From: Tom Hughes Date: Mon, 13 Feb 2017 10:09:43 +0000 (+0000) Subject: Allow a POST with no arguments to trace#edit to fetch the form X-Git-Tag: live~4278 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/e23541c20f9e2a74cc190c2a9e7c0b79562fe650?ds=sidebyside;hp=-c Allow a POST with no arguments to trace#edit to fetch the form --- e23541c20f9e2a74cc190c2a9e7c0b79562fe650 diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb index e41bd01f3..8d9b670c5 100644 --- a/app/controllers/trace_controller.rb +++ b/app/controllers/trace_controller.rb @@ -170,7 +170,7 @@ class TraceController < ApplicationController else @title = t "trace.edit.title", :name => @trace.name - if request.post? + if request.post? && params[:trace] @trace.description = params[:trace][:description] @trace.tagstring = params[:trace][:tagstring] @trace.visibility = params[:trace][:visibility] diff --git a/test/controllers/trace_controller_test.rb b/test/controllers/trace_controller_test.rb index f27129b42..b238df04c 100644 --- a/test/controllers/trace_controller_test.rb +++ b/test/controllers/trace_controller_test.rb @@ -557,7 +557,7 @@ class TraceControllerTest < ActionController::TestCase assert_equal "trackable", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v end - # Test fetching the edit page for a trace + # Test fetching the edit page for a trace using GET def test_edit_get public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user)) deleted_trace_file = create(:trace, :deleted, :user => users(:public_user)) @@ -584,10 +584,37 @@ class TraceControllerTest < ActionController::TestCase assert_response :success end + # Test fetching the edit page for a trace using POST + def test_edit_post_no_details + public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user)) + deleted_trace_file = create(:trace, :deleted, :user => users(:public_user)) + + # First with no auth + post :edit, :display_name => users(:normal_user).display_name, :id => public_trace_file.id + assert_response :forbidden + + # Now with some other user, which should fail + post :edit, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:public_user).id } + assert_response :forbidden + + # Now with a trace which doesn't exist + post :edit, { :display_name => users(:public_user).display_name, :id => 0 }, { :user => users(:public_user).id } + assert_response :not_found + + # Now with a trace which has been deleted + post :edit, { :display_name => users(:public_user).display_name, :id => deleted_trace_file.id }, { :user => users(:public_user).id } + assert_response :not_found + + # Finally with a trace that we are allowed to edit + post :edit, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:normal_user).id } + assert_response :success + end + # Test saving edits to a trace - def test_edit_post + def test_edit_post_with_details public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user)) deleted_trace_file = create(:trace, :deleted, :user => users(:public_user)) + # New details new_details = { :description => "Changed description", :tagstring => "new_tag", :visibility => "private" }