test/controllers/traces/pictures_controller_test.rb

   1 # frozen_string_literal: true
   2
   3 require "test_helper"
   4
   5 module Traces
   6   class PicturesControllerTest < ActionDispatch::IntegrationTest
   7     ##
   8     # test all routes which lead to this controller
   9     def test_routes
  10       assert_routing(
  11         { :path => "/user/username/traces/1/picture", :method => :get },
  12         { :controller => "traces/pictures", :action => "show", :display_name => "username", :trace_id => "1" }
  13       )
  14     end
  15
  16     # Test downloading the picture for a trace
  17     def test_show
  18       public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
  19
  20       # First with no auth, which should work since the trace is public
  21       get trace_picture_path(public_trace_file.user, public_trace_file)
  22       check_trace_picture public_trace_file
  23
  24       # Now with some other user, which should work since the trace is public
  25       session_for(create(:user))
  26       get trace_picture_path(public_trace_file.user, public_trace_file)
  27       check_trace_picture public_trace_file
  28
  29       # And finally we should be able to do it with the owner of the trace
  30       session_for(public_trace_file.user)
  31       get trace_picture_path(public_trace_file.user, public_trace_file)
  32       check_trace_picture public_trace_file
  33     end
  34
  35     # Check the picture for an anonymous trace can't be downloaded by another user
  36     def test_show_anon
  37       anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
  38
  39       # First with no auth
  40       get trace_picture_path(anon_trace_file.user, anon_trace_file)
  41       assert_response :forbidden
  42
  43       # Now with some other user, which shouldn't work since the trace is anon
  44       session_for(create(:user))
  45       get trace_picture_path(anon_trace_file.user, anon_trace_file)
  46       assert_response :forbidden
  47
  48       # And finally we should be able to do it with the owner of the trace
  49       session_for(anon_trace_file.user)
  50       get trace_picture_path(anon_trace_file.user, anon_trace_file)
  51       check_trace_picture anon_trace_file
  52     end
  53
  54     # Test downloading the picture for a trace that doesn't exist
  55     def test_show_not_found
  56       deleted_trace_file = create(:trace, :deleted)
  57
  58       # First with a trace that has never existed
  59       get trace_picture_path(create(:user), 0)
  60       assert_response :not_found
  61
  62       # Now with a trace that has been deleted
  63       session_for(deleted_trace_file.user)
  64       get trace_picture_path(deleted_trace_file.user, deleted_trace_file)
  65       assert_response :not_found
  66     end
  67
  68     private
  69
  70     def check_trace_picture(trace)
  71       follow_redirect!
  72       follow_redirect!
  73       assert_response :success
  74       assert_equal "image/gif", response.media_type
  75       assert_equal trace.large_picture, response.body
  76     end
  77   end
  78 end