X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/18c25b620b1d393c84411f8c2d8695dea8e9902a..8da385e0db1d56a5cfc1d7355960f43ab8958927:/test/controllers/trace_controller_test.rb diff --git a/test/controllers/trace_controller_test.rb b/test/controllers/trace_controller_test.rb index 8390b6e67..bbd26bf27 100644 --- a/test/controllers/trace_controller_test.rb +++ b/test/controllers/trace_controller_test.rb @@ -322,17 +322,12 @@ class TraceControllerTest < ActionController::TestCase def test_view_not_found deleted_trace_file = create(:trace, :deleted) - # First with no auth + # First with a trace that has never existed get :view, :display_name => create(:user).display_name, :id => 0 assert_response :redirect assert_redirected_to :action => :list - # Now with some other user - get :view, { :display_name => create(:user).display_name, :id => 0 }, { :user => create(:user) } - assert_response :redirect - assert_redirected_to :action => :list - - # And finally we should not be able to view a deleted trace + # Now with a trace that has been deleted get :view, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user } assert_response :redirect assert_redirected_to :action => :list @@ -393,14 +388,10 @@ class TraceControllerTest < ActionController::TestCase def test_data_not_found deleted_trace_file = create(:trace, :deleted) - # First with no auth and a trace that has never existed + # First with a trace that has never existed get :data, :display_name => create(:user).display_name, :id => 0 assert_response :not_found - # Now with a trace that has never existed - get :data, { :display_name => create(:user).display_name, :id => 0 }, { :user => deleted_trace_file.user } - assert_response :not_found - # Now with a trace that has been deleted get :data, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user } assert_response :not_found @@ -442,16 +433,13 @@ class TraceControllerTest < ActionController::TestCase # Test downloading the picture for a trace that doesn't exist def test_picture_not_found - # First with no auth, which should work since the trace is public - get :picture, :display_name => create(:user).display_name, :id => 0 - assert_response :not_found + deleted_trace_file = create(:trace, :deleted) - # Now with some other user, which should work since the trace is public - get :picture, { :display_name => create(:user).display_name, :id => 0 }, { :user => create(:user) } + # First with a trace that has never existed + get :picture, :display_name => create(:user).display_name, :id => 0 assert_response :not_found - # And finally we should not be able to do it with a deleted trace - deleted_trace_file = create(:trace, :deleted) + # Now with a trace that has been deleted get :picture, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user } assert_response :not_found end @@ -492,16 +480,13 @@ class TraceControllerTest < ActionController::TestCase # Test downloading the icon for a trace that doesn't exist def test_icon_not_found - # First with no auth - get :icon, :display_name => create(:user).display_name, :id => 0 - assert_response :not_found + deleted_trace_file = create(:trace, :deleted) - # Now with some other user - get :icon, { :display_name => create(:user).display_name, :id => 0 }, { :user => create(:user) } + # First with a trace that has never existed + get :icon, :display_name => create(:user).display_name, :id => 0 assert_response :not_found - # And finally we should not be able to do it with a deleted trace - deleted_trace_file = create(:trace, :deleted) + # Now with a trace that has been deleted get :icon, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user } assert_response :not_found end @@ -744,17 +729,17 @@ class TraceControllerTest < ActionController::TestCase public_trace_file = create(:trace, :visibility => "public", :fixture => "a") # First with no auth - get :api_data, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id + get :api_data, :id => public_trace_file.id assert_response :unauthorized # Now with some other user, which should work since the trace is public basic_authorization(create(:user).display_name, "test") - get :api_data, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id + get :api_data, :id => public_trace_file.id check_trace_data public_trace_file # And finally we should be able to do it with the owner of the trace basic_authorization(public_trace_file.user.display_name, "test") - get :api_data, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id + get :api_data, :id => public_trace_file.id check_trace_data public_trace_file end @@ -766,15 +751,15 @@ class TraceControllerTest < ActionController::TestCase basic_authorization(identifiable_trace_file.user.display_name, "test") # First get the data as is - get :api_data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id + get :api_data, :id => identifiable_trace_file.id check_trace_data identifiable_trace_file, "application/x-gzip", "gpx.gz" # Now ask explicitly for XML format - get :api_data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "xml" + get :api_data, :id => identifiable_trace_file.id, :format => "xml" check_trace_data identifiable_trace_file, "application/xml", "xml" # Now ask explicitly for GPX format - get :api_data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "gpx" + get :api_data, :id => identifiable_trace_file.id, :format => "gpx" check_trace_data identifiable_trace_file end @@ -783,35 +768,36 @@ class TraceControllerTest < ActionController::TestCase anon_trace_file = create(:trace, :visibility => "private", :fixture => "b") # First with no auth - get :api_data, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id + get :api_data, :id => anon_trace_file.id assert_response :unauthorized # Now with some other user, which shouldn't work since the trace is anon basic_authorization(create(:user).display_name, "test") - get :api_data, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id + get :api_data, :id => anon_trace_file.id assert_response :forbidden # And finally we should be able to do it with the owner of the trace basic_authorization(anon_trace_file.user.display_name, "test") - get :api_data, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id + get :api_data, :id => anon_trace_file.id check_trace_data anon_trace_file end # Test downloading a trace that doesn't exist through the api def test_api_data_not_found - # First with no auth - get :api_data, :display_name => create(:user).display_name, :id => 0 + deleted_trace_file = create(:trace, :deleted) + + # Try first with no auth, as it should require it + get :api_data, :id => 0 assert_response :unauthorized - # Now with a trace that has never existed + # Login, and try again basic_authorization(create(:user).display_name, "test") - get :api_data, :display_name => create(:user).display_name, :id => 0 + get :api_data, :id => 0 assert_response :not_found - # Now with a trace that has been deleted - deleted_trace_file = create(:trace, :deleted) + # Now try a trace which did exist but has been deleted basic_authorization(deleted_trace_file.user.display_name, "test") - get :api_data, :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id + get :api_data, :id => deleted_trace_file.id assert_response :not_found end