3 require "minitest/mock"
5 class TracesControllerTest < ActionController::TestCase
7 @gpx_trace_dir = Object.send("remove_const", "GPX_TRACE_DIR")
8 Object.const_set("GPX_TRACE_DIR", Rails.root.join("test", "gpx", "traces"))
10 @gpx_image_dir = Object.send("remove_const", "GPX_IMAGE_DIR")
11 Object.const_set("GPX_IMAGE_DIR", Rails.root.join("test", "gpx", "images"))
15 File.unlink(*Dir.glob(File.join(GPX_TRACE_DIR, "*.gpx")))
16 File.unlink(*Dir.glob(File.join(GPX_IMAGE_DIR, "*.gif")))
18 Object.send("remove_const", "GPX_TRACE_DIR")
19 Object.const_set("GPX_TRACE_DIR", @gpx_trace_dir)
21 Object.send("remove_const", "GPX_IMAGE_DIR")
22 Object.const_set("GPX_IMAGE_DIR", @gpx_image_dir)
26 # test all routes which lead to this controller
29 { :path => "/api/0.6/gpx/create", :method => :post },
30 { :controller => "traces", :action => "api_create" }
33 { :path => "/api/0.6/gpx/1", :method => :get },
34 { :controller => "traces", :action => "api_read", :id => "1" }
37 { :path => "/api/0.6/gpx/1", :method => :put },
38 { :controller => "traces", :action => "api_update", :id => "1" }
41 { :path => "/api/0.6/gpx/1", :method => :delete },
42 { :controller => "traces", :action => "api_delete", :id => "1" }
45 { :controller => "traces", :action => "api_read", :id => "1" },
46 { :path => "/api/0.6/gpx/1/details", :method => :get }
49 { :path => "/api/0.6/gpx/1/data", :method => :get },
50 { :controller => "traces", :action => "api_data", :id => "1" }
53 { :path => "/api/0.6/gpx/1/data.xml", :method => :get },
54 { :controller => "traces", :action => "api_data", :id => "1", :format => "xml" }
58 { :path => "/traces", :method => :get },
59 { :controller => "traces", :action => "index" }
62 { :path => "/traces/page/1", :method => :get },
63 { :controller => "traces", :action => "index", :page => "1" }
66 { :path => "/traces/tag/tagname", :method => :get },
67 { :controller => "traces", :action => "index", :tag => "tagname" }
70 { :path => "/traces/tag/tagname/page/1", :method => :get },
71 { :controller => "traces", :action => "index", :tag => "tagname", :page => "1" }
74 { :path => "/user/username/traces", :method => :get },
75 { :controller => "traces", :action => "index", :display_name => "username" }
78 { :path => "/user/username/traces/page/1", :method => :get },
79 { :controller => "traces", :action => "index", :display_name => "username", :page => "1" }
82 { :path => "/user/username/traces/tag/tagname", :method => :get },
83 { :controller => "traces", :action => "index", :display_name => "username", :tag => "tagname" }
86 { :path => "/user/username/traces/tag/tagname/page/1", :method => :get },
87 { :controller => "traces", :action => "index", :display_name => "username", :tag => "tagname", :page => "1" }
91 { :path => "/traces/mine", :method => :get },
92 { :controller => "traces", :action => "mine" }
95 { :path => "/traces/mine/page/1", :method => :get },
96 { :controller => "traces", :action => "mine", :page => "1" }
99 { :path => "/traces/mine/tag/tagname", :method => :get },
100 { :controller => "traces", :action => "mine", :tag => "tagname" }
103 { :path => "/traces/mine/tag/tagname/page/1", :method => :get },
104 { :controller => "traces", :action => "mine", :tag => "tagname", :page => "1" }
108 { :path => "/traces/rss", :method => :get },
109 { :controller => "traces", :action => "georss", :format => :rss }
112 { :path => "/traces/tag/tagname/rss", :method => :get },
113 { :controller => "traces", :action => "georss", :tag => "tagname", :format => :rss }
116 { :path => "/user/username/traces/rss", :method => :get },
117 { :controller => "traces", :action => "georss", :display_name => "username", :format => :rss }
120 { :path => "/user/username/traces/tag/tagname/rss", :method => :get },
121 { :controller => "traces", :action => "georss", :display_name => "username", :tag => "tagname", :format => :rss }
125 { :path => "/user/username/traces/1", :method => :get },
126 { :controller => "traces", :action => "show", :display_name => "username", :id => "1" }
129 { :path => "/user/username/traces/1/picture", :method => :get },
130 { :controller => "traces", :action => "picture", :display_name => "username", :id => "1" }
133 { :path => "/user/username/traces/1/icon", :method => :get },
134 { :controller => "traces", :action => "icon", :display_name => "username", :id => "1" }
138 { :path => "/traces/new", :method => :get },
139 { :controller => "traces", :action => "new" }
142 { :path => "/traces", :method => :post },
143 { :controller => "traces", :action => "create" }
146 { :path => "/trace/1/data", :method => :get },
147 { :controller => "traces", :action => "data", :id => "1" }
150 { :path => "/trace/1/data.xml", :method => :get },
151 { :controller => "traces", :action => "data", :id => "1", :format => "xml" }
154 { :path => "/traces/1/edit", :method => :get },
155 { :controller => "traces", :action => "edit", :id => "1" }
158 { :path => "/traces/1", :method => :put },
159 { :controller => "traces", :action => "update", :id => "1" }
162 { :path => "/trace/1/delete", :method => :post },
163 { :controller => "traces", :action => "delete", :id => "1" }
167 # Check that the index of traces is displayed
170 # The fourth test below is surpisingly sensitive to timestamp ordering when the timestamps are equal.
