| @@ -1,139 +1,139 | |||||
| 1 | # Redmine - project management software |
|
1 | # Redmine - project management software | |
| 2 | # Copyright (C) 2006-2012 Jean-Philippe Lang |
|
2 | # Copyright (C) 2006-2012 Jean-Philippe Lang | |
| 3 | # |
|
3 | # | |
| 4 | # This program is free software; you can redistribute it and/or |
|
4 | # This program is free software; you can redistribute it and/or | |
| 5 | # modify it under the terms of the GNU General Public License |
|
5 | # modify it under the terms of the GNU General Public License | |
| 6 | # as published by the Free Software Foundation; either version 2 |
|
6 | # as published by the Free Software Foundation; either version 2 | |
| 7 | # of the License, or (at your option) any later version. |
|
7 | # of the License, or (at your option) any later version. | |
| 8 | # |
|
8 | # | |
| 9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
| 13 | # |
|
13 | # | |
| 14 | # You should have received a copy of the GNU General Public License |
|
14 | # You should have received a copy of the GNU General Public License | |
| 15 | # along with this program; if not, write to the Free Software |
|
15 | # along with this program; if not, write to the Free Software | |
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | class AttachmentsController < ApplicationController |
|
18 | class AttachmentsController < ApplicationController | |
| 19 | before_filter :find_project, :except => :upload |
|
19 | before_filter :find_project, :except => :upload | |
| 20 | before_filter :file_readable, :read_authorize, :only => [:show, :download, :thumbnail] |
|
20 | before_filter :file_readable, :read_authorize, :only => [:show, :download, :thumbnail] | |
| 21 | before_filter :delete_authorize, :only => :destroy |
|
21 | before_filter :delete_authorize, :only => :destroy | |
| 22 | before_filter :authorize_global, :only => :upload |
|
22 | before_filter :authorize_global, :only => :upload | |
| 23 |
|
23 | |||
| 24 | accept_api_auth :show, :download, :upload |
|
24 | accept_api_auth :show, :download, :upload | |
| 25 |
|
25 | |||
| 26 | def show |
|
26 | def show | |
| 27 | respond_to do |format| |
|
27 | respond_to do |format| | |
| 28 | format.html { |
|
28 | format.html { | |
| 29 | if @attachment.is_diff? |
|
29 | if @attachment.is_diff? | |
| 30 | @diff = File.new(@attachment.diskfile, "rb").read |
|
30 | @diff = File.new(@attachment.diskfile, "rb").read | |
| 31 | @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline' |
|
31 | @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline' | |
| 32 | @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type) |
|
32 | @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type) | |
| 33 | # Save diff type as user preference |
|
33 | # Save diff type as user preference | |
| 34 | if User.current.logged? && @diff_type != User.current.pref[:diff_type] |
|
34 | if User.current.logged? && @diff_type != User.current.pref[:diff_type] | |
| 35 | User.current.pref[:diff_type] = @diff_type |
|
35 | User.current.pref[:diff_type] = @diff_type | |
| 36 | User.current.preference.save |
|
36 | User.current.preference.save | |
| 37 | end |
|
37 | end | |
| 38 | render :action => 'diff' |
|
38 | render :action => 'diff' | |
| 39 | elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte |
|
39 | elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte | |
| 40 | @content = File.new(@attachment.diskfile, "rb").read |
|
40 | @content = File.new(@attachment.diskfile, "rb").read | |
| 41 | render :action => 'file' |
|
41 | render :action => 'file' | |
| 42 | else |
|
42 | else | |
| 43 | download |
|
43 | download | |
| 44 | end |
|
44 | end | |
| 45 | } |
|
45 | } | |
| 46 | format.api |
|
46 | format.api | |
| 47 | end |
|
47 | end | |
| 48 | end |
|
48 | end | |
| 49 |
|
49 | |||
| 50 | def download |
|
50 | def download | |
| 51 | if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project) |
|
51 | if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project) | |
| 52 | @attachment.increment_download |
|
52 | @attachment.increment_download | |
| 53 | end |
|
53 | end | |
| 54 |
|
54 | |||
| 55 | if stale?(:etag => @attachment.digest) |
|
55 | if stale?(:etag => @attachment.digest) | |
| 56 | # images are sent inline |
|
56 | # images are sent inline | |
| 57 | send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), |
|
57 | send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), | |
| 58 | :type => detect_content_type(@attachment), |
|
58 | :type => detect_content_type(@attachment), | |
| 59 | :disposition => (@attachment.image? ? 'inline' : 'attachment') |
|
