Verify issues are updated by HTTP PUT only. Regression from r3486.

author Eric Davis <edavis@littlestreamsoftware.com>

Mon, 1 Mar 2010 18:29:18 +0000 (18:29 +0000)

committer Eric Davis <edavis@littlestreamsoftware.com>

Mon, 1 Mar 2010 18:29:18 +0000 (18:29 +0000)
author Eric Davis <edavis@littlestreamsoftware.com>
Mon, 1 Mar 2010 18:29:18 +0000 (18:29 +0000)
committer Eric Davis <edavis@littlestreamsoftware.com>
Mon, 1 Mar 2010 18:29:18 +0000 (18:29 +0000)
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb

index 6fd4f25..7be137e 100644 (file)
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -50,7 +50,9 @@ class IssuesController < ApplicationController
    verify :method => [:post, :delete],
           :only => :destroy,
           :render => { :nothing => true, :status => :method_not_allowed }
-           
+
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+  
    def index
      retrieve_query
      sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb

index fd9177a..06f70c0 100644 (file)
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -657,6 +657,20 @@ class IssuesControllerTest < ActionController::TestCase
      assert_select_rjs :show, "update"
    end
  
+  def test_update_using_invalid_http_verbs
+    @request.session[:user_id] = 2
+    subject = 'Updated by an invalid http verb'
+
+    get :update, :id => 1, :issue => {:subject => subject}
+    assert_not_equal subject, Issue.find(1).subject
+
+    post :update, :id => 1, :issue => {:subject => subject}
+    assert_not_equal subject, Issue.find(1).subject
+
+    delete :update, :id => 1, :issue => {:subject => subject}
+    assert_not_equal subject, Issue.find(1).subject
+  end
+
    def test_put_update_without_custom_fields_param
      @request.session[:user_id] = 2
      ActionMailer::Base.deliveries.clear
author	Eric Davis <edavis@littlestreamsoftware.com>
	Mon, 1 Mar 2010 18:29:18 +0000 (18:29 +0000)
committer	Eric Davis <edavis@littlestreamsoftware.com>
	Mon, 1 Mar 2010 18:29:18 +0000 (18:29 +0000)
app/controllers/issues_controller.rb		patch \| blob \| history
test/functional/issues_controller_test.rb		patch \| blob \| history