public function change_photo_no_csrf_fails_test()
{
$controller = new Photos_Controller();
$root = ORM::factory("item", 1);
$this->_photo = photo::create($root, MODPATH . "gallery/tests/test.jpg", "test", "test", "test");
$_POST["name"] = "new name";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
access::allow(group::everybody(), "edit", $root);
try {
$controller->_update($this->_photo);
$this->assert_true(false, "This should fail");
} catch (Exception $e) {
// pass
}
}
public function change_photo_no_csrf_fails_test()
{
$controller = new Photos_Controller();
$photo = test::random_photo();
$_POST["name"] = "new name.jpg";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
$_POST["slug"] = "new slug";
access::allow(identity::everybody(), "edit", item::root());
try {
$controller->update($photo);
$this->assert_true(false, "This should fail");
} catch (Exception $e) {
// pass
$this->assert_same("@todo FORBIDDEN", $e->getMessage());
}
}
