Skip to content

O
OHR Support
Commit 072c4ad1 authored by Jean-Philippe Lang's avatar Jean-Philippe Lang
Browse files
Options

Verify HTTP method on ProjectsController#create. 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4646 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 9fb770ba
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 3 deletions
app/controllers/projects_controller.rb
View file @ 072c4ad1
......@@ -32,9 +32,6 @@ class ProjectsController < ApplicationController
end
end
# TODO: convert to PUT only
verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
helper :sort
include SortHelper
helper :custom_fields
......@@ -71,6 +68,7 @@ class ProjectsController < ApplicationController
@project = Project.new(params[:project])
end
verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
def create
@issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
@trackers = Tracker.all
......@@ -183,6 +181,8 @@ class ProjectsController < ApplicationController
def edit
end
# TODO: convert to PUT only
verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
def update
@project.safe_attributes = params[:project]
if validate_parent_id && @project.save
......
test/functional/projects_controller_test.rb
View file @ 072c4ad1
......@@ -288,6 +288,17 @@ class ProjectsControllerTest < ActionController::TestCase
end
end
context "GET :create" do
setup do
@request.session[:user_id] = 1
end
should "not be allowed" do
get :create
assert_response :method_not_allowed
end
end
def test_show_by_id
get :show, :id => 1
assert_response :success
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment