diff --git a/app/controllers/epp/polls_controller.rb b/app/controllers/epp/polls_controller.rb
index 44f8afdc1..f9b4b70e2 100644
--- a/app/controllers/epp/polls_controller.rb
+++ b/app/controllers/epp/polls_controller.rb
@@ -1,7 +1,6 @@
class Epp::PollsController < EppController
- skip_authorization_check # TODO: move authorization under ability
-
def poll
+ authorize! :manage, :poll
req_poll if params[:parsed_frame].css('poll').first['op'] == 'req'
ack_poll if params[:parsed_frame].css('poll').first['op'] == 'ack'
end
diff --git a/test/fixtures/messages.yml b/test/fixtures/messages.yml
new file mode 100644
index 000000000..47cbdd0f2
--- /dev/null
+++ b/test/fixtures/messages.yml
@@ -0,0 +1,4 @@
+greeting:
+ body: Welcome!
+ queued: true
+ registrar: bestnames
diff --git a/test/integration/epp/poll_test.rb b/test/integration/epp/poll_test.rb
new file mode 100644
index 000000000..ba47a3df6
--- /dev/null
+++ b/test/integration/epp/poll_test.rb
@@ -0,0 +1,53 @@
+require 'test_helper'
+
+class EppPollTest < ActionDispatch::IntegrationTest
+ def setup
+ @session_id = epp_sessions(:api_bestnames).session_id
+ end
+
+ def test_messages
+ request_xml = <<-XML
+
+
+
+
+
+
+ XML
+
+ post '/epp/command/poll', { frame: request_xml }, { 'HTTP_COOKIE' => "session=#{@session_id}" }
+ assert Nokogiri::XML(response.body).at_css('result[code="1301"]')
+ assert_equal 1, Nokogiri::XML(response.body).css('msgQ').size
+ assert_equal 1, Nokogiri::XML(response.body).css('result').size
+ end
+
+ def test_no_messages
+ request_xml = <<-XML
+
+
+
+
+
+
+ XML
+
+ Message.delete_all
+ post '/epp/command/poll', { frame: request_xml }, { 'HTTP_COOKIE' => "session=#{@session_id}" }
+ assert Nokogiri::XML(response.body).at_css('result[code="1300"]')
+ assert_equal 1, Nokogiri::XML(response.body).css('result').size
+ end
+
+ def test_unauthenticated_user
+ request_xml = <<-XML
+
+
+
+
+
+
+ XML
+
+ post '/epp/command/poll', frame: request_xml
+ assert Nokogiri::XML(response.body).at_css('result[code="2201"]')
+ end
+end