github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: users can see the raw email source of their own posts

Browse Source
This commit is contained in:
Régis Hanol
2014-11-12 14:49:42 +01:00
parent fe541891fc
commit a036ac7bdc
3 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
spec/controllers/posts_controller_spec.rb
View File

@ -72,8 +72,8 @@ describe PostsController do
include_examples "action requires login", :get, :raw_email, id: 2
describe "when logged in" do
let(:user) {log_in}
let(:post) {Fabricate(:post, user: user, raw_email: 'email_content')}
let(:user) { log_in }
let(:post) { Fabricate(:post, user: user, raw_email: 'email_content') }
it "raises an error if the user doesn't have permission to view raw email" do
Guardian.any_instance.expects(:can_view_raw_email?).returns(false)
@ -90,7 +90,6 @@ describe PostsController do
response.should be_success
json = ::JSON.parse(response.body)
json.should be_present
json['raw_email'].should == 'email_content'
end