Fixes a data disclosure issue introduced in r3941.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4535 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-11-02 03:15:57 +01:00 · 2010-12-18 17:11:41 +00:00
parent 525656a490
commit 93847ae337
2 changed files with 9 additions and 2 deletions
--- a/test/functional/journals_controller_test.rb
+++ b/test/functional/journals_controller_test.rb
@@ -40,14 +40,20 @@ class JournalsControllerTest < ActionController::TestCase
  
  def test_reply_to_issue
    @request.session[:user_id] = 2
-    get :new, :id => 1
+    get :new, :id => 6
    assert_response :success
    assert_select_rjs :show, "update"
  end
+  
+  def test_reply_to_issue_without_permission
+    @request.session[:user_id] = 7
+    get :new, :id => 6
+    assert_response 403
+  end

  def test_reply_to_note
    @request.session[:user_id] = 2
-    get :new, :id => 1, :journal_id => 2
+    get :new, :id => 6, :journal_id => 4
    assert_response :success
    assert_select_rjs :show, "update"
  end