171 trace_a = create(:trace, :visibility => "public", :timestamp => 4.seconds.ago) do |trace|
172 create(:tracetag, :trace => trace, :tag => "London")
174 trace_b = create(:trace, :visibility => "public", :timestamp => 3.seconds.ago) do |trace|
175 create(:tracetag, :trace => trace, :tag => "Birmingham")
177 trace_c = create(:trace, :visibility => "private", :user => user, :timestamp => 2.seconds.ago) do |trace|
178 create(:tracetag, :trace => trace, :tag => "London")
180 trace_d = create(:trace, :visibility => "private", :user => user, :timestamp => 1.second.ago) do |trace|
181 create(:tracetag, :trace => trace, :tag => "Birmingham")
184 # First with the public index
186 check_trace_index [trace_b, trace_a]
188 # Restrict traces to those with a given tag
189 get :index, :params => { :tag => "London" }
190 check_trace_index [trace_a]
192 # Should see more when we are logged in
193 get :index, :session => { :user => user }
194 check_trace_index [trace_d, trace_c, trace_b, trace_a]
196 # Again, we should see more when we are logged in
197 get :index, :params => { :tag => "London" }, :session => { :user => user }
198 check_trace_index [trace_c, trace_a]
201 # Check that I can get mine
204 create(:trace, :visibility => "public") do |trace|
205 create(:tracetag, :trace => trace, :tag => "Birmingham")
207 trace_b = create(:trace, :visibility => "private", :user => user) do |trace|
208 create(:tracetag, :trace => trace, :tag => "London")
211 # First try to get it when not logged in
213 assert_redirected_to :controller => "user", :action => "login", :referer => "/traces/mine"
215 # Now try when logged in
216 get :mine, :session => { :user => user }
217 assert_redirected_to :action => "index", :display_name => user.display_name
219 # Fetch the actual index
220 get :index, :params => { :display_name => user.display_name }, :session => { :user => user }
221 check_trace_index [trace_b]
224 # Check the index of traces for a specific user
227 second_user = create(:user)
228 third_user = create(:user)
230 trace_b = create(:trace, :visibility => "public", :user => user)
231 trace_c = create(:trace, :visibility => "private", :user => user) do |trace|
232 create(:tracetag, :trace => trace, :tag => "London")
235 # Test a user with no traces
236 get :index, :params => { :display_name => second_user.display_name }
239 # Test the user with the traces - should see only public ones
240 get :index, :params => { :display_name => user.display_name }
241 check_trace_index [trace_b]
243 # Should still see only public ones when authenticated as another user
244 get :index, :params => { :display_name => user.display_name }, :session => { :user => third_user }
245 check_trace_index [trace_b]
247 # Should see all traces when authenticated as the target user
248 get :index, :params => { :display_name => user.display_name }, :session => { :user => user }
249 check_trace_index [trace_c, trace_b]
251 # Should only see traces with the correct tag when a tag is specified
252 get :index, :params => { :display_name => user.display_name, :tag => "London" }, :session => { :user => user }
253 check_trace_index [trace_c]
255 # Should get an error if the user does not exist
256 get :index, :params => { :display_name => "UnknownUser" }
257 assert_response :not_found
258 assert_template "user/no_such_user"
261 # Check a multi-page index
263 # Create several pages worth of traces
264 create_list(:trace, 50)
266 # Try and get the index
268 assert_response :success
269 assert_select "table#trace_list tbody", :count => 1 do
270 assert_select "tr", :count => 20
273 # Try and get the second page
274 get :index, :params => { :page => 2 }
275 assert_response :success
276 assert_select "table#trace_list tbody", :count => 1 do
277 assert_select "tr", :count => 20
284 # The fourth test below is surpisingly sensitive to timestamp ordering when the timestamps are equal.
