cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Only the sender of a message should be able to mark it as read/unread

Browse source
This commit is contained in:
Tom Hughes 2024-06-29 00:14:42 +01:00
parent ecd091c976
commit b03eb84bb6
2 changed files with 11 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
test/controllers/messages_controller_test.rb
View file

@ -369,10 +369,10 @@ class MessagesControllerTest < ActionDispatch::IntegrationTest
##
# test the mark action
def test_mark
user = create(:user)
sender_user = create(:user)
recipient_user = create(:user)
other_user = create(:user)
message = create(:message, :unread, :sender => user, :recipient => recipient_user)
message = create(:message, :unread, :sender => sender_user, :recipient => recipient_user)
# Check that the marking a message requires us to login
post message_mark_path(message)
@ -386,6 +386,14 @@ class MessagesControllerTest < ActionDispatch::IntegrationTest
assert_response :not_found
assert_template "no_such_message"
# Login as the message sender_user
session_for(sender_user)
# Check that marking a message we sent fails
post message_mark_path(message)
assert_response :not_found
assert_template "no_such_message"
# Login as the message recipient_user
session_for(recipient_user)