59 | :disposition => (@attachment.image? ? 'inline' : 'attachment') | |
| 60 | end |
|
60 | end | |
| 61 | end |
|
61 | end | |
| 62 |
|
62 | |||
| 63 | def thumbnail |
|
63 | def thumbnail | |
| 64 | if @attachment.thumbnailable? && thumbnail = @attachment.thumbnail(:size => params[:size]) |
|
64 | if @attachment.thumbnailable? && thumbnail = @attachment.thumbnail(:size => params[:size]) | |
| 65 | if stale?(:etag => thumbnail) |
|
65 | if stale?(:etag => thumbnail) | |
| 66 | send_file thumbnail, |
|
66 | send_file thumbnail, | |
| 67 | :filename => filename_for_content_disposition(@attachment.filename), |
|
67 | :filename => filename_for_content_disposition(@attachment.filename), | |
| 68 | :type => detect_content_type(@attachment), |
|
68 | :type => detect_content_type(@attachment), | |
| 69 | :disposition => 'inline' |
|
69 | :disposition => 'inline' | |
| 70 | end |
|
70 | end | |
| 71 | else |
|
71 | else | |
| 72 | # No thumbnail for the attachment or thumbnail could not be created |
|
72 | # No thumbnail for the attachment or thumbnail could not be created | |
| 73 | render :nothing => true, :status => 404 |
|
73 | render :nothing => true, :status => 404 | |
| 74 | end |
|
74 | end | |
| 75 | end |
|
75 | end | |
| 76 |
|
76 | |||
| 77 | def upload |
|
77 | def upload | |
| 78 | # Make sure that API users get used to set this content type |
|
78 | # Make sure that API users get used to set this content type | |
| 79 | # as it won't trigger Rails' automatic parsing of the request body for parameters |
|
79 | # as it won't trigger Rails' automatic parsing of the request body for parameters | |
| 80 | unless request.content_type == 'application/octet-stream' |
|
80 | unless request.content_type == 'application/octet-stream' | |
| 81 | render :nothing => true, :status => 406 |
|
81 | render :nothing => true, :status => 406 | |
| 82 | return |
|
82 | return | |
| 83 | end |
|
83 | end | |
| 84 |
|
84 | |||
| 85 | @attachment = Attachment.new(:file => request.raw_post) |
|
85 | @attachment = Attachment.new(:file => request.raw_post) | |
| 86 | @attachment.author = User.current |
|
86 | @attachment.author = User.current | |
| 87 | @attachment.filename = Redmine::Utils.random_hex(16) |
|
87 | @attachment.filename = params[:filename].presence || Redmine::Utils.random_hex(16) | |
| 88 |
|
88 | |||
| 89 | if @attachment.save |
|
89 | if @attachment.save | |
| 90 | respond_to do |format| |
|
90 | respond_to do |format| | |
| 91 | format.api { render :action => 'upload', :status => :created } |
|
91 | format.api { render :action => 'upload', :status => :created } | |
| 92 | end |
|
92 | end | |
| 93 | else |
|
93 | else | |
| 94 | respond_to do |format| |
|
94 | respond_to do |format| | |
| 95 | format.api { render_validation_errors(@attachment) } |
|
95 | format.api { render_validation_errors(@attachment) } | |
| 96 | end |
|
96 | end | |
| 97 | end |
|
97 | end | |
| 98 | end |
|
98 | end | |
| 99 |
|
99 | |||
| 100 | def destroy |
|
100 | def destroy | |
| 101 | if @attachment.container.respond_to?(:init_journal) |
|
101 | if @attachment.container.respond_to?(:init_journal) | |
| 102 | @attachment.container.init_journal(User.current) |
|
102 | @attachment.container.init_journal(User.current) | |
| 103 | end |
|
103 | end | |
| 104 | # Make sure association callbacks are called |
|
104 | # Make sure association callbacks are called | |
| 105 | @attachment.container.attachments.delete(@attachment) |
|
105 | @attachment.container.attachments.delete(@attachment) | |
| 106 | redirect_to_referer_or project_path(@project) |
|
106 | redirect_to_referer_or project_path(@project) | |
| 107 | end |
|
107 | end | |
| 108 |
|
108 | |||
| 109 | private |
|
109 | private | |
| 110 | def find_project |
|
110 | def find_project | |
| 111 | @attachment = Attachment.find(params[:id]) |
|
111 | @attachment = Attachment.find(params[:id]) | |
| 112 | # Show 404 if the filename in the url is wrong |
|
112 | # Show 404 if the filename in the url is wrong | |
| 113 | raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename |
|
113 | raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename | |
| 114 | @project = @attachment.project |
|
114 | @project = @attachment.project | |
| 115 | rescue ActiveRecord::RecordNotFound |
|
115 | rescue ActiveRecord::RecordNotFound | |
| 116 | render_404 |
|
116 | render_404 | |
| 117 | end |
|
117 | end | |
| 118 |
|
118 | |||
| 119 | # Checks that the file exists and is readable |
|
119 | # Checks that the file exists and is readable | |
| 120 | def file_readable |
|
120 | def file_readable | |
| 121 | @attachment.readable? ? true : render_404 |
|