285 trace_a = create(:trace, :visibility => "public", :timestamp => 4.seconds.ago) do |trace|
286 create(:tracetag, :trace => trace, :tag => "London")
288 trace_b = create(:trace, :visibility => "public", :timestamp => 3.seconds.ago) do |trace|
289 create(:tracetag, :trace => trace, :tag => "Birmingham")
291 create(:trace, :visibility => "private", :user => user, :timestamp => 2.seconds.ago) do |trace|
292 create(:tracetag, :trace => trace, :tag => "London")
294 create(:trace, :visibility => "private", :user => user, :timestamp => 1.second.ago) do |trace|
295 create(:tracetag, :trace => trace, :tag => "Birmingham")
298 # First with the public feed
299 get :georss, :params => { :format => :rss }
300 check_trace_feed [trace_b, trace_a]
302 # Restrict traces to those with a given tag
303 get :georss, :params => { :tag => "London", :format => :rss }
304 check_trace_feed [trace_a]
307 # Check the RSS feed for a specific user
310 second_user = create(:user)
313 trace_b = create(:trace, :visibility => "public", :timestamp => 4.seconds.ago, :user => user)
314 trace_c = create(:trace, :visibility => "public", :timestamp => 3.seconds.ago, :user => user) do |trace|
315 create(:tracetag, :trace => trace, :tag => "London")
317 create(:trace, :visibility => "private")
319 # Test a user with no traces
320 get :georss, :params => { :display_name => second_user.display_name, :format => :rss }
323 # Test the user with the traces - should see only public ones
324 get :georss, :params => { :display_name => user.display_name, :format => :rss }
325 check_trace_feed [trace_c, trace_b]
327 # Should only see traces with the correct tag when a tag is specified
328 get :georss, :params => { :display_name => user.display_name, :tag => "London", :format => :rss }
329 check_trace_feed [trace_c]
331 # Should no traces if the user does not exist
332 get :georss, :params => { :display_name => "UnknownUser", :format => :rss }
336 # Test showing a trace
338 public_trace_file = create(:trace, :visibility => "public")
340 # First with no auth, which should work since the trace is public
341 get :show, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
342 check_trace_show public_trace_file
344 # Now with some other user, which should work since the trace is public
345 get :show, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
346 check_trace_show public_trace_file
348 # And finally we should be able to do it with the owner of the trace
349 get :show, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
350 check_trace_show public_trace_file
353 # Check an anonymous trace can't be viewed by another user
355 anon_trace_file = create(:trace, :visibility => "private")
358 get :show, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }
359 assert_response :redirect
360 assert_redirected_to :action => :index
362 # Now with some other user, which should not work since the trace is anon
363 get :show, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => create(:user) }
364 assert_response :redirect
365 assert_redirected_to :action => :index
367 # And finally we should be able to do it with the owner of the trace
368 get :show, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => anon_trace_file.user }
369 check_trace_show anon_trace_file
372 # Test showing a trace that doesn't exist
373 def test_show_not_found
374 deleted_trace_file = create(:trace, :deleted)
376 # First with a trace that has never existed
377 get :show, :params => { :display_name => create(:user).display_name, :id => 0 }
378 assert_response :redirect
379 assert_redirected_to :action => :index
381 # Now with a trace that has been deleted
382 get :show, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
383 assert_response :redirect
384 assert_redirected_to :action => :index
387 # Test downloading a trace
389 public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
391 # First with no auth, which should work since the trace is public
392 get :data, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
393 check_trace_data public_trace_file, "848caa72f2f456d1bd6a0fdf228aa1b9"
395 # Now with some other user, which should work since the trace is public
396 get :data, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
397 check_trace_data public_trace_file, "848caa72f2f456d1bd6a0fdf228aa1b9"
399 # And finally we should be able to do it with the owner of the trace
400 get :data, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
401 check_trace_data public_trace_file, "848caa72f2f456d1bd6a0fdf228aa1b9"
404 # Test downloading a compressed trace
405 def test_data_compressed
406 identifiable_trace_file = create(:trace, :visibility => "identifiable", :fixture => "d")
408 # First get the data as is
409 get :data, :params => { :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id }
410 check_trace_data identifiable_trace_file, "c6422a3d8750faae49ed70e7e8a51b93", "application/x-gzip", "gpx.gz"
412 # Now ask explicitly for XML format
413 get :data, :params => { :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "xml" }
414 check_trace_data identifiable_trace_file, "abd6675fdf3024a84fc0a1deac147c0d", "application/xml", "xml"
416 # Now ask explicitly for GPX format
