+ assert_redirected_to :controller => :user, :action => :login, :referer => trace_edit_path(:display_name => users(:normal_user).display_name, :id => public_trace_file.id)
+
+ # Now with some other user, which should fail
+ get :edit, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:public_user) }
+ assert_response :forbidden
+
+ # Now with a trace which doesn't exist
+ get :edit, { :display_name => users(:public_user).display_name, :id => 0 }, { :user => users(:public_user) }
+ assert_response :not_found
+
+ # Now with a trace which has been deleted
+ get :edit, { :display_name => users(:public_user).display_name, :id => deleted_trace_file.id }, { :user => users(:public_user) }
+ assert_response :not_found
+
+ # Finally with a trace that we are allowed to edit
+ get :edit, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:normal_user) }
+ assert_response :success
+ end
+
+ # Test fetching the edit page for a trace using POST
+ def test_edit_post_no_details
+ public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
+ deleted_trace_file = create(:trace, :deleted, :user => users(:public_user))
+
+ # First with no auth
+ post :edit, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
+ assert_response :forbidden