4 class TracesControllerTest < ActionDispatch::IntegrationTest
6 # test all routes which lead to this controller
9 { :path => "/api/0.6/gpx", :method => :post },
10 { :controller => "api/traces", :action => "create" }
13 { :controller => "api/traces", :action => "create" },
14 { :path => "/api/0.6/gpx/create", :method => :post }
17 { :path => "/api/0.6/gpx/1", :method => :get },
18 { :controller => "api/traces", :action => "show", :id => "1" }
21 { :path => "/api/0.6/gpx/1", :method => :put },
22 { :controller => "api/traces", :action => "update", :id => "1" }
25 { :path => "/api/0.6/gpx/1", :method => :delete },
26 { :controller => "api/traces", :action => "destroy", :id => "1" }
29 { :controller => "api/traces", :action => "show", :id => "1" },
30 { :path => "/api/0.6/gpx/1/details", :method => :get }
34 # Check getting a specific trace through the api
36 public_trace_file = create(:trace, :visibility => "public")
39 get api_trace_path(public_trace_file)
40 assert_response :unauthorized
42 # Now with some other user, which should work since the trace is public
43 auth_header = bearer_authorization_header
44 get api_trace_path(public_trace_file), :headers => auth_header
45 assert_response :success
47 # And finally we should be able to do it with the owner of the trace
48 auth_header = bearer_authorization_header public_trace_file.user
49 get api_trace_path(public_trace_file), :headers => auth_header
50 assert_response :success
51 assert_select "gpx_file[id='#{public_trace_file.id}'][uid='#{public_trace_file.user.id}']", 1
54 # Check an anonymous trace can't be specifically fetched by another user
56 anon_trace_file = create(:trace, :visibility => "private")
59 get api_trace_path(anon_trace_file)
60 assert_response :unauthorized
62 # Now try with another user, which shouldn't work since the trace is anon
63 auth_header = bearer_authorization_header
64 get api_trace_path(anon_trace_file), :headers => auth_header
65 assert_response :forbidden
67 # And finally we should be able to get the trace details with the trace owner
68 auth_header = bearer_authorization_header anon_trace_file.user
69 get api_trace_path(anon_trace_file), :headers => auth_header
70 assert_response :success
73 # Check the api details for a trace that doesn't exist
74 def test_show_not_found
75 deleted_trace_file = create(:trace, :deleted)
77 # Try first with no auth, as it should require it
78 get api_trace_path(:id => 0)
79 assert_response :unauthorized
81 # Login, and try again
82 auth_header = bearer_authorization_header deleted_trace_file.user
83 get api_trace_path(:id => 0), :headers => auth_header
84 assert_response :not_found
86 # Now try a trace which did exist but has been deleted
87 auth_header = bearer_authorization_header deleted_trace_file.user
88 get api_trace_path(deleted_trace_file), :headers => auth_header
89 assert_response :not_found
92 # Test creating a trace through the api
95 fixture = Rails.root.join("test/gpx/fixtures/a.gpx")
96 file = Rack::Test::UploadedFile.new(fixture, "application/gpx+xml")
100 post api_traces_path, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable" }
101 assert_response :unauthorized
107 create(:user_preference, :user => user, :k => "gps.trace.visibility", :v => "identifiable")
108 assert_not_equal "trackable", user.preferences.find_by(:k => "gps.trace.visibility").v
110 auth_header = bearer_authorization_header user
112 # Create trace and import tracepoints in background job
113 perform_enqueued_jobs do
114 post api_traces_path, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable" }, :headers => auth_header
117 assert_response :success
119 trace = Trace.find(response.body.to_i)
120 assert_equal "a.gpx", trace.name
121 assert_equal "New Trace", trace.description
122 assert_equal %w[new trace], trace.tags.order(:tag).collect(&:tag)
123 assert_equal "trackable", trace.visibility
124 assert trace.inserted
125 assert_equal File.new(fixture).read, trace.file.blob.download
127 # Validate tracepoints
128 assert_equal 1, trace.points.size
129 tp = trace.points.first
130 assert_equal 10000000, tp.latitude
131 assert_equal 10000000, tp.longitude
132 assert_equal 3221331576, tp.tile
133 assert_equal 0, tp.trackid
134 assert_in_delta(134.0, tp.altitude)
135 assert_equal DateTime.parse("2008-10-01T10:10:10.000Z"), tp.timestamp
138 assert_equal "trackable", user.preferences.find_by(:k => "gps.trace.visibility").v
143 # Now authenticated, with the legacy public flag
144 assert_not_equal "public", user.preferences.find_by(:k => "gps.trace.visibility").v
145 auth_header = bearer_authorization_header user
146 post api_traces_path, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :public => 1 }, :headers => auth_header
147 assert_response :success
148 trace = Trace.find(response.body.to_i)
149 assert_equal "a.gpx", trace.name
150 assert_equal "New Trace", trace.description
151 assert_equal %w[new trace], trace.tags.order(:tag).collect(&:tag)
