Qwaiter in the green 💚

2013-12-22 15:20:14 +01:00
parent 76c2d4ddbc
commit 69132b0c07
20 changed files with 150 additions and 935 deletions
@@ -4,9 +4,15 @@ require 'spec_helper'
 describe Suppliers::ListsController do
  before :each do
    @supplier = Supplier.find_by_email('supplier@qwaiter.com') || create(:supplier, :confirmed)
+    ActionController::Parameters.permit_all_parameters = false
+    controller.stub(:list_params){ controller.params.require(:list).permit! } # allow all parameters since cross parameter injection is tested
    sign_in @supplier
  end

+  #after :each do
+    #ActionController::Parameters.permit_all_parameters = true
+  #end
+
  describe "GET #index" do
    it "populates an array of lists" do
      list = create :list, supplier: @supplier
@@ -4,6 +4,7 @@ require 'spec_helper'
 describe Suppliers::ProductCategoriesController do
  before :each do
    @supplier = Supplier.find_by_email('supplier@qwaiter.com') || create(:supplier, :confirmed)
+    controller.stub(:product_category_params){ controller.params.require(:product_category).permit! } # allow all parameters since cross parameter injection is tested
    sign_in @supplier
  end

@@ -74,7 +75,7 @@ describe Suppliers::ProductCategoriesController do

      it "redirects to the new product_category" do
        post :create, product_category: attributes_for(:product_category, supplier: @supplier)
-        response.should redirect_to [:suppliers, ProductCategory.last]
+        response.should redirect_to [:suppliers, :product_categories]
      end

      it "should not be possible to create a product category for another supplier" do
@@ -118,7 +119,7 @@ describe Suppliers::ProductCategoriesController do

      it "redirects to the updated product_category" do
        put :update, id: @product_category, product_category: attributes_for(:product_category, supplier: @supplier)
-        response.should redirect_to [:suppliers, @product_category]
+        response.should redirect_to [:suppliers, :product_categories]
      end
      it "should not be possible to update a product category to another supplier" do
        supplier2 = create :supplier
@@ -4,6 +4,7 @@ require 'spec_helper'
 describe Suppliers::ProductsController do
  before :each do
    @supplier = Supplier.find_by_email('supplier@qwaiter.com') || create(:supplier, :confirmed)
+    controller.stub(:product_params){ controller.params.require(:product).permit! } # allow all parameters since cross parameter injection is tested
    sign_in @supplier
  end

@@ -74,7 +75,7 @@ describe Suppliers::ProductsController do

      it "redirects to the new product" do
        post :create, product: attributes_for(:product, supplier: @supplier)
-        response.should redirect_to [:suppliers, Product.last]
+        response.should redirect_to [:suppliers, :products]
      end

      it "should not be possible to create a product for another supplier" do
@@ -118,7 +119,7 @@ describe Suppliers::ProductsController do

      it "redirects to the updated product" do
        put :update, id: @product, product: attributes_for(:product, supplier: @supplier)
-        response.should redirect_to [:suppliers, @product]
+        response.should redirect_to [:suppliers, :products]
      end
      it "should not be possible to update a product to another supplier" do
        supplier2 = create :supplier
@@ -4,6 +4,7 @@ require 'spec_helper'
 describe Suppliers::SectionsController do
  before :each do
    @supplier = Supplier.find_by_email('supplier@qwaiter.com') || create(:supplier, :confirmed)
+    controller.stub(:section_params){ controller.params.require(:section).permit! } # allow all parameters since cross parameter injection is tested
    sign_in @supplier
  end

@@ -4,6 +4,7 @@ require 'spec_helper'
 describe Suppliers::TablesController do
  before :each do
    @supplier = Supplier.find_by_email('supplier@qwaiter.com') || create(:supplier, :confirmed)
+    controller.stub(:table_params){ controller.params.require(:table).permit! } # allow all parameters since cross parameter injection is tested
    sign_in @supplier
  end