From f5cabbf74d892fb010a886db258b97ac3bb0a3b4 Mon Sep 17 00:00:00 2001 From: Reinier Balt Date: Sat, 10 Sep 2011 02:31:53 +0200 Subject: [PATCH] fix #1194 by checking the project_id and context_id --- app/controllers/todos_controller.rb | 26 ++++++++++++++++++++----- test/integration/todo_xml_api_test.rb | 28 +++++++++++++++++++++------ 2 files changed, 43 insertions(+), 11 deletions(-) diff --git a/app/controllers/todos_controller.rb b/app/controllers/todos_controller.rb index 774197e3..ab81272a 100644 --- a/app/controllers/todos_controller.rb +++ b/app/controllers/todos_controller.rb @@ -74,6 +74,9 @@ class TodosController < ApplicationController project = current_user.projects.find_or_create_by_name(p.project_name) @new_project_created = project.new_record_before_save? @todo.project_id = project.id + elsif !p.project_id.nil? + project = current_user.projects.find_by_id(p.project_id) + @todo.errors.add(:project, "unknown") if project.nil? end if p.context_specified_by_name? @@ -81,15 +84,20 @@ class TodosController < ApplicationController @new_context_created = context.new_record_before_save? @not_done_todos = [@todo] if @new_context_created @todo.context_id = context.id + elsif !p.context_id.nil? + context = current_user.contexts.find_by_id(p.context_id) + @todo.errors.add(:context, "unknown") if context.nil? end - @todo.starred= (params[:new_todo_starred]||"").include? "true" + if @saved + @todo.starred= (params[:new_todo_starred]||"").include? "true" - @todo.add_predecessor_list(predecessor_list) + @todo.add_predecessor_list(predecessor_list) - # Fix for #977 because AASM overrides @state on creation - specified_state = @todo.state - @saved = @todo.save + # Fix for #977 because AASM overrides @state on creation + specified_state = @todo.state + @saved = @todo.save + end @todo.update_state_from_project if @saved @@ -1457,10 +1465,18 @@ class TodosController < ApplicationController @params['project_name'].strip unless @params['project_name'].nil? end + def project_id + @attributes['project_id'] + end + def context_name @params['context_name'].strip unless @params['context_name'].nil? end + def context_id + @attributes['context_id'] + end + def tag_list @params['todo_tag_list'] end diff --git a/test/integration/todo_xml_api_test.rb b/test/integration/todo_xml_api_test.rb index 3cdf46e4..7dbfee19 100644 --- a/test/integration/todo_xml_api_test.rb +++ b/test/integration/todo_xml_api_test.rb @@ -3,18 +3,18 @@ require 'todos_controller' class TodoXmlApiTest < ActionController::IntegrationTest fixtures :users, :contexts, :preferences, :todos - + def setup assert_test_environment_ok @user = users(:other_user) @password = 'sesame' end - + def test_get_tickler_succeeds authenticated_get_xml "/tickler", @user.login, @password, {} assert_response 200 end - + def test_get_tickler_needs_authentication get '/tickler.xml', {}, {} assert_response 401 @@ -22,16 +22,32 @@ class TodoXmlApiTest < ActionController::IntegrationTest get "/tickler", {}, {'AUTHORIZATION' => "Basic " + Base64.encode64("wrong:wrong"),'ACCEPT' => 'application/xml'} assert_response 401 end - + def test_get_tickler_returns_all_deferred_todos number = @user.todos.deferred.count authenticated_get_xml "/tickler", @user.login, @password, {} assert_tag :tag => "todos", :children => { :count => number, :only => { :tag => "todo" } } end - + def test_get_tickler_omits_user_id authenticated_get_xml "/tickler", @user.login, @password, {} assert_no_tag :tag => "user_id" end - + + def test_post_create_todo_with_wrong_project_and_context_id + authenticated_post_xml_to_todo_create "this will fail-16-11" + assert_response 422 + end + + private + + def authenticated_post_xml_to_todo_create(postdata = @@valid_postdata, user = users(:other_user).login, password = 'sesame') + authenticated_post_xml "/todos", user, password, postdata + assert_xml_select 'errors' do + assert_select 'error', 2, 'Project unknown' + assert_select 'error', 2, 'Context unknown' + end + + end + end \ No newline at end of file