152 assert_equal "public", trace.visibility
153 assert_not trace.inserted
154 assert_equal File.new(fixture).read, trace.file.blob.download
156 assert_equal "public", user.preferences.find_by(:k => "gps.trace.visibility").v
161 # Now authenticated, with the legacy private flag
162 second_user = create(:user)
163 assert_nil second_user.preferences.find_by(:k => "gps.trace.visibility")
164 auth_header = bearer_authorization_header second_user
165 post api_traces_path, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :public => 0 }, :headers => auth_header
166 assert_response :success
167 trace = Trace.find(response.body.to_i)
168 assert_equal "a.gpx", trace.name
169 assert_equal "New Trace", trace.description
170 assert_equal %w[new trace], trace.tags.order(:tag).collect(&:tag)
171 assert_equal "private", trace.visibility
172 assert_not trace.inserted
173 assert_equal File.new(fixture).read, trace.file.blob.download
175 assert_equal "private", second_user.preferences.find_by(:k => "gps.trace.visibility").v
178 # Check updating a trace through the api
180 public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
181 deleted_trace_file = create(:trace, :deleted)
182 anon_trace_file = create(:trace, :visibility => "private")
185 put api_trace_path(public_trace_file), :params => create_trace_xml(public_trace_file)
186 assert_response :unauthorized
188 # Now with some other user, which should fail
189 auth_header = bearer_authorization_header
190 put api_trace_path(public_trace_file), :params => create_trace_xml(public_trace_file), :headers => auth_header
191 assert_response :forbidden
193 # Now with a trace which doesn't exist
194 auth_header = bearer_authorization_header
195 put api_trace_path(:id => 0), :params => create_trace_xml(public_trace_file), :headers => auth_header
196 assert_response :not_found
198 # Now with a trace which did exist but has been deleted
199 auth_header = bearer_authorization_header deleted_trace_file.user
200 put api_trace_path(deleted_trace_file), :params => create_trace_xml(deleted_trace_file), :headers => auth_header
201 assert_response :not_found
203 # Now try an update with the wrong ID
204 auth_header = bearer_authorization_header public_trace_file.user
205 put api_trace_path(public_trace_file), :params => create_trace_xml(anon_trace_file), :headers => auth_header
206 assert_response :bad_request,
207 "should not be able to update a trace with a different ID from the XML"
209 # And finally try an update that should work
210 auth_header = bearer_authorization_header public_trace_file.user
211 t = public_trace_file
212 t.description = "Changed description"
213 t.visibility = "private"
214 put api_trace_path(t), :params => create_trace_xml(t), :headers => auth_header
215 assert_response :success
216 nt = Trace.find(t.id)
217 assert_equal nt.description, t.description
218 assert_equal nt.visibility, t.visibility
221 # Test that updating a trace doesn't duplicate the tags
223 tracetag = create(:tracetag)
224 trace = tracetag.trace
225 auth_header = bearer_authorization_header trace.user
227 put api_trace_path(trace), :params => create_trace_xml(trace), :headers => auth_header
228 assert_response :success
230 updated = Trace.find(trace.id)
231 # Ensure there's only one tag in the database after updating
232 assert_equal(1, Tracetag.count)
233 # The new tag object might have a different id, so check the string representation
234 assert_equal trace.tagstring, updated.tagstring
237 # Check deleting a trace through the api
239 public_trace_file = create(:trace, :visibility => "public")
242 delete api_trace_path(public_trace_file)
243 assert_response :unauthorized
245 # Now with some other user, which should fail
246 auth_header = bearer_authorization_header
247 delete api_trace_path(public_trace_file), :headers => auth_header
248 assert_response :forbidden
250 # Now with a trace which doesn't exist
251 auth_header = bearer_authorization_header
252 delete api_trace_path(:id => 0), :headers => auth_header
253 assert_response :not_found
255 # And finally we should be able to do it with the owner of the trace
256 auth_header = bearer_authorization_header public_trace_file.user
257 delete api_trace_path(public_trace_file), :headers => auth_header
258 assert_response :success
260 # Try it a second time, which should fail
261 auth_header = bearer_authorization_header public_trace_file.user
262 delete api_trace_path(public_trace_file), :headers => auth_header
263 assert_response :not_found
269 # build XML for traces
270 # this builds a minimum viable XML for the tests in this suite
271 def create_trace_xml(trace)
272 root = XML::Document.new
273 root.root = XML::Node.new "osm"
274 trc = XML::Node.new "gpx_file"
275 trc["id"] = trace.id.to_s
276 trc["visibility"] = trace.visibility
277 trc["visible"] = trace.visible.to_s
278 desc = XML::Node.new "description"
279 desc << trace.description
281 trace.tags.each do |tag|
282 t = XML::Node.new "tag"
projects / rails.git / blob