From: Matt Amos <zerebubuth@gmail.com>
Date: Wed, 26 Nov 2008 15:03:50 +0000 (+0000)
Subject: Adding test to check that users can't update changesets that they don't own.
X-Git-Tag: live~7557^2~124
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/89bd962ff0d7d96bda9f8148a0103224752fbd2e

Adding test to check that users can't update changesets that they don't own.
---

diff --git a/test/functional/changeset_controller_test.rb b/test/functional/changeset_controller_test.rb
index 2ff6bee33..59c92e19b 100644
--- a/test/functional/changeset_controller_test.rb
+++ b/test/functional/changeset_controller_test.rb
@@ -741,16 +741,25 @@ EOF
   ##
   # check updating tags on a changeset
   def test_changeset_update
-    basic_authorization "test@openstreetmap.org", "test"
-
     changeset = changesets(:normal_user_first_change)
     new_changeset = changeset.to_xml
     new_tag = XML::Node.new "tag"
     new_tag['k'] = "tagtesting"
     new_tag['v'] = "valuetesting"
     new_changeset.find("//osm/changeset").first << new_tag
-
     content new_changeset
+
+    # try without any authorization
+    put :update, :id => changeset.id
+    assert_response :unauthorized
+
+    # try with the wrong authorization
+    basic_authorization "test@example.com", "test"
+    put :update, :id => changeset.id
+    assert_response :conflict
+
+    # now this should work...
+    basic_authorization "test@openstreetmap.org", "test"
     put :update, :id => changeset.id
     assert_response :success