]> git.openstreetmap.org Git - rails.git/blob - test/controllers/traces/pictures_controller_test.rb
Merge remote-tracking branch 'upstream/pull/4704'
[rails.git] / test / controllers / traces / pictures_controller_test.rb
1 require "test_helper"
2
3 module Traces
4   class PicturesControllerTest < ActionDispatch::IntegrationTest
5     ##
6     # test all routes which lead to this controller
7     def test_routes
8       assert_routing(
9         { :path => "/user/username/traces/1/picture", :method => :get },
10         { :controller => "traces/pictures", :action => "show", :display_name => "username", :trace_id => "1" }
11       )
12     end
13
14     # Test downloading the picture for a trace
15     def test_show
16       public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
17
18       # First with no auth, which should work since the trace is public
19       get trace_picture_path(public_trace_file.user, public_trace_file)
20       check_trace_picture public_trace_file
21
22       # Now with some other user, which should work since the trace is public
23       session_for(create(:user))
24       get trace_picture_path(public_trace_file.user, public_trace_file)
25       check_trace_picture public_trace_file
26
27       # And finally we should be able to do it with the owner of the trace
28       session_for(public_trace_file.user)
29       get trace_picture_path(public_trace_file.user, public_trace_file)
30       check_trace_picture public_trace_file
31     end
32
33     # Check the picture for an anonymous trace can't be downloaded by another user
34     def test_show_anon
35       anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
36
37       # First with no auth
38       get trace_picture_path(anon_trace_file.user, anon_trace_file)
39       assert_response :forbidden
40
41       # Now with some other user, which shouldn't work since the trace is anon
42       session_for(create(:user))
43       get trace_picture_path(anon_trace_file.user, anon_trace_file)
44       assert_response :forbidden
45
46       # And finally we should be able to do it with the owner of the trace
47       session_for(anon_trace_file.user)
48       get trace_picture_path(anon_trace_file.user, anon_trace_file)
49       check_trace_picture anon_trace_file
50     end
51
52     # Test downloading the picture for a trace that doesn't exist
53     def test_show_not_found
54       deleted_trace_file = create(:trace, :deleted)
55
56       # First with a trace that has never existed
57       get trace_picture_path(create(:user), 0)
58       assert_response :not_found
59
60       # Now with a trace that has been deleted
61       session_for(deleted_trace_file.user)
62       get trace_picture_path(deleted_trace_file.user, deleted_trace_file)
63       assert_response :not_found
64     end
65
66     private
67
68     def check_trace_picture(trace)
69       follow_redirect!
70       follow_redirect!
71       assert_response :success
72       assert_equal "image/gif", response.media_type
73       assert_equal trace.large_picture, response.body
74     end
75   end
76 end