Verify issues are updated by HTTP PUT only. Regression from r3486.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3520 e93f8b46-1217-0410-a6f0-8f06a7374b81

Verify issues are updated by HTTP PUT only. Regression from r3486.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3520 e93f8b46-1217-0410-a6f0-8f06a7374b81
f5f5a5f6 · Eric Davis · 8699e5bb · f5f5a5f6 · f5f5a5f6
Commit f5f5a5f6 authored Mar 01, 2010 by Eric Davis
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 1 deletion

issues_controller.rb app/controllers/issues_controller.rb +3 -1

issues_controller_test.rb test/functional/issues_controller_test.rb +14 -0

No files found.
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -50,7 +50,9 @@ class IssuesController < ApplicationController
  verify :method => [:post, :delete],
         :only => :destroy,
         :render => { :nothing => true, :status => :method_not_allowed }
-           
+
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+  
  def index
    retrieve_query
    sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)

--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -657,6 +657,20 @@ class IssuesControllerTest < ActionController::TestCase
    assert_select_rjs :show, "update"
  end

+  def test_update_using_invalid_http_verbs
+    @request.session[:user_id] = 2
+    subject = 'Updated by an invalid http verb'
+
+    get :update, :id => 1, :issue => {:subject => subject}
+    assert_not_equal subject, Issue.find(1).subject
+
+    post :update, :id => 1, :issue => {:subject => subject}
+    assert_not_equal subject, Issue.find(1).subject
+
+    delete :update, :id => 1, :issue => {:subject => subject}
+    assert_not_equal subject, Issue.find(1).subject
+  end
+
  def test_put_update_without_custom_fields_param
    @request.session[:user_id] = 2
    ActionMailer::Base.deliveries.clear