_save = array($_POST, $_SERVER); $_SERVER["HTTP_REFERER"] = "HTTP_REFERER"; } public function teardown() { list($_POST, $_SERVER) = $this->_save; if (isset($this->_album)) { $this->_album->delete(); } } public function change_album_test() { $controller = new Albums_Controller(); $root = ORM::factory("item", 1); $this->_album = album::create($root, "test", "test", "test"); $orig_name = $this->_album->name; $_POST["dirname"] = "test"; $_POST["name"] = "new name"; $_POST["title"] = "new title"; $_POST["description"] = "new description"; $_POST["column"] = "weight"; $_POST["direction"] = "ASC"; $_POST["csrf"] = access::csrf_token(); $_POST["slug"] = "new-name"; access::allow(identity::everybody(), "edit", $root); ob_start(); $controller->update($this->_album->id); $this->_album->reload(); $results = ob_get_contents(); ob_end_clean(); $this->assert_equal( json_encode(array("result" => "success", "location" => "HTTP_REFERER")), $results); $this->assert_equal("new title", $this->_album->title); $this->assert_equal("new description", $this->_album->description); // We don't change the name, yet. $this->assert_equal($orig_name, $this->_album->name); } public function change_album_no_csrf_fails_test() { $controller = new Albums_Controller(); $root = ORM::factory("item", 1); $this->_album = album::create($root, "test", "test", "test"); $_POST["name"] = "new name"; $_POST["title"] = "new title"; $_POST["description"] = "new description"; access::allow(identity::everybody(), "edit", $root); try { $controller->_update($this->_album); $this->assert_true(false, "This should fail"); } catch (Exception $e) { // pass } } }