Commit b56965c5 authored by Phil Hughes's avatar Phil Hughes

Correctly checks if user is logged in when adding todo

parent 85fab13e
class Projects::TodosController < Projects::ApplicationController class Projects::TodosController < Projects::ApplicationController
before_action :authorize_read_issue!, only: [:create] before_action :authenticate_user!, only: [:create]
def create def create
todo = TodoService.new.mark_todo(issuable, current_user) todo = TodoService.new.mark_todo(issuable, current_user)
......
...@@ -39,4 +39,17 @@ describe Projects::TodosController do ...@@ -39,4 +39,17 @@ describe Projects::TodosController do
expect(response.status).to eq(404) expect(response.status).to eq(404)
end end
end end
describe 'POST #create when not logged in' do
it 'should create todo for issue' do
expect do
post(:create, namespace_id: project.namespace.path,
project_id: project.path,
issuable_id: issue.id,
issuable_type: "issue")
end.to change { user.todos.count }.by(0)
expect(response.status).to eq(302)
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment