+ # Now with a trace that has been deleted
+ get :data, { :display_name => users(:public_user).display_name, :id => deleted_trace_file.id }, { :user => users(:public_user).id }
+ assert_response :not_found
+ end
+
+ # Test downloading the picture for a trace
+ def test_picture
+ public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user), :fixture => "a")
+
+ # First with no auth, which should work since the trace is public
+ get :picture, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
+ check_trace_picture public_trace_file
+
+ # Now with some other user, which should work since the trace is public
+ get :picture, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:public_user).id }
+ check_trace_picture public_trace_file
+
+ # And finally we should be able to do it with the owner of the trace
+ get :picture, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:normal_user).id }
+ check_trace_picture public_trace_file
+ end
+
+ # Check the picture for an anonymous trace can't be downloaded by another user
+ def test_picture_anon
+ anon_trace_file = create(:trace, :visibility => "private", :user => users(:public_user), :fixture => "b")
+
+ # First with no auth
+ get :picture, :display_name => users(:public_user).display_name, :id => anon_trace_file.id
+ assert_response :forbidden
+
+ # Now with some other user, which shouldn't work since the trace is anon
+ get :picture, { :display_name => users(:public_user).display_name, :id => anon_trace_file.id }, { :user => users(:normal_user).id }
+ assert_response :forbidden
+
+ # And finally we should be able to do it with the owner of the trace
+ get :picture, { :display_name => users(:public_user).display_name, :id => anon_trace_file.id }, { :user => users(:public_user).id }
+ check_trace_picture anon_trace_file
+ end
+
+ # Test downloading the picture for a trace that doesn't exist
+ def test_picture_not_found
+ # First with no auth, which should work since the trace is public
+ get :picture, :display_name => users(:public_user).display_name, :id => 0
+ assert_response :not_found
+
+ # Now with some other user, which should work since the trace is public
+ get :picture, { :display_name => users(:public_user).display_name, :id => 0 }, { :user => users(:public_user).id }
+ assert_response :not_found
+
+ # And finally we should not be able to do it with a deleted trace
+ deleted_trace_file = create(:trace, :deleted)
+ get :picture, { :display_name => users(:public_user).display_name, :id => deleted_trace_file.id }, { :user => users(:public_user).id }
+ assert_response :not_found
+ end
+
+ # Test downloading the icon for a trace
+ def test_icon
+ public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user), :fixture => "a")
+
+ # First with no auth, which should work since the trace is public
+ get :icon, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
+ check_trace_icon public_trace_file
+
+ # Now with some other user, which should work since the trace is public
+ get :icon, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:public_user).id }
+ check_trace_icon public_trace_file
+
+ # And finally we should be able to do it with the owner of the trace
+ get :icon, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:normal_user).id }
+ check_trace_icon public_trace_file
+ end
+
+ # Check the icon for an anonymous trace can't be downloaded by another user
+ def test_icon_anon
+ anon_trace_file = create(:trace, :visibility => "private", :user => users(:public_user), :fixture => "b")
+
+ # First with no auth
+ get :icon, :display_name => users(:public_user).display_name, :id => anon_trace_file.id
+ assert_response :forbidden
+
+ # Now with some other user, which shouldn't work since the trace is anon
+ get :icon, { :display_name => users(:public_user).display_name, :id => anon_trace_file.id }, { :user => users(:normal_user).id }
+ assert_response :forbidden
+