def test_view_not_found
deleted_trace_file = create(:trace, :deleted)
- # First with no auth
+ # First with a trace that has never existed
get :view, :display_name => create(:user).display_name, :id => 0
assert_response :redirect
assert_redirected_to :action => :list
- # Now with some other user
- get :view, { :display_name => create(:user).display_name, :id => 0 }, { :user => create(:user) }
- assert_response :redirect
- assert_redirected_to :action => :list
-
- # And finally we should not be able to view a deleted trace
+ # Now with a trace that has been deleted
get :view, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user }
assert_response :redirect
assert_redirected_to :action => :list
def test_data_not_found
deleted_trace_file = create(:trace, :deleted)
- # First with no auth and a trace that has never existed
+ # First with a trace that has never existed
get :data, :display_name => create(:user).display_name, :id => 0
assert_response :not_found
- # Now with a trace that has never existed
- get :data, { :display_name => create(:user).display_name, :id => 0 }, { :user => deleted_trace_file.user }
- assert_response :not_found
-
# Now with a trace that has been deleted
get :data, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user }
assert_response :not_found
# Test downloading the picture for a trace that doesn't exist
def test_picture_not_found
- # First with no auth, which should work since the trace is public
- get :picture, :display_name => create(:user).display_name, :id => 0
- assert_response :not_found
+ deleted_trace_file = create(:trace, :deleted)
- # Now with some other user, which should work since the trace is public
- get :picture, { :display_name => create(:user).display_name, :id => 0 }, { :user => create(:user) }
+ # First with a trace that has never existed
+ get :picture, :display_name => create(:user).display_name, :id => 0
assert_response :not_found
- # And finally we should not be able to do it with a deleted trace
- deleted_trace_file = create(:trace, :deleted)
+ # Now with a trace that has been deleted
get :picture, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user }
assert_response :not_found
end
# Test downloading the icon for a trace that doesn't exist
def test_icon_not_found
- # First with no auth
- get :icon, :display_name => create(:user).display_name, :id => 0
- assert_response :not_found
+ deleted_trace_file = create(:trace, :deleted)
- # Now with some other user
- get :icon, { :display_name => create(:user).display_name, :id => 0 }, { :user => create(:user) }
+ # First with a trace that has never existed
+ get :icon, :display_name => create(:user).display_name, :id => 0
assert_response :not_found
- # And finally we should not be able to do it with a deleted trace
- deleted_trace_file = create(:trace, :deleted)
+ # Now with a trace that has been deleted
get :icon, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user }
assert_response :not_found
end
public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
# First with no auth
- get :api_data, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+ get :api_data, :id => public_trace_file.id
assert_response :unauthorized
# Now with some other user, which should work since the trace is public
basic_authorization(create(:user).display_name, "test")
- get :api_data, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+ get :api_data, :id => public_trace_file.id
check_trace_data public_trace_file
# And finally we should be able to do it with the owner of the trace
basic_authorization(public_trace_file.user.display_name, "test")
- get :api_data, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+ get :api_data, :id => public_trace_file.id
check_trace_data public_trace_file
end
basic_authorization(identifiable_trace_file.user.display_name, "test")
# First get the data as is
- get :api_data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id
+ get :api_data, :id => identifiable_trace_file.id
check_trace_data identifiable_trace_file, "application/x-gzip", "gpx.gz"
# Now ask explicitly for XML format
- get :api_data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "xml"
+ get :api_data, :id => identifiable_trace_file.id, :format => "xml"
check_trace_data identifiable_trace_file, "application/xml", "xml"
# Now ask explicitly for GPX format
- get :api_data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "gpx"
+ get :api_data, :id => identifiable_trace_file.id, :format => "gpx"
check_trace_data identifiable_trace_file
end
anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
# First with no auth
- get :api_data, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id
+ get :api_data, :id => anon_trace_file.id
assert_response :unauthorized
# Now with some other user, which shouldn't work since the trace is anon
basic_authorization(create(:user).display_name, "test")
- get :api_data, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id
+ get :api_data, :id => anon_trace_file.id
assert_response :forbidden
# And finally we should be able to do it with the owner of the trace
basic_authorization(anon_trace_file.user.display_name, "test")
- get :api_data, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id
+ get :api_data, :id => anon_trace_file.id
check_trace_data anon_trace_file
end
# Test downloading a trace that doesn't exist through the api
def test_api_data_not_found
- # First with no auth
- get :api_data, :display_name => create(:user).display_name, :id => 0
+ deleted_trace_file = create(:trace, :deleted)
+
+ # Try first with no auth, as it should require it
+ get :api_data, :id => 0
assert_response :unauthorized
- # Now with a trace that has never existed
+ # Login, and try again
basic_authorization(create(:user).display_name, "test")
- get :api_data, :display_name => create(:user).display_name, :id => 0
+ get :api_data, :id => 0
assert_response :not_found
- # Now with a trace that has been deleted
- deleted_trace_file = create(:trace, :deleted)
+ # Now try a trace which did exist but has been deleted
basic_authorization(deleted_trace_file.user.display_name, "test")
- get :api_data, :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id
+ get :api_data, :id => deleted_trace_file.id
assert_response :not_found
end
projects / rails.git / blobdiff