Revision 355bce36
Added by Ohad Levy over 10 years ago
| test/unit/user_test.rb | ||
|---|---|---|
|
|
||
|
test "user with destroy permissions should not be able to edit" do
|
||
|
setup_user "destroy"
|
||
|
record = users(:one)
|
||
|
record.login = "renamed"
|
||
|
record = users(:two)
|
||
|
record.login = 'renamed'
|
||
|
assert !record.save
|
||
|
assert record.valid?
|
||
|
end
|
||
| ... | ... | |
|
|
||
|
end
|
||
|
|
||
|
test 'user should allow editing self?' do
|
||
|
User.current = users(:one)
|
||
|
|
||
|
# edit self
|
||
|
options = {:controller => 'users', :action => 'edit', :id => User.current.id}
|
||
|
assert User.current.editing_self?(options)
|
||
|
|
||
|
# update self
|
||
|
options = {:controller => 'users', :action => 'update', :id => User.current.id}
|
||
|
assert User.current.editing_self?(options)
|
||
|
|
||
|
# update someone else
|
||
|
options = {:controller => 'users', :action => 'update', :id => users(:two).id}
|
||
|
assert_not User.current.editing_self?(options)
|
||
|
|
||
|
# update for another controller
|
||
|
options = {:controller => 'hosts', :action => 'update', :id => User.current.id}
|
||
|
assert_not User.current.editing_self?(options)
|
||
|
end
|
||
|
|
||
|
end
|
||
Also available in: Unified diff
fixes #3930 - refactoring of edit_self implementation.