spec/controllers/admin/users_controller_spec.rb in radiant-0.8.2 vs spec/controllers/admin/users_controller_spec.rb in radiant-0.9.0.rc2

@@ -73,11 +73,11 @@
       end
       
       it "should deny you access to #{action} action if you are not an admin" do
         lambda { 
           send(method, action, :id => user_id(:existing)) 
-        }.should restrict_access(:deny => [users(:developer), users(:existing)],
+        }.should restrict_access(:deny => [users(:designer), users(:existing)],
                                  :url => '/admin/page')
       end
     end
   end
 
@@ -86,7 +86,16 @@
     login_as user
     get :remove, { :id => user.id }
     response.should redirect_to(admin_users_url)
     flash[:error].should match(/cannot.*self/i)
     User.find(user.id).should_not be_nil
+  end 
+
+  it "should not allow you to remove your own admin privilege" do
+    user = users(:admin)
+    login_as user
+    put :update, { :id => user.id, :user => {:admin => false} }
+    response.should redirect_to(admin_users_url)
+    flash[:error].should match(/cannot remove yourself from the admin role/i)
+    User.find(user.id).admin.should be_true
   end  
 end