test/functional/cms/sections_controller_test.rb in webficient-browsercms-3.0.1 vs test/functional/cms/sections_controller_test.rb in webficient-browsercms-3.0.2

@@ -11,10 +11,17 @@
     get :edit, :id => root_section.to_param
     assert_response :success
     assert_select "input[name=?][value=?]", "section[name]", root_section.name
   end
   
+  test "GET new should set the groups to the parent section's groups by default" do
+    @group = Factory(:group, :name => "Test", :group_type => Factory(:group_type, :name => "CMS User", :cms_access => true))
+    get :new, :section_id => root_section.to_param
+    assert_equal root_section.groups, assigns(:section).groups
+    assert !assigns(:section).groups.include?(@group)
+  end
+  
   def test_update
     @section = Factory(:section, :name => "V1", :parent => root_section)
     
     put :update, :id => @section.to_param, :section => {:name => "V2"}
     reset(:section)
@@ -113,49 +120,68 @@
     get :new, :section_id => @editable_section
     assert_response :success
 
     get :new, :section_id => @noneditable_section
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
+  
+  test "POST create should set the groups to the parent section's groups for non-admin user" do
+    @group = Factory(:group, :name => "Test", :group_type => Factory(:group_type, :name => "CMS User", :cms_access => true))
+    login_as(@user)
+    get :new, :section_id => @editable_section
+    assert_equal @editable_section.groups, assigns(:section).groups
+    assert !assigns(:section).groups.include?(@group)
+  end
 
   def test_create_permissions
     login_as(@user)
 
     post :create, :section_id => @editable_section, :name => "Another editable subsection"
     assert_response :success
 
     post :create, :section_id => @noneditable_section, :name => "Another non-editable subsection"
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 
   def test_edit_permissions
     login_as(@user)
 
     get :edit, :id => @editable_section
     assert_response :success
 
     get :edit, :id => @noneditable_section
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 
   def test_update_permissions
     login_as(@user)
 
     put :update, :id => @editable_section, :name => "Modified editable subsection"
     assert_response :redirect
 
     put :update, :id => @noneditable_section, :name => "Modified non-editable subsection"
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
+  
+  test "PUT update should set the groups to the parent section's groups for non-admin user" do
+    @group = Factory(:group, :name => "Test", :group_type => Factory(:group_type, :name => "CMS User", :cms_access => true))
+    login_as(@user)
+    put :update, :id => @editable_subsection
+    assert_equal @editable_section.groups, assigns(:section).groups
+    assert !assigns(:section).groups.include?(@group)
+  end
 
   def test_destroy_permissions
     login_as(@user)
 
     delete :destroy, :id => @editable_section
     assert_response :redirect
 
     delete :destroy, :id => @noneditable_section
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
-end
-
-
+end
\ No newline at end of file