public function change_album_test()
{
$controller = new Albums_Controller();
$root = ORM::factory("item", 1);
$this->_album = album::create($root, "test", "test", "test");
$orig_name = $this->_album->name;
$_POST["dirname"] = "test";
$_POST["name"] = "new name";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
$_POST["column"] = "weight";
$_POST["direction"] = "ASC";
$_POST["csrf"] = access::csrf_token();
$_POST["slug"] = "new-name";
access::allow(identity::everybody(), "edit", $root);
ob_start();
$controller->update($this->_album->id);
$this->_album->reload();
$results = ob_get_contents();
ob_end_clean();
$this->assert_equal(json_encode(array("result" => "success", "location" => "HTTP_REFERER")), $results);
$this->assert_equal("new title", $this->_album->title);
$this->assert_equal("new description", $this->_album->description);
// We don't change the name, yet.
$this->assert_equal($orig_name, $this->_album->name);
}
public function change_album_no_csrf_fails_test()
{
$controller = new Albums_Controller();
$album = test::random_album();
$_POST["name"] = "new name";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
access::allow(identity::everybody(), "edit", item::root());
try {
$controller->update($album->id);
$this->assert_true(false, "This should fail");
} catch (Exception $e) {
// pass
$this->assert_same("@todo FORBIDDEN", $e->getMessage());
}
}
