Move trace pictures/icons into their own controllers

[rails.git] / test / controllers / traces / pictures_controller_test.rb

diff --git a/test/controllers/traces/pictures_controller_test.rb b/test/controllers/traces/pictures_controller_test.rb
new file mode 100644 (file)
index 0000000..3bc531c
--- /dev/null
+++ b/test/controllers/traces/pictures_controller_test.rb
@@ -0,0 +1,76 @@
+require "test_helper"
+
+module Api
+  class PicturesControllerTest < ActionDispatch::IntegrationTest
+    ##
+    # test all routes which lead to this controller
+    def test_routes
+      assert_routing(
+        { :path => "/user/username/traces/1/picture", :method => :get },
+        { :controller => "traces/pictures", :action => "show", :display_name => "username", :trace_id => "1" }
+      )
+    end
+
+    # Test downloading the picture for a trace
+    def test_show
+      public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
+
+      # First with no auth, which should work since the trace is public
+      get trace_picture_path(public_trace_file.user, public_trace_file)
+      check_trace_picture public_trace_file
+
+      # Now with some other user, which should work since the trace is public
+      session_for(create(:user))
+      get trace_picture_path(public_trace_file.user, public_trace_file)
+      check_trace_picture public_trace_file
+
+      # And finally we should be able to do it with the owner of the trace
+      session_for(public_trace_file.user)
+      get trace_picture_path(public_trace_file.user, public_trace_file)
+      check_trace_picture public_trace_file
+    end
+
+    # Check the picture for an anonymous trace can't be downloaded by another user
+    def test_show_anon
+      anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
+
+      # First with no auth
+      get trace_picture_path(anon_trace_file.user, anon_trace_file)
+      assert_response :forbidden
+
+      # Now with some other user, which shouldn't work since the trace is anon
+      session_for(create(:user))
+      get trace_picture_path(anon_trace_file.user, anon_trace_file)
+      assert_response :forbidden
+
+      # And finally we should be able to do it with the owner of the trace
+      session_for(anon_trace_file.user)
+      get trace_picture_path(anon_trace_file.user, anon_trace_file)
+      check_trace_picture anon_trace_file
+    end
+
+    # Test downloading the picture for a trace that doesn't exist
+    def test_show_not_found
+      deleted_trace_file = create(:trace, :deleted)
+
+      # First with a trace that has never existed
+      get trace_picture_path(create(:user), 0)
+      assert_response :not_found
+
+      # Now with a trace that has been deleted
+      session_for(deleted_trace_file.user)
+      get trace_picture_path(deleted_trace_file.user, deleted_trace_file)
+      assert_response :not_found
+    end
+
+    private
+
+    def check_trace_picture(trace)
+      follow_redirect!
+      follow_redirect!
+      assert_response :success
+      assert_equal "image/gif", response.media_type
+      assert_equal trace.large_picture, response.body
+    end
+  end
+end