417 get :data, :params => { :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "gpx" }
418 check_trace_data identifiable_trace_file, "abd6675fdf3024a84fc0a1deac147c0d"
421 # Check an anonymous trace can't be downloaded by another user
423 anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
426 get :data, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }
427 assert_response :not_found
429 # Now with some other user, which shouldn't work since the trace is anon
430 get :data, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => create(:user) }
431 assert_response :not_found
433 # And finally we should be able to do it with the owner of the trace
434 get :data, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => anon_trace_file.user }
435 check_trace_data anon_trace_file, "66179ca44f1e93d8df62e2b88cbea732"
438 # Test downloading a trace that doesn't exist
439 def test_data_not_found
440 deleted_trace_file = create(:trace, :deleted)
442 # First with a trace that has never existed
443 get :data, :params => { :display_name => create(:user).display_name, :id => 0 }
444 assert_response :not_found
446 # Now with a trace that has been deleted
447 get :data, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
448 assert_response :not_found
451 # Test downloading the picture for a trace
453 public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
455 # First with no auth, which should work since the trace is public
456 get :picture, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
457 check_trace_picture public_trace_file
459 # Now with some other user, which should work since the trace is public
460 get :picture, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
461 check_trace_picture public_trace_file
463 # And finally we should be able to do it with the owner of the trace
464 get :picture, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
465 check_trace_picture public_trace_file
468 # Check the picture for an anonymous trace can't be downloaded by another user
469 def test_picture_anon
470 anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
473 get :picture, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }
474 assert_response :forbidden
476 # Now with some other user, which shouldn't work since the trace is anon
477 get :picture, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => create(:user) }
478 assert_response :forbidden
480 # And finally we should be able to do it with the owner of the trace
481 get :picture, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => anon_trace_file.user }
482 check_trace_picture anon_trace_file
485 # Test downloading the picture for a trace that doesn't exist
486 def test_picture_not_found
487 deleted_trace_file = create(:trace, :deleted)
489 # First with a trace that has never existed
490 get :picture, :params => { :display_name => create(:user).display_name, :id => 0 }
491 assert_response :not_found
493 # Now with a trace that has been deleted
494 get :picture, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
495 assert_response :not_found
498 # Test downloading the icon for a trace
500 public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
502 # First with no auth, which should work since the trace is public
503 get :icon, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
504 check_trace_icon public_trace_file
506 # Now with some other user, which should work since the trace is public
507 get :icon, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
508 check_trace_icon public_trace_file
510 # And finally we should be able to do it with the owner of the trace
511 get :icon, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
512 check_trace_icon public_trace_file
515 # Check the icon for an anonymous trace can't be downloaded by another user
517 anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
520 get :icon, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }
521 assert_response :forbidden
523 # Now with some other user, which shouldn't work since the trace is anon
524 get :icon, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => create(:user) }
525 assert_response :forbidden
527 # And finally we should be able to do it with the owner of the trace
528 get :icon, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => anon_trace_file.user }
529 check_trace_icon anon_trace_file
532 # Test downloading the icon for a trace that doesn't exist
533 def test_icon_not_found
534 deleted_trace_file = create(:trace, :deleted)
536 # First with a trace that has never existed
537 get :icon, :params => { :display_name => create(:user).display_name, :id => 0 }
538 assert_response :not_found
540 # Now with a trace that has been deleted
541 get :icon, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
542 assert_response :not_found
545 # Test fetching the new trace page
549 assert_response :redirect
550 assert_redirected_to :controller => :user, :action => :login, :referer => new_trace_path
552 # Now authenticated as a user with gps.trace.visibility set
554 create(:user_preference, :user => user, :k => "gps.trace.visibility", :v => "identifiable")
555 get :new, :session => { :user => user }
