cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Replace trace-related fixtures with factories.

Browse source 
The mocking and stubbing in the controller tests is
unfortunate, but the models interact directly with the filesystem
using the trace id so that's hard to control any other way.
This commit is contained in:
Andy Allan 2016-10-29 16:21:52 +02:00
parent f7b4793c50
commit 15689af6bf
17 changed files with 543 additions and 536 deletions
Download patch file Download diff file Expand all files Collapse all files

2
test/controllers/amf_controller_test.rb
View file

@ -473,7 +473,7 @@ class AmfControllerTest < ActionController::TestCase
end
def test_findgpx_by_id
trace = gpx_files(:anon_trace_file)
trace = create(:trace, :visibility => "private", :user => users(:public_user))
amf_content "findgpx", "/1", [trace.id, "test@example.com:test"]
post :amf_read

13
test/controllers/api_controller_test.rb
View file

@ -132,7 +132,9 @@ class ApiControllerTest < ActionController::TestCase
end
def test_tracepoints
point = gpx_files(:public_trace_file)
point = create(:trace, :visibility => "public", :latitude => 1, :longitude => 1) do |trace|
create(:tracepoint, :trace => trace, :latitude => 1 * GeoRecord::SCALE, :longitude => 1 * GeoRecord::SCALE)
end
minlon = point.longitude - 0.001
minlat = point.latitude - 0.001
maxlon = point.longitude + 0.001
@ -148,7 +150,10 @@ class ApiControllerTest < ActionController::TestCase
end
def test_tracepoints_trackable
point = gpx_files(:trackable_trace_file)
point = create(:trace, :visibility => "trackable", :latitude => 51.51, :longitude => -0.14) do |trace|
create(:tracepoint, :trace => trace, :trackid => 1, :latitude => (51.510 * GeoRecord::SCALE).to_i, :longitude => (-0.140 * GeoRecord::SCALE).to_i)
create(:tracepoint, :trace => trace, :trackid => 2, :latitude => (51.511 * GeoRecord::SCALE).to_i, :longitude => (-0.141 * GeoRecord::SCALE).to_i)
end
minlon = point.longitude - 0.002
minlat = point.latitude - 0.002
maxlon = point.longitude + 0.002
@ -170,7 +175,9 @@ class ApiControllerTest < ActionController::TestCase
end
def test_tracepoints_identifiable
point = gpx_files(:identifiable_trace_file)
point = create(:trace, :visibility => "identifiable", :latitude => 51.512, :longitude => 0.142) do |trace|
create(:tracepoint, :trace => trace, :latitude => (51.512 * GeoRecord::SCALE).to_i, :longitude => (0.142 * GeoRecord::SCALE).to_i)
end
minlon = point.longitude - 0.002
minlat = point.latitude - 0.002
maxlon = point.longitude + 0.002

2
test/controllers/site_controller_test.rb
View file

@ -280,7 +280,7 @@ class SiteControllerTest < ActionController::TestCase
# Test editing a specific GPX trace
def test_edit_with_gpx
user = users(:public_user)
gpx = gpx_files(:public_trace_file)
gpx = create(:trace, :latitude => 1, :longitude => 1)
get :edit, { :gpx => gpx.id }, { :user => user.id }
assert_response :success

8
test/controllers/swf_controller_test.rb
View file

@ -15,6 +15,14 @@ class SwfControllerTest < ActionController::TestCase
##
# basic test that trackpoints at least returns some sort of flash movie
def test_trackpoints
create(:trace, :visibility => "trackable", :latitude => 51.51, :longitude => -0.14, :user => users(:public_user)) do |trace|
create(:tracepoint, :trace => trace, :trackid => 1, :latitude => (51.510 * GeoRecord::SCALE).to_i, :longitude => (-0.140 * GeoRecord::SCALE).to_i)
create(:tracepoint, :trace => trace, :trackid => 2, :latitude => (51.511 * GeoRecord::SCALE).to_i, :longitude => (-0.141 * GeoRecord::SCALE).to_i)
end
create(:trace, :visibility => "identifiable", :latitude => 51.512, :longitude => 0.142) do |trace|
create(:tracepoint, :trace => trace, :latitude => (51.512 * GeoRecord::SCALE).to_i, :longitude => (0.142 * GeoRecord::SCALE).to_i)
end
get :trackpoints, :xmin => -1, :xmax => 1, :ymin => 51, :ymax => 52, :baselong => 0, :basey => 0, :masterscale => 1
assert_response :success
assert_equal "application/x-shockwave-flash", response.content_type

615
test/controllers/trace_controller_test.rb
View file

@ -1,8 +1,8 @@
require "test_helper"
require "minitest/mock"
class TraceControllerTest < ActionController::TestCase
fixtures :users, :gpx_files
set_fixture_class :gpx_files => Trace
fixtures :users
def setup
@gpx_trace_dir = Object.send("remove_const", "GPX_TRACE_DIR")
@ -249,97 +249,119 @@ class TraceControllerTest < ActionController::TestCase
# Test viewing a trace
def test_view
public_trace_file = create(:trace, :visibility => "public")
# First with no auth, which should work since the trace is public
get :view, :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id
check_trace_view gpx_files(:public_trace_file)
get :view, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
check_trace_view public_trace_file
# Now with some other user, which should work since the trace is public
get :view, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:public_user).id }
check_trace_view gpx_files(:public_trace_file)
get :view, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:public_user).id }
check_trace_view public_trace_file
# And finally we should be able to do it with the owner of the trace
get :view, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:normal_user).id }
check_trace_view gpx_files(:public_trace_file)
get :view, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:normal_user).id }
check_trace_view public_trace_file
end
# Check an anonymous trace can't be viewed by another user
def test_view_anon
anon_trace_file = create(:trace, :visibility => "private", :user => users(:public_user))
# First with no auth
get :view, :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id
get :view, :display_name => users(:public_user).display_name, :id => anon_trace_file.id
assert_response :redirect
assert_redirected_to :action => :list
# Now with some other user, which should work since the trace is anon
get :view, { :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id }, { :user => users(:normal_user).id }
# Now with some other user, which should not work since the trace is anon
get :view, { :display_name => users(:public_user).display_name, :id => anon_trace_file.id }, { :user => users(:normal_user).id }
assert_response :redirect
assert_redirected_to :action => :list
# And finally we should be able to do it with the owner of the trace
get :view, { :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id }, { :user => users(:public_user).id }
check_trace_view gpx_files(:anon_trace_file)
get :view, { :display_name => users(:public_user).display_name, :id => anon_trace_file.id }, { :user => users(:public_user).id }
check_trace_view anon_trace_file
end
# Test viewing a trace that doesn't exist
def test_view_not_found
# First with no auth, which should work since the trace is public
# First with no auth
get :view, :display_name => users(:public_user).display_name, :id => 0
assert_response :redirect
assert_redirected_to :action => :list
# Now with some other user, which should work since the trace is public
# Now with some other user
get :view, { :display_name => users(:public_user).display_name, :id => 0 }, { :user => users(:public_user).id }
assert_response :redirect
assert_redirected_to :action => :list
# And finally we should be able to do it with the owner of the trace
get :view, { :display_name => users(:public_user).display_name, :id => 5 }, { :user => users(:public_user).id }
# And finally we should not be able to view a deleted trace
deleted_trace_file = create(:trace, :deleted)
get :view, { :display_name => users(:public_user).display_name, :id => deleted_trace_file.id }, { :user => users(:public_user).id }
assert_response :redirect
assert_redirected_to :action => :list
end
# Test downloading a trace
def test_data
# First with no auth, which should work since the trace is public
get :data, :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id
check_trace_data gpx_files(:public_trace_file)
public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
# We need to stub both the trace_name, to control which file from test/traces is used,
# and also the Trace.find method so that our stubbed object is used by the controller.
public_trace_file.stub :trace_name, "#{GPX_TRACE_DIR}/1.gpx" do
Trace.stub :find, public_trace_file do
# First with no auth, which should work since the trace is public
get :data, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
check_trace_data public_trace_file
# Now with some other user, which should work since the trace is public
get :data, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:public_user).id }
check_trace_data gpx_files(:public_trace_file)
# Now with some other user, which should work since the trace is public
get :data, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:public_user).id }
check_trace_data public_trace_file
# And finally we should be able to do it with the owner of the trace
get :data, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:normal_user).id }
check_trace_data gpx_files(:public_trace_file)
# And finally we should be able to do it with the owner of the trace
get :data, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:normal_user).id }
check_trace_data public_trace_file
end
end
end
# Test downloading a compressed trace
def test_data_compressed
# First get the data as is
get :data, :display_name => users(:public_user).display_name, :id => gpx_files(:identifiable_trace_file).id
check_trace_data gpx_files(:identifiable_trace_file), "application/x-gzip", "gpx.gz"
identifiable_trace_file = create(:trace, :visibility => "identifiable")
identifiable_trace_file.stub :trace_name, "#{GPX_TRACE_DIR}/4.gpx" do
Trace.stub :find, identifiable_trace_file do
# First get the data as is
get :data, :display_name => users(:public_user).display_name, :id => identifiable_trace_file.id
check_trace_data identifiable_trace_file, "application/x-gzip", "gpx.gz"
# Now ask explicitly for XML format
get :data, :display_name => users(:public_user).display_name, :id => gpx_files(:identifiable_trace_file).id, :format => "xml"
check_trace_data gpx_files(:identifiable_trace_file), "application/xml", "xml"
# Now ask explicitly for XML format
get :data, :display_name => users(:public_user).display_name, :id => identifiable_trace_file.id, :format => "xml"
check_trace_data identifiable_trace_file, "application/xml", "xml"
# Now ask explicitly for GPX format
get :data, :display_name => users(:public_user).display_name, :id => gpx_files(:identifiable_trace_file).id, :format => "gpx"
check_trace_data gpx_files(:identifiable_trace_file)
# Now ask explicitly for GPX format
get :data, :display_name => users(:public_user).display_name, :id => identifiable_trace_file.id, :format => "gpx"
check_trace_data identifiable_trace_file
end
end
end
# Check an anonymous trace can't be downloaded by another user
def test_data_anon
# First with no auth
get :data, :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id
assert_response :not_found
anon_trace_file = create(:trace, :visibility => "private", :user => users(:public_user))
anon_trace_file.stub :trace_name, "#{GPX_TRACE_DIR}/2.gpx" do
# First with no auth
get :data, :display_name => users(:public_user).display_name, :id => anon_trace_file.id
assert_response :not_found
# Now with some other user, which shouldn't work since the trace is anon
get :data, { :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id }, { :user => users(:normal_user).id }
assert_response :not_found
# Now with some other user, which shouldn't work since the trace is anon
get :data, { :display_name => users(:public_user).display_name, :id => anon_trace_file.id }, { :user => users(:normal_user).id }
assert_response :not_found
# And finally we should be able to do it with the owner of the trace
get :data, { :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id }, { :user => users(:public_user).id }
check_trace_data gpx_files(:anon_trace_file)
# And finally we should be able to do it with the owner of the trace
Trace.stub :find, anon_trace_file do
get :data, { :display_name => users(:public_user).display_name, :id => anon_trace_file.id }, { :user => users(:public_user).id }
check_trace_data anon_trace_file
end
end
end
# Test downloading a trace that doesn't exist
@ -353,38 +375,49 @@ class TraceControllerTest < ActionController::TestCase
assert_response :not_found
# Now with a trace that has been deleted
get :data, { :display_name => users(:public_user).display_name, :id => 5 }, { :user => users(:public_user).id }
deleted_trace_file = create(:trace, :deleted)
get :data, { :display_name => users(:public_user).display_name, :id => deleted_trace_file.id }, { :user => users(:public_user).id }
assert_response :not_found
end
# Test downloading the picture for a trace
def test_picture
# First with no auth, which should work since the trace is public
get :picture, :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id
check_trace_picture gpx_files(:public_trace_file)
public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
public_trace_file.stub :large_picture_name, "#{GPX_TRACE_DIR}/1.gif" do
Trace.stub :find, public_trace_file do
# First with no auth, which should work since the trace is public
get :picture, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
check_trace_picture public_trace_file
# Now with some other user, which should work since the trace is public
get :picture, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:public_user).id }
check_trace_picture gpx_files(:public_trace_file)
# Now with some other user, which should work since the trace is public
get :picture, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:public_user).id }
check_trace_picture public_trace_file
# And finally we should be able to do it with the owner of the trace
get :picture, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:normal_user).id }
check_trace_picture gpx_files(:public_trace_file)
# And finally we should be able to do it with the owner of the trace
get :picture, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:normal_user).id }
check_trace_picture public_trace_file
end
end
end
# Check the picture for an anonymous trace can't be downloaded by another user
def test_picture_anon
# First with no auth
get :picture, :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id
assert_response :forbidden
anon_trace_file = create(:trace, :visibility => "private", :user => users(:public_user))
anon_trace_file.stub :large_picture_name, "#{GPX_TRACE_DIR}/2.gif" do
# First with no auth
get :picture, :display_name => users(:public_user).display_name, :id => anon_trace_file.id
assert_response :forbidden
# Now with some other user, which shouldn't work since the trace is anon
get :picture, { :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id }, { :user => users(:normal_user).id }
assert_response :forbidden
# Now with some other user, which shouldn't work since the trace is anon
get :picture, { :display_name => users(:public_user).display_name, :id => anon_trace_file.id }, { :user => users(:normal_user).id }
assert_response :forbidden
# And finally we should be able to do it with the owner of the trace
get :picture, { :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id }, { :user => users(:public_user).id }
check_trace_picture gpx_files(:anon_trace_file)
# And finally we should be able to do it with the owner of the trace
Trace.stub :find, anon_trace_file do
get :picture, { :display_name => users(:public_user).display_name, :id => anon_trace_file.id }, { :user => users(:public_user).id }
check_trace_picture anon_trace_file
end
end
end
# Test downloading the picture for a trace that doesn't exist
@ -397,53 +430,65 @@ class TraceControllerTest < ActionController::TestCase
get :picture, { :display_name => users(:public_user).display_name, :id => 0 }, { :user => users(:public_user).id }
assert_response :not_found
# And finally we should be able to do it with the owner of the trace
get :picture, { :display_name => users(:public_user).display_name, :id => 5 }, { :user => users(:public_user).id }
# And finally we should not be able to do it with a deleted trace
deleted_trace_file = create(:trace, :deleted)
get :picture, { :display_name => users(:public_user).display_name, :id => deleted_trace_file.id }, { :user => users(:public_user).id }
assert_response :not_found
end
# Test downloading the icon for a trace
def test_icon
# First with no auth, which should work since the trace is public
get :icon, :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id
check_trace_icon gpx_files(:public_trace_file)
public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
public_trace_file.stub :icon_picture_name, "#{GPX_TRACE_DIR}/1_icon.gif" do
Trace.stub :find, public_trace_file do
# First with no auth, which should work since the trace is public
get :icon, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
check_trace_icon public_trace_file
# Now with some other user, which should work since the trace is public
get :icon, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:public_user).id }
check_trace_icon gpx_files(:public_trace_file)
# Now with some other user, which should work since the trace is public
get :icon, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:public_user).id }
check_trace_icon public_trace_file
# And finally we should be able to do it with the owner of the trace
get :icon, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:normal_user).id }
check_trace_icon gpx_files(:public_trace_file)
# And finally we should be able to do it with the owner of the trace
get :icon, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:normal_user).id }
check_trace_icon public_trace_file
end
end
end
# Check the icon for an anonymous trace can't be downloaded by another user
def test_icon_anon
# First with no auth
get :icon, :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id
assert_response :forbidden
anon_trace_file = create(:trace, :visibility => "private", :user => users(:public_user))
anon_trace_file.stub :icon_picture_name, "#{GPX_TRACE_DIR}/2_icon.gif" do
# First with no auth
get :icon, :display_name => users(:public_user).display_name, :id => anon_trace_file.id
assert_response :forbidden
# Now with some other user, which shouldn't work since the trace is anon
get :icon, { :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id }, { :user => users(:normal_user).id }
assert_response :forbidden
# Now with some other user, which shouldn't work since the trace is anon
get :icon, { :display_name => users(:public_user).display_name, :id => anon_trace_file.id }, { :user => users(:normal_user).id }
assert_response :forbidden
# And finally we should be able to do it with the owner of the trace
get :icon, { :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id }, { :user => users(:public_user).id }
check_trace_icon gpx_files(:anon_trace_file)
# And finally we should be able to do it with the owner of the trace
Trace.stub :find, anon_trace_file do
get :icon, { :display_name => users(:public_user).display_name, :id => anon_trace_file.id }, { :user => users(:public_user).id }
check_trace_icon anon_trace_file
end
end
end
# Test downloading the icon for a trace that doesn't exist
def test_icon_not_found
# First with no auth, which should work since the trace is public
# First with no auth
get :icon, :display_name => users(:public_user).display_name, :id => 0
assert_response :not_found
# Now with some other user, which should work since the trace is public
# Now with some other user
get :icon, { :display_name => users(:public_user).display_name, :id => 0 }, { :user => users(:public_user).id }
assert_response :not_found
# And finally we should be able to do it with the owner of the trace
get :icon, { :display_name => users(:public_user).display_name, :id => 5 }, { :user => users(:public_user).id }
# And finally we should not be able to do it with a deleted trace
deleted_trace_file = create(:trace, :deleted)
get :icon, { :display_name => users(:public_user).display_name, :id => deleted_trace_file.id }, { :user => users(:public_user).id }
assert_response :not_found
end
@ -477,40 +522,46 @@ class TraceControllerTest < ActionController::TestCase
# Test creating a trace
def test_create_post
# Get file to use
file = Rack::Test::UploadedFile.new(gpx_files(:public_trace_file).trace_name, "application/gpx+xml")
public_trace_file = create(:trace, :visibility => "public")
public_trace_file.stub :trace_name, "#{GPX_TRACE_DIR}/1.gpx" do
# Get file to use
file = Rack::Test::UploadedFile.new(public_trace_file.trace_name, "application/gpx+xml")
# First with no auth
post :create, :trace => { :gpx_file => file, :description => "New Trace", :tagstring => "new,trace", :visibility => "trackable" }
assert_response :forbidden
# First with no auth
post :create, :trace => { :gpx_file => file, :description => "New Trace", :tagstring => "new,trace", :visibility => "trackable" }
assert_response :forbidden
# Now authenticated
create(:user_preference, :user => users(:public_user), :k => "gps.trace.visibility", :v => "identifiable")
assert_not_equal "trackable", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
post :create, { :trace => { :gpx_file => file, :description => "New Trace", :tagstring => "new,trace", :visibility => "trackable" } }, { :user => users(:public_user).id }
assert_response :redirect
assert_redirected_to :action => :list, :display_name => users(:public_user).display_name
assert_match /file has been uploaded/, flash[:notice]
trace = Trace.order(:id => :desc).first
assert_equal "1.gpx", trace.name
assert_equal "New Trace", trace.description
assert_equal %w(new trace), trace.tags.order(:tag).collect(&:tag)
assert_equal "trackable", trace.visibility
assert_equal false, trace.inserted
assert_equal File.new(gpx_files(:public_trace_file).trace_name).read, File.new(trace.trace_name).read
trace.destroy
assert_equal "trackable", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
# Now authenticated
create(:user_preference, :user => users(:public_user), :k => "gps.trace.visibility", :v => "identifiable")
assert_not_equal "trackable", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
post :create, { :trace => { :gpx_file => file, :description => "New Trace", :tagstring => "new,trace", :visibility => "trackable" } }, { :user => users(:public_user).id }
assert_response :redirect
assert_redirected_to :action => :list, :display_name => users(:public_user).display_name
assert_match /file has been uploaded/, flash[:notice]
trace = Trace.order(:id => :desc).first
assert_equal "1.gpx", trace.name
assert_equal "New Trace", trace.description
assert_equal %w(new trace), trace.tags.order(:tag).collect(&:tag)
assert_equal "trackable", trace.visibility
assert_equal false, trace.inserted
assert_equal File.new(public_trace_file.trace_name).read, File.new(trace.trace_name).read
trace.destroy
assert_equal "trackable", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
end
end
# Test fetching the edit page for a trace
def test_edit_get
public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
deleted_trace_file = create(:trace, :deleted, :user => users(:public_user))
# First with no auth
get :edit, :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id
get :edit, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
assert_response :redirect
assert_redirected_to :controller => :user, :action => :login, :referer => trace_edit_path(:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id)
assert_redirected_to :controller => :user, :action => :login, :referer => trace_edit_path(:display_name => users(:normal_user).display_name, :id => public_trace_file.id)
# Now with some other user, which should fail
get :edit, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:public_user).id }
get :edit, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:public_user).id }
assert_response :forbidden
# Now with a trace which doesn't exist
@ -518,25 +569,27 @@ class TraceControllerTest < ActionController::TestCase
assert_response :not_found
# Now with a trace which has been deleted
get :edit, { :display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id }, { :user => users(:public_user).id }
get :edit, { :display_name => users(:public_user).display_name, :id => deleted_trace_file.id }, { :user => users(:public_user).id }
assert_response :not_found
# Finally with a trace that we are allowed to edit
get :edit, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:normal_user).id }
get :edit, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:normal_user).id }
assert_response :success
end
# Test saving edits to a trace
def test_edit_post
public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
deleted_trace_file = create(:trace, :deleted, :user => users(:public_user))
# New details
new_details = { :description => "Changed description", :tagstring => "new_tag", :visibility => "private" }
# First with no auth
post :edit, :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details
post :edit, :display_name => users(:normal_user).display_name, :id => public_trace_file.id, :trace => new_details
assert_response :forbidden
# Now with some other user, which should fail
post :edit, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details }, { :user => users(:public_user).id }
post :edit, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id, :trace => new_details }, { :user => users(:public_user).id }
assert_response :forbidden
# Now with a trace which doesn't exist
@ -544,14 +597,14 @@ class TraceControllerTest < ActionController::TestCase
assert_response :not_found
# Now with a trace which has been deleted
post :edit, { :display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id, :trace => new_details }, { :user => users(:public_user).id }
post :edit, { :display_name => users(:public_user).display_name, :id => deleted_trace_file.id, :trace => new_details }, { :user => users(:public_user).id }
assert_response :not_found
# Finally with a trace that we are allowed to edit
post :edit, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details }, { :user => users(:normal_user).id }
post :edit, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id, :trace => new_details }, { :user => users(:normal_user).id }
assert_response :redirect
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
trace = Trace.find(gpx_files(:public_trace_file).id)
trace = Trace.find(public_trace_file.id)
assert_equal new_details[:description], trace.description
assert_equal new_details[:tagstring], trace.tagstring
assert_equal new_details[:visibility], trace.visibility
@ -559,12 +612,15 @@ class TraceControllerTest < ActionController::TestCase
# Test deleting a trace
def test_delete
public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
deleted_trace_file = create(:trace, :deleted, :user => users(:public_user))
# First with no auth
post :delete, :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id
post :delete, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
assert_response :forbidden
# Now with some other user, which should fail
post :delete, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:public_user).id }
post :delete, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:public_user).id }
assert_response :forbidden
# Now with a trace which doesn't exist
@ -572,54 +628,60 @@ class TraceControllerTest < ActionController::TestCase
assert_response :not_found
# Now with a trace has already been deleted
post :delete, { :display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id }, { :user => users(:public_user).id }
post :delete, { :display_name => users(:public_user).display_name, :id => deleted_trace_file.id }, { :user => users(:public_user).id }
assert_response :not_found
# Finally with a trace that we are allowed to delete
post :delete, { :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id }, { :user => users(:normal_user).id }
post :delete, { :display_name => users(:normal_user).display_name, :id => public_trace_file.id }, { :user => users(:normal_user).id }
assert_response :redirect
assert_redirected_to :action => :list, :display_name => users(:normal_user).display_name
trace = Trace.find(gpx_files(:public_trace_file).id)
trace = Trace.find(public_trace_file.id)
assert_equal false, trace.visible
end
# Check getting a specific trace through the api
def test_api_read
public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
# First with no auth
get :api_read, :id => gpx_files(:public_trace_file).id
get :api_read, :id => public_trace_file.id
assert_response :unauthorized
# Now with some other user, which should work since the trace is public
basic_authorization(users(:public_user).display_name, "test")
get :api_read, :id => gpx_files(:public_trace_file).id
get :api_read, :id => public_trace_file.id
assert_response :success
# And finally we should be able to do it with the owner of the trace
basic_authorization(users(:normal_user).display_name, "test")
get :api_read, :id => gpx_files(:public_trace_file).id
get :api_read, :id => public_trace_file.id
assert_response :success
end
# Check an anoymous trace can't be specifically fetched by another user
def test_api_read_anon
# Furst with no auth
get :api_read, :id => gpx_files(:anon_trace_file).id
anon_trace_file = create(:trace, :visibility => "private", :user => users(:public_user))
# First with no auth
get :api_read, :id => anon_trace_file.id
assert_response :unauthorized
# Now try with another user, which shouldn't work since the trace is anon
basic_authorization(users(:normal_user).display_name, "test")
