Commit 1c1b12d9f9bf0ea1b0d00d1cf7b4d57d2fbabce8
1 parent
096ea0b2
Exists in
staging
and in
28 other branches
Fixed review points
Showing
1 changed file
with
9 additions
and
2 deletions
Show diff stats
test/api/articles_test.rb
@@ -9,8 +9,6 @@ class ArticlesTest < ActiveSupport::TestCase | @@ -9,8 +9,6 @@ class ArticlesTest < ActiveSupport::TestCase | ||
9 | 9 | ||
10 | should 'remove article' do | 10 | should 'remove article' do |
11 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | 11 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") |
12 | - article = Article.find(article.id) | ||
13 | - assert_not_nil article | ||
14 | delete "/api/v1/articles/#{article.id}?#{params.to_query}" | 12 | delete "/api/v1/articles/#{article.id}?#{params.to_query}" |
15 | json = JSON.parse(last_response.body) | 13 | json = JSON.parse(last_response.body) |
16 | 14 | ||
@@ -20,6 +18,15 @@ class ArticlesTest < ActiveSupport::TestCase | @@ -20,6 +18,15 @@ class ArticlesTest < ActiveSupport::TestCase | ||
20 | assert !Article.exists?(article.id) | 18 | assert !Article.exists?(article.id) |
21 | end | 19 | end |
22 | 20 | ||
21 | + should 'not remove article without permission' do | ||
22 | + otherPerson = fast_create(Person, :name => "Other Person") | ||
23 | + article = fast_create(Article, :profile_id => otherPerson.id, :name => "Some thing") | ||
24 | + delete "/api/v1/articles/#{article.id}?#{params.to_query}" | ||
25 | + json = JSON.parse(last_response.body) | ||
26 | + assert_equal 403, last_response.status | ||
27 | + assert Article.exists?(article.id) | ||
28 | + end | ||
29 | + | ||
23 | should 'list articles' do | 30 | should 'list articles' do |
24 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | 31 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") |
25 | get "/api/v1/articles/?#{params.to_query}" | 32 | get "/api/v1/articles/?#{params.to_query}" |