public function change_photo_no_csrf_fails_test() { $controller = new Photos_Controller(); $root = ORM::factory("item", 1); $this->_photo = photo::create($root, MODPATH . "gallery/tests/test.jpg", "test", "test", "test"); $_POST["name"] = "new name"; $_POST["title"] = "new title"; $_POST["description"] = "new description"; access::allow(group::everybody(), "edit", $root); try { $controller->_update($this->_photo); $this->assert_true(false, "This should fail"); } catch (Exception $e) { // pass } }
public function change_photo_no_csrf_fails_test() { $controller = new Photos_Controller(); $photo = test::random_photo(); $_POST["name"] = "new name.jpg"; $_POST["title"] = "new title"; $_POST["description"] = "new description"; $_POST["slug"] = "new slug"; access::allow(identity::everybody(), "edit", item::root()); try { $controller->update($photo); $this->assert_true(false, "This should fail"); } catch (Exception $e) { // pass $this->assert_same("@todo FORBIDDEN", $e->getMessage()); } }