556 assert_response :success
558 assert_select "select#trace_visibility option[value=identifiable][selected]", 1
560 # Now authenticated as a user with gps.trace.public set
561 second_user = create(:user)
562 create(:user_preference, :user => second_user, :k => "gps.trace.public", :v => "default")
563 get :new, :session => { :user => second_user }
564 assert_response :success
566 assert_select "select#trace_visibility option[value=public][selected]", 1
568 # Now authenticated as a user with no preferences
569 third_user = create(:user)
570 get :new, :session => { :user => third_user }
571 assert_response :success
573 assert_select "select#trace_visibility option[value=private][selected]", 1
576 # Test creating a trace
579 fixture = Rails.root.join("test", "gpx", "fixtures", "a.gpx")
580 file = Rack::Test::UploadedFile.new(fixture, "application/gpx+xml")
584 post :create, :params => { :trace => { :gpx_file => file, :description => "New Trace", :tagstring => "new,trace", :visibility => "trackable" } }
585 assert_response :forbidden
591 create(:user_preference, :user => user, :k => "gps.trace.visibility", :v => "identifiable")
592 assert_not_equal "trackable", user.preferences.where(:k => "gps.trace.visibility").first.v
593 post :create, :params => { :trace => { :gpx_file => file, :description => "New Trace", :tagstring => "new,trace", :visibility => "trackable" } }, :session => { :user => user }
594 assert_response :redirect
595 assert_redirected_to :action => :index, :display_name => user.display_name
596 assert_match /file has been uploaded/, flash[:notice]
597 trace = Trace.order(:id => :desc).first
598 assert_equal "a.gpx", trace.name
599 assert_equal "New Trace", trace.description
600 assert_equal %w[new trace], trace.tags.order(:tag).collect(&:tag)
601 assert_equal "trackable", trace.visibility
602 assert_equal false, trace.inserted
603 assert_equal File.new(fixture).read, File.new(trace.trace_name).read
605 assert_equal "trackable", user.preferences.where(:k => "gps.trace.visibility").first.v
608 # Test creating a trace with validation errors
609 def test_create_post_with_validation_errors
611 fixture = Rails.root.join("test", "gpx", "fixtures", "a.gpx")
612 file = Rack::Test::UploadedFile.new(fixture, "application/gpx+xml")
616 create(:user_preference, :user => user, :k => "gps.trace.visibility", :v => "identifiable")
617 assert_not_equal "trackable", user.preferences.where(:k => "gps.trace.visibility").first.v
618 post :create, :params => { :trace => { :gpx_file => file, :description => "", :tagstring => "new,trace", :visibility => "trackable" } }, :session => { :user => user }
620 assert_match "Description is too short (minimum is 1 character)", response.body
623 # Test fetching the edit page for a trace using GET
625 public_trace_file = create(:trace, :visibility => "public")
626 deleted_trace_file = create(:trace, :deleted)
629 get :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
630 assert_response :redirect
631 assert_redirected_to :controller => :user, :action => :login, :referer => edit_trace_path(:display_name => public_trace_file.user.display_name, :id => public_trace_file.id)
633 # Now with some other user, which should fail
634 get :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
635 assert_response :forbidden
637 # Now with a trace which doesn't exist
638 get :edit, :params => { :display_name => create(:user).display_name, :id => 0 }, :session => { :user => create(:user) }
639 assert_response :not_found
641 # Now with a trace which has been deleted
642 get :edit, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
643 assert_response :not_found
645 # Finally with a trace that we are allowed to edit
646 get :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
647 assert_response :success
650 # Test saving edits to a trace
652 public_trace_file = create(:trace, :visibility => "public")
653 deleted_trace_file = create(:trace, :deleted)
656 new_details = { :description => "Changed description", :tagstring => "new_tag", :visibility => "private" }
659 put :update, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id, :trace => new_details }
660 assert_response :forbidden
662 # Now with some other user, which should fail
663 put :update, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id, :trace => new_details }, :session => { :user => create(:user) }
664 assert_response :forbidden
666 # Now with a trace which doesn't exist
667 put :update, :params => { :display_name => create(:user).display_name, :id => 0 }, :session => { :user => create(:user), :trace => new_details }
668 assert_response :not_found
670 # Now with a trace which has been deleted
671 put :update, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id, :trace => new_details }, :session => { :user => deleted_trace_file.user }
672 assert_response :not_found
674 # Finally with a trace that we are allowed to edit
675 put :update, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id, :trace => new_details }, :session => { :user => public_trace_file.user }
676 assert_response :redirect
677 assert_redirected_to :action => :show, :display_name => public_trace_file.user.display_name
