorization(users(:public_user).email, "test")
+
     post :close, {:id => notes(:open_note_with_comment).id, :text => "This is a close comment", :format => "json"}
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
@@ -266,7 +271,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal 3, js["properties"]["comments"].count
     assert_equal "closed", js["properties"]["comments"].last["action"]
     assert_equal "This is a close comment", js["properties"]["comments"].last["text"]
-    assert_nil js["properties"]["comments"].last["user"]
+    assert_equal "test2", js["properties"]["comments"].last["user"]
 
     get :show, {:id => notes(:open_note_with_comment).id, :format => "json"}
     assert_response :success
@@ -278,10 +283,15 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal 3, js["properties"]["comments"].count
     assert_equal "closed", js["properties"]["comments"].last["action"]
     assert_equal "This is a close comment", js["properties"]["comments"].last["text"]
-    assert_nil js["properties"]["comments"].last["user"]
+    assert_equal "test2", js["properties"]["comments"].last["user"]
   end
 
   def test_note_close_fail
+    post :close
+    assert_response :unauthorized
+
+    basic_authorization(users(:public_user).email, "test")
+
     post :close
     assert_response :bad_request
 
@@ -333,6 +343,11 @@ class NotesControllerTest < ActionController::TestCase
   end
 
   def test_note_delete_success
+    delete :destroy, {:id => notes(:open_note_with_comment).id}
+    assert_response :unauthorized
+
+    basic_authorization(users(:public_user).email, "test")
+
     delete :destroy, {:id => notes(:open_note_with_comment).id}
     assert_response :success
 
@@ -341,6 +356,11 @@ class NotesControllerTest < ActionController::TestCase
   end
 
   def test_note_delete_fail
+    delete :destroy, {:id => 12345}
+    assert_response :unauthorized
+
+    basic_authorization(users(:public_user).email, "test")
+
     delete :destroy, {:id => 12345}
     assert_response :not_found