The api_data action doesn't actually take the username as an
arguement and should be modelled on api_read rather than the
actions that handle web views.
public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
# First with no auth
public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
# First with no auth
- get :api_data, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+ get :api_data, :id => public_trace_file.id
assert_response :unauthorized
# Now with some other user, which should work since the trace is public
basic_authorization(create(:user).display_name, "test")
assert_response :unauthorized
# Now with some other user, which should work since the trace is public
basic_authorization(create(:user).display_name, "test")
- get :api_data, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+ get :api_data, :id => public_trace_file.id
check_trace_data public_trace_file
# And finally we should be able to do it with the owner of the trace
basic_authorization(public_trace_file.user.display_name, "test")
check_trace_data public_trace_file
# And finally we should be able to do it with the owner of the trace
basic_authorization(public_trace_file.user.display_name, "test")
- get :api_data, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+ get :api_data, :id => public_trace_file.id
check_trace_data public_trace_file
end
check_trace_data public_trace_file
end
basic_authorization(identifiable_trace_file.user.display_name, "test")
# First get the data as is
basic_authorization(identifiable_trace_file.user.display_name, "test")
# First get the data as is
- get :api_data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id
+ get :api_data, :id => identifiable_trace_file.id
check_trace_data identifiable_trace_file, "application/x-gzip", "gpx.gz"
# Now ask explicitly for XML format
check_trace_data identifiable_trace_file, "application/x-gzip", "gpx.gz"
# Now ask explicitly for XML format
- get :api_data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "xml"
+ get :api_data, :id => identifiable_trace_file.id, :format => "xml"
check_trace_data identifiable_trace_file, "application/xml", "xml"
# Now ask explicitly for GPX format
check_trace_data identifiable_trace_file, "application/xml", "xml"
# Now ask explicitly for GPX format
- get :api_data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "gpx"
+ get :api_data, :id => identifiable_trace_file.id, :format => "gpx"
check_trace_data identifiable_trace_file
end
check_trace_data identifiable_trace_file
end
anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
# First with no auth
anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
# First with no auth
- get :api_data, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id
+ get :api_data, :id => anon_trace_file.id
assert_response :unauthorized
# Now with some other user, which shouldn't work since the trace is anon
basic_authorization(create(:user).display_name, "test")
assert_response :unauthorized
# Now with some other user, which shouldn't work since the trace is anon
basic_authorization(create(:user).display_name, "test")
- get :api_data, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id
+ get :api_data, :id => anon_trace_file.id
assert_response :forbidden
# And finally we should be able to do it with the owner of the trace
basic_authorization(anon_trace_file.user.display_name, "test")
assert_response :forbidden
# And finally we should be able to do it with the owner of the trace
basic_authorization(anon_trace_file.user.display_name, "test")
- get :api_data, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id
+ get :api_data, :id => anon_trace_file.id
check_trace_data anon_trace_file
end
check_trace_data anon_trace_file
end
def test_api_data_not_found
deleted_trace_file = create(:trace, :deleted)
def test_api_data_not_found
deleted_trace_file = create(:trace, :deleted)
- # First with a trace that has never existed
- get :api_data, :display_name => create(:user).display_name, :id => 0
+ # Try first with no auth, as it should require it
+ get :api_data, :id => 0
assert_response :unauthorized
assert_response :unauthorized
- # Now with a trace that has been deleted
+ # Login, and try again
+ basic_authorization(create(:user).display_name, "test")
+ get :api_data, :id => 0
+ assert_response :not_found
+
+ # Now try a trace which did exist but has been deleted
basic_authorization(deleted_trace_file.user.display_name, "test")
basic_authorization(deleted_trace_file.user.display_name, "test")
- get :api_data, :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id
+ get :api_data, :id => deleted_trace_file.id
assert_response :not_found
end
assert_response :not_found
end