678 trace = Trace.find(public_trace_file.id)
679 assert_equal new_details[:description], trace.description
680 assert_equal new_details[:tagstring], trace.tagstring
681 assert_equal new_details[:visibility], trace.visibility
684 # Test deleting a trace
686 public_trace_file = create(:trace, :visibility => "public")
687 deleted_trace_file = create(:trace, :deleted)
690 post :delete, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
691 assert_response :forbidden
693 # Now with some other user, which should fail
694 post :delete, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
695 assert_response :forbidden
697 # Now with a trace which doesn't exist
698 post :delete, :params => { :display_name => create(:user).display_name, :id => 0 }, :session => { :user => create(:user) }
699 assert_response :not_found
701 # Now with a trace has already been deleted
702 post :delete, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
703 assert_response :not_found
705 # Now with a trace that we are allowed to delete
706 post :delete, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
707 assert_response :redirect
708 assert_redirected_to :action => :index, :display_name => public_trace_file.user.display_name
709 trace = Trace.find(public_trace_file.id)
710 assert_equal false, trace.visible
712 # Finally with a trace that is deleted by an admin
713 public_trace_file = create(:trace, :visibility => "public")
714 admin = create(:administrator_user)
716 post :delete, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => admin }
717 assert_response :redirect
718 assert_redirected_to :action => :index, :display_name => public_trace_file.user.display_name
719 trace = Trace.find(public_trace_file.id)
720 assert_equal false, trace.visible
723 # Check getting a specific trace through the api
725 public_trace_file = create(:trace, :visibility => "public")
728 get :api_read, :params => { :id => public_trace_file.id }
729 assert_response :unauthorized
731 # Now with some other user, which should work since the trace is public
732 basic_authorization create(:user).display_name, "test"
733 get :api_read, :params => { :id => public_trace_file.id }
734 assert_response :success
736 # And finally we should be able to do it with the owner of the trace
737 basic_authorization public_trace_file.user.display_name, "test"
738 get :api_read, :params => { :id => public_trace_file.id }
739 assert_response :success
742 # Check an anoymous trace can't be specifically fetched by another user
743 def test_api_read_anon
744 anon_trace_file = create(:trace, :visibility => "private")
747 get :api_read, :params => { :id => anon_trace_file.id }
748 assert_response :unauthorized
750 # Now try with another user, which shouldn't work since the trace is anon
751 basic_authorization create(:user).display_name, "test"
752 get :api_read, :params => { :id => anon_trace_file.id }
753 assert_response :forbidden
755 # And finally we should be able to get the trace details with the trace owner
756 basic_authorization anon_trace_file.user.display_name, "test"
757 get :api_read, :params => { :id => anon_trace_file.id }
758 assert_response :success
761 # Check the api details for a trace that doesn't exist
762 def test_api_read_not_found
763 deleted_trace_file = create(:trace, :deleted)
765 # Try first with no auth, as it should require it
766 get :api_read, :params => { :id => 0 }
767 assert_response :unauthorized
769 # Login, and try again
770 basic_authorization deleted_trace_file.user.display_name, "test"
771 get :api_read, :params => { :id => 0 }
772 assert_response :not_found
774 # Now try a trace which did exist but has been deleted
775 basic_authorization deleted_trace_file.user.display_name, "test"
776 get :api_read, :params => { :id => deleted_trace_file.id }
777 assert_response :not_found
780 # Test downloading a trace through the api
782 public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
785 get :api_data, :params => { :id => public_trace_file.id }
786 assert_response :unauthorized
788 # Now with some other user, which should work since the trace is public
789 basic_authorization create(:user).display_name, "test"
790 get :api_data, :params => { :id => public_trace_file.id }
791 check_trace_data public_trace_file, "848caa72f2f456d1bd6a0fdf228aa1b9"
793 # And finally we should be able to do it with the owner of the trace
794 basic_authorization public_trace_file.user.display_name, "test"
795 get :api_data, :params => { :id => public_trace_file.id }
796 check_trace_data public_trace_file, "848caa72f2f456d1bd6a0fdf228aa1b9"
799 # Test downloading a compressed trace through the api
800 def test_api_data_compressed
801 identifiable_trace_file = create(:trace, :visibility => "identifiable", :fixture => "d")
803 # Authenticate as the owner of the trace we will be using
804 basic_authorization identifiable_trace_file.user.display_name, "test"
806 # First get the data as is
807 get :api_data, :params => { :id => identifiable_trace_file.id }
808 check_trace_data identifiable_trace_file, "c6422a3d8750faae49ed70e7e8a51b93", "application/x-gzip", "gpx.gz"
810 # Now ask explicitly for XML format
811 get :api_data, :params => { :id => identifiable_trace_file.id, :format => "xml" }
