IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 18:30:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

add test to ensure that userA cannot see drafts stream of userB

Browse Source
This commit is contained in:
pmusaraj 2018-09-12 10:13:20 -04:00
parent 38668818a5
commit 3a00c2adeb
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
spec/requests/drafts_controller_spec.rb
View File

@ -24,4 +24,15 @@ describe DraftsController do
parsed = JSON.parse(response.body)
expect(parsed["drafts"].length).to eq(0)
end
it 'does not let userA see drafts by userB' do
userB = Fabricate(:user)
Draft.set(userB, 'xxx', 0, '{}')
userA = sign_in(Fabricate(:user))
get "/drafts.json", params: { username: userB.username }
expect(response.status).to eq(200)
parsed = JSON.parse(response.body)
expect(parsed["drafts"].length).to eq(0)
end
end