ff4c3c1f58e2863b2c9709ff1fb2c3478ad1ae10
Author: Phally
Date: 2009-08-06 12:17:16 +0200
diff --git a/plugins/users/controllers/messages_controller.php b/plugins/users/controllers/messages_controller.php
index dc4efba..9c4489d 100755
--- a/plugins/users/controllers/messages_controller.php
+++ b/plugins/users/controllers/messages_controller.php
@@ -4,8 +4,8 @@ class MessagesController extends UsersAppController {
public $components = array('Users.Messaging');
public function send($user_id = null) {
- if (!$user_id) {
- $this->redirect(array('controller' => 'users', 'action' => 'index'));
+ if (!$user_id || $user_id == $this->Auth->user('id')) {
+ $this->redirect(array('plugin' => 'users', 'controller' => 'users', 'action' => 'index'));
}
if ($this->data) {
diff --git a/plugins/users/tests/cases/controllers/messages_controller.test.php b/plugins/users/tests/cases/controllers/messages_controller.test.php
index 72ff68c..3c3db18 100644
--- a/plugins/users/tests/cases/controllers/messages_controller.test.php
+++ b/plugins/users/tests/cases/controllers/messages_controller.test.php
@@ -54,7 +54,22 @@ class MessagesControllerTestCase extends CakeTestCase {
$this->assertNull($this->Messages->redirectUrl, 'No redirects by Auth, user is logged in and has permission.');
$this->Messages->send();
- $this->assertEqual($this->Messages->redirectUrl, array('controller' => 'users', 'action' => 'index'), 'User redirected to member list');
+ $this->assertEqual($this->Messages->redirectUrl, array('plugin' => 'users', 'controller' => 'users', 'action' => 'index'), 'User redirected to member list');
+
+ }
+
+ public function testSendActionWithSelfAsRecipient() {
+ $url = '/users/messages/send/1';
+ $this->Messages->params = array_merge(Router::parse($url), array('url' => array('url' => $url)));
+ $this->Messages->Component->initialize($this->Messages);
+
+ $this->Messages->beforeFilter();
+ $this->Messages->Access->lazyLogin('Phally');
+ $this->Messages->Component->startup($this->Messages);
+ $this->assertNull($this->Messages->redirectUrl, 'No redirects by Auth, user is logged in and has permission.');
+ $this->Messages->send(1);
+
+ $this->assertEqual($this->Messages->redirectUrl, array('plugin' => 'users', 'controller' => 'users', 'action' => 'index'), 'User redirected to member list');
}
