4 use RT::Test tests => undef;
6 # A privileged user, but with no privs
7 my $bad = RT::Test->load_or_create_user(
9 EmailAddress => 'test@example.com',
10 Password => 'password',
12 ok( $bad, "Got a user object back" );
13 ok( $bad->id, "Successfully created a user" );
17 my $obj = RT::Test->load_or_create_custom_field(
23 my ($t) = RT::Test->create_tickets( {},
24 { Subject => 'Testing' }
26 ok($t->id, "Created a ticket");
29 my ($cfid) = $t->AddCustomFieldValue(
31 Value => "hidden-value"
33 ok($cfid, "Got CF id $cfid");
34 my $update_id = $t->Transactions->Last->Id;
36 # Somebody else shouldn't be able to see the old and new values
37 my ($base, $m) = RT::Test->started_ok;
38 $m->post_ok("$base/REST/1.0/transaction/$update_id", [
43 $m->content_lacks("hidden-value");
45 # Make a transaction on a user
46 my $root = RT::Test->load_or_create_user( Name => "root" );
47 $root->SetHomePhone("hidden-value");
48 $update_id = $root->Transactions->Last->Id;
50 # Which should also be hidden from random privileged users
51 $m->post_ok("$base/REST/1.0/transaction/$update_id", [
56 $m->content_lacks("hidden-value");