get :api_read, :id => gpx_files(:anon_trace_file).id
get :api_read, :id => anon_trace_file.id
assert_response :forbidden
# And finally we should be able to get the trace details with the trace owner
basic_authorization(users(:public_user).display_name, "test")
get :api_read, :id => gpx_files(:anon_trace_file).id
get :api_read, :id => anon_trace_file.id
assert_response :success
end
# Check the api details for a trace that doesn't exist
def test_api_read_not_found
# Try first with no auth, as it should requure it
deleted_trace_file = create(:trace, :deleted, :user => users(:public_user))
# Try first with no auth, as it should require it
get :api_read, :id => 0
assert_response :unauthorized
@ -630,60 +692,85 @@ class TraceControllerTest < ActionController::TestCase
# Now try a trace which did exist but has been deleted
basic_authorization(users(:public_user).display_name, "test")
get :api_read, :id => 5
get :api_read, :id => deleted_trace_file.id
assert_response :not_found
end
# Test downloading a trace through the api
def test_api_data
# First with no auth
get :api_data, :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id
assert_response :unauthorized
public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
public_trace_file.stub :trace_name, "#{GPX_TRACE_DIR}/1.gpx" do
visible = MiniTest::Mock.new
visible.expect :find, public_trace_file, [String]
visible.expect :find, public_trace_file, [String]
Trace.stub :visible, visible do
# First with no auth
get :api_data, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
assert_response :unauthorized
# Now with some other user, which should work since the trace is public
basic_authorization(users(:public_user).display_name, "test")
get :api_data, :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id
check_trace_data gpx_files(:public_trace_file)
# Now with some other user, which should work since the trace is public
basic_authorization(users(:public_user).display_name, "test")
get :api_data, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
check_trace_data public_trace_file
# And finally we should be able to do it with the owner of the trace
basic_authorization(users(:normal_user).display_name, "test")
get :api_data, :display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id
check_trace_data gpx_files(:public_trace_file)
# # And finally we should be able to do it with the owner of the trace
basic_authorization(users(:normal_user).display_name, "test")
get :api_data, :display_name => users(:normal_user).display_name, :id => public_trace_file.id
check_trace_data public_trace_file
end
end
end
# Test downloading a compressed trace through the api
def test_api_data_compressed
# Authenticate as the owner of the trace we will be using
basic_authorization(users(:public_user).display_name, "test")
identifiable_trace_file = create(:trace, :visibility => "identifiable", :user => users(:public_user))
identifiable_trace_file.stub :trace_name, "#{GPX_TRACE_DIR}/4.gpx" do
visible = MiniTest::Mock.new
visible.expect :find, identifiable_trace_file, [String]
visible.expect :find, identifiable_trace_file, [String]
visible.expect :find, identifiable_trace_file, [String]
Trace.stub :visible, visible do
# Authenticate as the owner of the trace we will be using
basic_authorization(users(:public_user).display_name, "test")
# First get the data as is
get :api_data, :display_name => users(:public_user).display_name, :id => gpx_files(:identifiable_trace_file).id
check_trace_data gpx_files(:identifiable_trace_file), "application/x-gzip", "gpx.gz"
# First get the data as is
get :api_data, :display_name => users(:public_user).display_name, :id => identifiable_trace_file.id
check_trace_data identifiable_trace_file, "application/x-gzip", "gpx.gz"
# Now ask explicitly for XML format
get :api_data, :display_name => users(:public_user).display_name, :id => gpx_files(:identifiable_trace_file).id, :format => "xml"
check_trace_data gpx_files(:identifiable_trace_file), "application/xml", "xml"
# Now ask explicitly for XML format
get :api_data, :display_name => users(:public_user).display_name, :id => identifiable_trace_file.id, :format => "xml"
check_trace_data identifiable_trace_file, "application/xml", "xml"
# Now ask explicitly for GPX format
get :api_data, :display_name => users(:public_user).display_name, :id => gpx_files(:identifiable_trace_file).id, :format => "gpx"
check_trace_data gpx_files(:identifiable_trace_file)
# # Now ask explicitly for GPX format
get :api_data, :display_name => users(:public_user).display_name, :id => identifiable_trace_file.id, :format => "gpx"
check_trace_data identifiable_trace_file
end
end
end
# Check an anonymous trace can't be downloaded by another user through the api
def test_api_data_anon
# First with no auth
get :api_data, :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id
assert_response :unauthorized
anon_trace_file = create(:trace, :visibility => "private", :user => users(:public_user))
anon_trace_file.stub :trace_name, "#{GPX_TRACE_DIR}/2.gpx" do
visible = MiniTest::Mock.new
visible.expect :find, anon_trace_file, [String]
visible.expect :find, anon_trace_file, [String]
Trace.stub :visible, visible do
# First with no auth
get :api_data, :display_name => users(:public_user).display_name, :id => anon_trace_file.id
assert_response :unauthorized
# Now with some other user, which shouldn't work since the trace is anon
basic_authorization(users(:normal_user).display_name, "test")
get :api_data, :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id
assert_response :forbidden
# Now with some other user, which shouldn't work since the trace is anon
basic_authorization(users(:normal_user).display_name, "test")
get :api_data, :display_name => users(:public_user).display_name, :id => anon_trace_file.id
assert_response :forbidden
