+ response = self.app.get(url_for(controller='spend',
+ action='delete',
+ id=e.id))
+ response = response.form.submit('delete').follow()
+ response.mustcontain('Expenditure', 'deleted')
+
+ def test_delete_nonexistent(self):
+ self.app.get(url_for(controller='spend',
+ action='delete',
+ id=124344),
+ status=404)
+
+ def test_destroy_nonexistent(self):
+ response = self.app.get(url_for(controller='spend',
+ action='edit'))
+ params = self.sample_params.copy()
+ params[token_key] = response.form[token_key].value
+ self.app.post(url_for(controller='spend',
+ action='destroy',
+ id=124344),
+ params=params,
+ status=404)
+
+ def test_delete_xsrf_protection(self):
+ self.app.post(url_for(controller='spend',
+ action='destroy',
+ id=1),
+ params={'delete': 'Delete'},
+ status=403)
+