812 check_trace_data identifiable_trace_file, "abd6675fdf3024a84fc0a1deac147c0d", "application/xml", "xml"
814 # Now ask explicitly for GPX format
815 get :api_data, :params => { :id => identifiable_trace_file.id, :format => "gpx" }
816 check_trace_data identifiable_trace_file, "abd6675fdf3024a84fc0a1deac147c0d"
819 # Check an anonymous trace can't be downloaded by another user through the api
820 def test_api_data_anon
821 anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
824 get :api_data, :params => { :id => anon_trace_file.id }
825 assert_response :unauthorized
827 # Now with some other user, which shouldn't work since the trace is anon
828 basic_authorization create(:user).display_name, "test"
829 get :api_data, :params => { :id => anon_trace_file.id }
830 assert_response :forbidden
832 # And finally we should be able to do it with the owner of the trace
833 basic_authorization anon_trace_file.user.display_name, "test"
834 get :api_data, :params => { :id => anon_trace_file.id }
835 check_trace_data anon_trace_file, "66179ca44f1e93d8df62e2b88cbea732"
838 # Test downloading a trace that doesn't exist through the api
839 def test_api_data_not_found
840 deleted_trace_file = create(:trace, :deleted)
842 # Try first with no auth, as it should require it
843 get :api_data, :params => { :id => 0 }
844 assert_response :unauthorized
846 # Login, and try again
847 basic_authorization create(:user).display_name, "test"
848 get :api_data, :params => { :id => 0 }
849 assert_response :not_found
851 # Now try a trace which did exist but has been deleted
852 basic_authorization deleted_trace_file.user.display_name, "test"
853 get :api_data, :params => { :id => deleted_trace_file.id }
854 assert_response :not_found
857 # Test creating a trace through the api
860 fixture = Rails.root.join("test", "gpx", "fixtures", "a.gpx")
861 file = Rack::Test::UploadedFile.new(fixture, "application/gpx+xml")
865 post :api_create, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable" }
866 assert_response :unauthorized
872 create(:user_preference, :user => user, :k => "gps.trace.visibility", :v => "identifiable")
873 assert_not_equal "trackable", user.preferences.where(:k => "gps.trace.visibility").first.v
874 basic_authorization user.display_name, "test"
875 post :api_create, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable" }
876 assert_response :success
877 trace = Trace.find(response.body.to_i)
878 assert_equal "a.gpx", trace.name
879 assert_equal "New Trace", trace.description
880 assert_equal %w[new trace], trace.tags.order(:tag).collect(&:tag)
881 assert_equal "trackable", trace.visibility
882 assert_equal false, trace.inserted
883 assert_equal File.new(fixture).read, File.new(trace.trace_name).read
885 assert_equal "trackable", user.preferences.where(:k => "gps.trace.visibility").first.v
890 # Now authenticated, with the legacy public flag
891 assert_not_equal "public", user.preferences.where(:k => "gps.trace.visibility").first.v
892 basic_authorization user.display_name, "test"
893 post :api_create, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :public => 1 }
894 assert_response :success
895 trace = Trace.find(response.body.to_i)
896 assert_equal "a.gpx", trace.name
897 assert_equal "New Trace", trace.description
898 assert_equal %w[new trace], trace.tags.order(:tag).collect(&:tag)
899 assert_equal "public", trace.visibility
900 assert_equal false, trace.inserted
901 assert_equal File.new(fixture).read, File.new(trace.trace_name).read
903 assert_equal "public", user.preferences.where(:k => "gps.trace.visibility").first.v
908 # Now authenticated, with the legacy private flag
909 second_user = create(:user)
910 assert_nil second_user.preferences.where(:k => "gps.trace.visibility").first
911 basic_authorization second_user.display_name, "test"
912 post :api_create, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :public => 0 }
913 assert_response :success
914 trace = Trace.find(response.body.to_i)
915 assert_equal "a.gpx", trace.name
916 assert_equal "New Trace", trace.description
917 assert_equal %w[new trace], trace.tags.order(:tag).collect(&:tag)
918 assert_equal "private", trace.visibility
919 assert_equal false, trace.inserted
920 assert_equal File.new(fixture).read, File.new(trace.trace_name).read
922 assert_equal "private", second_user.preferences.where(:k => "gps.trace.visibility").first.v
925 # Check updating a trace through the api
927 public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
928 deleted_trace_file = create(:trace, :deleted)
929 anon_trace_file = create(:trace, :visibility => "private")
932 content public_trace_file.to_xml
933 put :api_update, :params => { :id => public_trace_file.id }
934 assert_response :unauthorized
936 # Now with some other user, which should fail
937 basic_authorization create(:user).display_name, "test"
938 content public_trace_file.to_xml
939 put :api_update, :params => { :id => public_trace_file.id }
940 assert_response :forbidden
942 # Now with a trace which doesn't exist
943 basic_authorization create(:user).display_name, "test"
944 content public_trace_file.to_xml
945 put :api_update, :params => { :id => 0 }
