+ assert_redirected_to :controller => :user, :action => :login, :referer => trace_edit_path(:display_name => public_trace_file.user.display_name, :id => public_trace_file.id)
+
+ # Now with some other user, which should fail
+ get :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
+ assert_response :forbidden
+
+ # Now with a trace which doesn't exist
+ get :edit, :params => { :display_name => create(:user).display_name, :id => 0 }, :session => { :user => create(:user) }
+ assert_response :not_found
+
+ # Now with a trace which has been deleted
+ get :edit, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
+ assert_response :not_found
+
+ # Finally with a trace that we are allowed to edit
+ get :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
+ assert_response :success
+ end
+
+ # Test fetching the edit page for a trace using POST
+ def test_edit_post_no_details
+ public_trace_file = create(:trace, :visibility => "public")
+ deleted_trace_file = create(:trace, :deleted)
+
+ # First with no auth
+ post :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
+ assert_response :forbidden