From 5cdeed6c54c5916f329d8a75b1b2d46e3a77fb15 Mon Sep 17 00:00:00 2001
From: Raphael <raphael@joindiaspora.com>
Date: Tue, 2 Nov 2010 17:10:19 -0700
Subject: [PATCH] Add a spec to people_controller, make those specs a little
clearer
---
app/controllers/people_controller.rb | 1 +
spec/controllers/people_controller_spec.rb | 13 +++++++++++--
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/app/controllers/people_controller.rb b/app/controllers/people_controller.rb
index ea56ed81b4..9280e2d3ee 100644
--- a/app/controllers/people_controller.rb
+++ b/app/controllers/people_controller.rb
@@ -56,6 +56,7 @@ class PeopleController < ApplicationController
end
# upload and set new profile photo
+ params[:person][:profile] ||= {}
if params[:person][:profile][:image].present?
raw_image = params[:person][:profile].delete(:image)
params[:profile_image_hash] = { :user_file => raw_image, :to => "all" }
diff --git a/spec/controllers/people_controller_spec.rb b/spec/controllers/people_controller_spec.rb
index 16b0968a4d..c69c0f9d53 100644
--- a/spec/controllers/people_controller_spec.rb
+++ b/spec/controllers/people_controller_spec.rb
@@ -22,14 +22,17 @@ describe PeopleController do
it 'should go to the current_user show page' do
get :show, :id => user.person.id
+ response.should be_success
end
- it "doesn't error out on an invalid id" do
+ it "redirects on an invalid id" do
get :show, :id => 'delicious'
+ response.should redirect_to people_path
end
- it "doesn't error out on a nonexistent person" do
+ it "redirects on a nonexistent person" do
get :show, :id => user.id
+ response.should redirect_to people_path
end
describe '#update' do
@@ -50,5 +53,11 @@ describe PeopleController do
user.person.profile.image_url.should == image_url
end
end
+ it 'does not allow mass assignment' do
+ new_user = make_user
+ put :update, :id => user.person.id, :person => {
+ :owner_id => new_user.id}
+ user.person.reload.owner_id.should_not == new_user.id
+ end
end
end
--
GitLab