946 assert_response :not_found
948 # Now with a trace which did exist but has been deleted
949 basic_authorization deleted_trace_file.user.display_name, "test"
950 content deleted_trace_file.to_xml
951 put :api_update, :params => { :id => deleted_trace_file.id }
952 assert_response :not_found
954 # Now try an update with the wrong ID
955 basic_authorization public_trace_file.user.display_name, "test"
956 content anon_trace_file.to_xml
957 put :api_update, :params => { :id => public_trace_file.id }
958 assert_response :bad_request,
959 "should not be able to update a trace with a different ID from the XML"
961 # And finally try an update that should work
962 basic_authorization public_trace_file.user.display_name, "test"
963 t = public_trace_file
964 t.description = "Changed description"
965 t.visibility = "private"
967 put :api_update, :params => { :id => t.id }
968 assert_response :success
969 nt = Trace.find(t.id)
970 assert_equal nt.description, t.description
971 assert_equal nt.visibility, t.visibility
974 # Test that updating a trace doesn't duplicate the tags
975 def test_api_update_tags
976 tracetag = create(:tracetag)
977 trace = tracetag.trace
978 basic_authorization trace.user.display_name, "test"
981 put :api_update, :params => { :id => trace.id }
982 assert_response :success
984 updated = Trace.find(trace.id)
985 # Ensure there's only one tag in the database after updating
986 assert_equal Tracetag.count, 1
987 # The new tag object might have a different id, so check the string representation
988 assert_equal trace.tagstring, updated.tagstring
991 # Check deleting a trace through the api
993 public_trace_file = create(:trace, :visibility => "public")
996 delete :api_delete, :params => { :id => public_trace_file.id }
997 assert_response :unauthorized
999 # Now with some other user, which should fail
1000 basic_authorization create(:user).display_name, "test"
1001 delete :api_delete, :params => { :id => public_trace_file.id }
1002 assert_response :forbidden
1004 # Now with a trace which doesn't exist
1005 basic_authorization create(:user).display_name, "test"
1006 delete :api_delete, :params => { :id => 0 }
1007 assert_response :not_found
1009 # And finally we should be able to do it with the owner of the trace
1010 basic_authorization public_trace_file.user.display_name, "test"
1011 delete :api_delete, :params => { :id => public_trace_file.id }
1012 assert_response :success
1014 # Try it a second time, which should fail
1015 basic_authorization public_trace_file.user.display_name, "test"
1016 delete :api_delete, :params => { :id => public_trace_file.id }
1017 assert_response :not_found
1022 def check_trace_feed(traces)
1023 assert_response :success
1024 assert_template "georss"
1025 assert_equal "application/rss+xml", @response.content_type
1026 assert_select "rss", :count => 1 do
1027 assert_select "channel", :count => 1 do
1028 assert_select "title"
1029 assert_select "description"
1030 assert_select "link"
1031 assert_select "image"
1032 assert_select "item", :count => traces.length do |items|
1033 traces.zip(items).each do |trace, item|
1034 assert_select item, "title", trace.name
1035 assert_select item, "link", "http://test.host/user/#{trace.user.display_name.gsub(' ', '%20')}/traces/#{trace.id}"
1036 assert_select item, "guid", "http://test.host/user/#{trace.user.display_name.gsub(' ', '%20')}/traces/#{trace.id}"
1037 assert_select item, "description"
1038 # assert_select item, "dc:creator", trace.user.display_name
1039 assert_select item, "pubDate", trace.timestamp.rfc822
1046 def check_trace_index(traces)
1047 assert_response :success
1048 assert_template "index"
1051 assert_select "table#trace_list tbody", :count => 1 do
1052 assert_select "tr", :count => traces.length do |rows|
1053 traces.zip(rows).each do |trace, row|
1054 assert_select row, "a", Regexp.new(Regexp.escape(trace.name))
1055 assert_select row, "span.trace_summary", Regexp.new(Regexp.escape("(#{trace.size} points)")) if trace.inserted?
1056 assert_select row, "td", Regexp.new(Regexp.escape(trace.description))
1057 assert_select row, "td", Regexp.new(Regexp.escape("by #{trace.user.display_name}"))
1062 assert_select "h4", /Nothing here yet/
1066 def check_trace_show(trace)
1067 assert_response :success
1068 assert_template "show"
1070 assert_select "table", :count => 1 do
1071 assert_select "td", /^#{Regexp.quote(trace.name)} /
1072 assert_select "td", trace.user.display_name
1073 assert_select "td", trace.description
1077 def check_trace_data(trace, digest, content_type = "application/gpx+xml", extension = "gpx")
1078 assert_response :success
1079 assert_equal digest, Digest::MD5.hexdigest(response.body)
1080 assert_equal content_type, response.content_type
1081 assert_equal "attachment; filename=\"#{trace.id}.#{extension}\"", @response.header["Content-Disposition"]
1084 def check_trace_picture(trace)
1085 assert_response :success
1086 assert_equal "image/gif", response.content_type
1087 assert_equal trace.large_picture, response.body
1090 def check_trace_icon(trace)
1091 assert_response :success
1092 assert_equal "image/gif", response.content_type
1093 assert_equal trace.icon_picture, response.body