# And finally we should be able to do it with the owner of the trace
basic_authorization(users(:public_user).display_name, "test")
get :api_data, :display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id
check_trace_data gpx_files(:anon_trace_file)
# And finally we should be able to do it with the owner of the trace
basic_authorization(users(:public_user).display_name, "test")
get :api_data, :display_name => users(:public_user).display_name, :id => anon_trace_file.id
check_trace_data anon_trace_file
end
end
end
# Test downloading a trace that doesn't exist through the api
@ -698,127 +785,139 @@ class TraceControllerTest < ActionController::TestCase
assert_response :not_found
# Now with a trace that has been deleted
deleted_trace_file = create(:trace, :deleted)
basic_authorization(users(:public_user).display_name, "test")
get :api_data, :display_name => users(:public_user).display_name, :id => 5
get :api_data, :display_name => users(:public_user).display_name, :id => deleted_trace_file.id
assert_response :not_found
end
# Test creating a trace through the api
def test_api_create
# Get file to use
file = Rack::Test::UploadedFile.new(gpx_files(:public_trace_file).trace_name, "application/gpx+xml")
public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
public_trace_file.stub :trace_name, "#{GPX_TRACE_DIR}/1.gpx" do
# Get file to use
file = Rack::Test::UploadedFile.new(public_trace_file.trace_name, "application/gpx+xml")
# First with no auth
post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable"
assert_response :unauthorized
# First with no auth
post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable"
assert_response :unauthorized
# Now authenticated
create(:user_preference, :user => users(:public_user), :k => "gps.trace.visibility", :v => "identifiable")
assert_not_equal "trackable", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
basic_authorization(users(:public_user).display_name, "test")
post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable"
assert_response :success
trace = Trace.find(response.body.to_i)
assert_equal "1.gpx", trace.name
assert_equal "New Trace", trace.description
assert_equal %w(new trace), trace.tags.order(:tag).collect(&:tag)
assert_equal "trackable", trace.visibility
assert_equal false, trace.inserted
assert_equal File.new(gpx_files(:public_trace_file).trace_name).read, File.new(trace.trace_name).read
trace.destroy
assert_equal "trackable", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
# Now authenticated
create(:user_preference, :user => users(:public_user), :k => "gps.trace.visibility", :v => "identifiable")
assert_not_equal "trackable", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
basic_authorization(users(:public_user).display_name, "test")
post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable"
assert_response :success
trace = Trace.find(response.body.to_i)
assert_equal "1.gpx", trace.name
assert_equal "New Trace", trace.description
assert_equal %w(new trace), trace.tags.order(:tag).collect(&:tag)
assert_equal "trackable", trace.visibility
assert_equal false, trace.inserted
assert_equal File.new(public_trace_file.trace_name).read, File.new(trace.trace_name).read
trace.destroy
assert_equal "trackable", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
# Rewind the file
file.rewind
# Rewind the file
file.rewind
# Now authenticated, with the legacy public flag
assert_not_equal "public", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
basic_authorization(users(:public_user).display_name, "test")
post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :public => 1
assert_response :success
trace = Trace.find(response.body.to_i)
assert_equal "1.gpx", trace.name
assert_equal "New Trace", trace.description
assert_equal %w(new trace), trace.tags.order(:tag).collect(&:tag)
assert_equal "public", trace.visibility
assert_equal false, trace.inserted
assert_equal File.new(gpx_files(:public_trace_file).trace_name).read, File.new(trace.trace_name).read
trace.destroy
assert_equal "public", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
# Now authenticated, with the legacy public flag
assert_not_equal "public", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
basic_authorization(users(:public_user).display_name, "test")
post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :public => 1
assert_response :success
trace = Trace.find(response.body.to_i)
assert_equal "1.gpx", trace.name
assert_equal "New Trace", trace.description
assert_equal %w(new trace), trace.tags.order(:tag).collect(&:tag)
assert_equal "public", trace.visibility
assert_equal false, trace.inserted
assert_equal File.new(public_trace_file.trace_name).read, File.new(trace.trace_name).read
trace.destroy
assert_equal "public", users(:public_user).preferences.where(:k => "gps.trace.visibility").first.v
# Rewind the file
file.rewind
# Rewind the file
file.rewind
# Now authenticated, with the legacy private flag
assert_nil users(:second_public_user).preferences.where(:k => "gps.trace.visibility").first
basic_authorization(users(:second_public_user).display_name, "test")
post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :public => 0
assert_response :success
trace = Trace.find(response.body.to_i)
assert_equal "1.gpx", trace.name
assert_equal "New Trace", trace.description
assert_equal %w(new trace), trace.tags.order(:tag).collect(&:tag)
assert_equal "private", trace.visibility
assert_equal false, trace.inserted
assert_equal File.new(gpx_files(:public_trace_file).trace_name).read, File.new(trace.trace_name).read
trace.destroy
assert_equal "private", users(:second_public_user).preferences.where(:k => "gps.trace.visibility").first.v
# Now authenticated, with the legacy private flag
assert_nil users(:second_public_user).preferences.where(:k => "gps.trace.visibility").first
basic_authorization(users(:second_public_user).display_name, "test")
post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :public => 0
