test/controllers/traces/pictures_controller_test.rb

   1 require "test_helper"
   2
   3 module Traces
   4   class PicturesControllerTest < ActionDispatch::IntegrationTest
   5     ##
   6     # test all routes which lead to this controller
   7     def test_routes
   8       assert_routing(
   9         { :path => "/user/username/traces/1/picture", :method => :get },
  10         { :controller => "traces/pictures", :action => "show", :display_name => "username", :trace_id => "1" }
  11       )
  12     end
  13
  14     # Test downloading the picture for a trace
  15     def test_show
  16       public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
  17
  18       # First with no auth, which should work since the trace is public
  19       get trace_picture_path(public_trace_file.user, public_trace_file)
  20       check_trace_picture public_trace_file
  21
  22       # Now with some other user, which should work since the trace is public
  23       session_for(create(:user))
  24       get trace_picture_path(public_trace_file.user, public_trace_file)
  25       check_trace_picture public_trace_file
  26
  27       # And finally we should be able to do it with the owner of the trace
  28       session_for(public_trace_file.user)
  29       get trace_picture_path(public_trace_file.user, public_trace_file)
  30       check_trace_picture public_trace_file
  31     end
  32
  33     # Check the picture for an anonymous trace can't be downloaded by another user
  34     def test_show_anon
  35       anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
  36
  37       # First with no auth
  38       get trace_picture_path(anon_trace_file.user, anon_trace_file)
  39       assert_response :forbidden
  40
  41       # Now with some other user, which shouldn't work since the trace is anon
  42       session_for(create(:user))
  43       get trace_picture_path(anon_trace_file.user, anon_trace_file)
  44       assert_response :forbidden
  45
  46       # And finally we should be able to do it with the owner of the trace
  47       session_for(anon_trace_file.user)
  48       get trace_picture_path(anon_trace_file.user, anon_trace_file)
  49       check_trace_picture anon_trace_file
  50     end
  51
  52     # Test downloading the picture for a trace that doesn't exist
  53     def test_show_not_found
  54       deleted_trace_file = create(:trace, :deleted)
  55
  56       # First with a trace that has never existed
  57       get trace_picture_path(create(:user), 0)
  58       assert_response :not_found
  59
  60       # Now with a trace that has been deleted
  61       session_for(deleted_trace_file.user)
  62       get trace_picture_path(deleted_trace_file.user, deleted_trace_file)
  63       assert_response :not_found
  64     end
  65
  66     private
  67
  68     def check_trace_picture(trace)
  69       follow_redirect!
  70       follow_redirect!
  71       assert_response :success
  72       assert_equal "image/gif", response.media_type
  73       assert_equal trace.large_picture, response.body
  74     end
  75   end
  76 end