assert_response :success
trace = Trace.find(response.body.to_i)
assert_equal "1.gpx", trace.name
assert_equal "New Trace", trace.description
assert_equal %w(new trace), trace.tags.order(:tag).collect(&:tag)
assert_equal "private", trace.visibility
assert_equal false, trace.inserted
assert_equal File.new(public_trace_file.trace_name).read, File.new(trace.trace_name).read
trace.destroy
assert_equal "private", users(:second_public_user).preferences.where(:k => "gps.trace.visibility").first.v
end
end
# Check updating a trace through the api
def test_api_update
# First with no auth
content gpx_files(:public_trace_file).to_xml
put :api_update, :id => gpx_files(:public_trace_file).id
assert_response :unauthorized
public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
deleted_trace_file = create(:trace, :deleted, :user => users(:public_user))
anon_trace_file = create(:trace, :visibility => "private", :user => users(:public_user))
# Now with some other user, which should fail
basic_authorization(users(:public_user).display_name, "test")
content gpx_files(:public_trace_file).to_xml
put :api_update, :id => gpx_files(:public_trace_file).id
assert_response :forbidden
public_trace_file.stub :trace_name, "#{GPX_TRACE_DIR}/1.gpx" do
# First with no auth
content public_trace_file.to_xml
put :api_update, :id => public_trace_file.id
assert_response :unauthorized
# Now with a trace which doesn't exist
basic_authorization(users(:public_user).display_name, "test")
content gpx_files(:public_trace_file).to_xml
put :api_update, :id => 0
assert_response :not_found
# Now with some other user, which should fail
basic_authorization(users(:public_user).display_name, "test")
content public_trace_file.to_xml
put :api_update, :id => public_trace_file.id
assert_response :forbidden
# Now with a trace which did exist but has been deleted
basic_authorization(users(:public_user).display_name, "test")
content gpx_files(:deleted_trace_file).to_xml
put :api_update, :id => gpx_files(:deleted_trace_file).id
assert_response :not_found
# Now with a trace which doesn't exist
basic_authorization(users(:public_user).display_name, "test")
content public_trace_file.to_xml
put :api_update, :id => 0
assert_response :not_found
# Now try an update with the wrong ID
basic_authorization(users(:normal_user).display_name, "test")
content gpx_files(:anon_trace_file).to_xml
put :api_update, :id => gpx_files(:public_trace_file).id
assert_response :bad_request,
"should not be able to update a trace with a different ID from the XML"
# Now with a trace which did exist but has been deleted
basic_authorization(users(:public_user).display_name, "test")
content deleted_trace_file.to_xml
put :api_update, :id => deleted_trace_file.id
assert_response :not_found
# And finally try an update that should work
basic_authorization(users(:normal_user).display_name, "test")
t = gpx_files(:public_trace_file)
t.description = "Changed description"
t.visibility = "private"
content t.to_xml
put :api_update, :id => t.id
assert_response :success
nt = Trace.find(t.id)
assert_equal nt.description, t.description
assert_equal nt.visibility, t.visibility
# Now try an update with the wrong ID
basic_authorization(users(:normal_user).display_name, "test")
content anon_trace_file.to_xml
put :api_update, :id => public_trace_file.id
assert_response :bad_request,
"should not be able to update a trace with a different ID from the XML"
# And finally try an update that should work
basic_authorization(users(:normal_user).display_name, "test")
t = public_trace_file
t.description = "Changed description"
t.visibility = "private"
content t.to_xml
put :api_update, :id => t.id
assert_response :success
nt = Trace.find(t.id)
assert_equal nt.description, t.description
assert_equal nt.visibility, t.visibility
end
end
# Check deleting a trace through the api
def test_api_delete
public_trace_file = create(:trace, :visibility => "public", :user => users(:normal_user))
# First with no auth
delete :api_delete, :id => gpx_files(:public_trace_file).id
delete :api_delete, :id => public_trace_file.id
assert_response :unauthorized
# Now with some other user, which should fail
basic_authorization(users(:public_user).display_name, "test")
delete :api_delete, :id => gpx_files(:public_trace_file).id
delete :api_delete, :id => public_trace_file.id
assert_response :forbidden
# Now with a trace which doesn't exist
@ -828,12 +927,12 @@ class TraceControllerTest < ActionController::TestCase
# And finally we should be able to do it with the owner of the trace
basic_authorization(users(:normal_user).display_name, "test")
delete :api_delete, :id => gpx_files(:public_trace_file).id
delete :api_delete, :id => public_trace_file.id
assert_response :success
# Try it a second time, which should fail
basic_authorization(users(:normal_user).display_name, "test")
delete :api_delete, :id => gpx_files(:public_trace_file).id
delete :api_delete, :id => public_trace_file.id
assert_response :not_found
end

10
test/controllers/user_controller_test.rb
View file

@ -1085,6 +1085,12 @@ class UserControllerTest < ActionController::TestCase
end
def test_api_gpx_files
trace1 = create(:trace, :user => users(:normal_user)) do |trace|
create(:tracetag, :trace => trace, :tag => "London")
end
trace2 = create(:trace, :user => users(:normal_user)) do |trace|
create(:tracetag, :trace => trace, :tag => "Birmingham")
end
# check that nothing is returned when not logged in
get :api_gpx_files
assert_response :unauthorized
@ -1096,10 +1102,10 @@ class UserControllerTest < ActionController::TestCase
assert_equal "text/xml", response.content_type
# check the data that is returned
assert_select "gpx_file[id='1']", 1 do
assert_select "gpx_file[id='#{trace1.id}']", 1 do
assert_select "tag", "London"
end
assert_select "gpx_file[id='4']", 1 do
assert_select "gpx_file[id='#{trace2.id}']", 1 do
assert_select "tag", "Birmingham"
end
end