121 | @attachment.readable? ? true : render_404 | |
| 122 | end |
|
122 | end | |
| 123 |
|
123 | |||
| 124 | def read_authorize |
|
124 | def read_authorize | |
| 125 | @attachment.visible? ? true : deny_access |
|
125 | @attachment.visible? ? true : deny_access | |
| 126 | end |
|
126 | end | |
| 127 |
|
127 | |||
| 128 | def delete_authorize |
|
128 | def delete_authorize | |
| 129 | @attachment.deletable? ? true : deny_access |
|
129 | @attachment.deletable? ? true : deny_access | |
| 130 | end |
|
130 | end | |
| 131 |
|
131 | |||
| 132 | def detect_content_type(attachment) |
|
132 | def detect_content_type(attachment) | |
| 133 | content_type = attachment.content_type |
|
133 | content_type = attachment.content_type | |
| 134 | if content_type.blank? |
|
134 | if content_type.blank? | |
| 135 | content_type = Redmine::MimeType.of(attachment.filename) |
|
135 | content_type = Redmine::MimeType.of(attachment.filename) | |
| 136 | end |
|
136 | end | |
| 137 | content_type.to_s |
|
137 | content_type.to_s | |
| 138 | end |
|
138 | end | |
| 139 | end |
|
139 | end | |
| @@ -1,138 +1,150 | |||||
| 1 | # Redmine - project management software |
|
1 | # Redmine - project management software | |
| 2 | # Copyright (C) 2006-2012 Jean-Philippe Lang |
|
2 | # Copyright (C) 2006-2012 Jean-Philippe Lang | |
| 3 | # |
|
3 | # | |
| 4 | # This program is free software; you can redistribute it and/or |
|
4 | # This program is free software; you can redistribute it and/or | |
| 5 | # modify it under the terms of the GNU General Public License |
|
5 | # modify it under the terms of the GNU General Public License | |
| 6 | # as published by the Free Software Foundation; either version 2 |
|
6 | # as published by the Free Software Foundation; either version 2 | |
| 7 | # of the License, or (at your option) any later version. |
|
7 | # of the License, or (at your option) any later version. | |
| 8 | # |
|
8 | # | |
| 9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
| 13 | # |
|
13 | # | |
| 14 | # You should have received a copy of the GNU General Public License |
|
14 | # You should have received a copy of the GNU General Public License | |
| 15 | # along with this program; if not, write to the Free Software |
|
15 | # along with this program; if not, write to the Free Software | |
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | require File.expand_path('../../../test_helper', __FILE__) |
|
18 | require File.expand_path('../../../test_helper', __FILE__) | |
| 19 |
|
19 | |||
| 20 | class ApiTest::AttachmentsTest < ActionController::IntegrationTest |
|
20 | class ApiTest::AttachmentsTest < ActionController::IntegrationTest | |
| 21 | fixtures :projects, :trackers, :issue_statuses, :issues, |
|
21 | fixtures :projects, :trackers, :issue_statuses, :issues, | |
| 22 | :enumerations, :users, :issue_categories, |
|
22 | :enumerations, :users, :issue_categories, | |
| 23 | :projects_trackers, |
|
23 | :projects_trackers, | |
| 24 | :roles, |
|
24 | :roles, | |
| 25 | :member_roles, |
|
25 | :member_roles, | |
| 26 | :members, |
|
26 | :members, | |
| 27 | :enabled_modules, |
|
27 | :enabled_modules, | |
| 28 | :workflows, |
|
28 | :workflows, | |
| 29 | :attachments |
|
29 | :attachments | |
| 30 |
|
30 | |||
| 31 | def setup |
|
31 | def setup | |
| 32 | Setting.rest_api_enabled = '1' |
|
32 | Setting.rest_api_enabled = '1' | |
| 33 | set_fixtures_attachments_directory |
|
33 | set_fixtures_attachments_directory | |
| 34 | end |
|
34 | end | |
| 35 |
|
35 | |||
| 36 | def teardown |
|
36 | def teardown | |
| 37 | set_tmp_attachments_directory |
|
37 | set_tmp_attachments_directory | |
| 38 | end |
|
38 | end | |
| 39 |
|
39 | |||
| 40 | test "GET /attachments/:id.xml should return the attachment" do |
|
40 | test "GET /attachments/:id.xml should return the attachment" do | |
| 41 | get '/attachments/7.xml', {}, credentials('jsmith') |
|
41 | get '/attachments/7.xml', {}, credentials('jsmith') | |
| 42 | assert_response :success |
|
42 | assert_response :success | |
| 43 | assert_equal 'application/xml', @response.content_type |
|
43 | assert_equal 'application/xml', @response.content_type | |
| 44 | assert_tag :tag => 'attachment', |
|
44 | assert_tag :tag => 'attachment', | |
| 45 | :child => { |
|
45 | :child => { | |
| 46 | :tag => 'id', |
|
46 | :tag => 'id', | |
| 47 | :content => '7', |
|
47 | :content => '7', | |
| 48 | :sibling => { |
|
48 | :sibling => { | |
| 49 | :tag => 'filename', |
|
49 | :tag => 'filename', | |
| 50 | :content => 'archive.zip', |
|
50 | :content => 'archive.zip', | |
| 51 | :sibling => { |
|
51 | :sibling => { | |
| 52 | :tag => 'content_url', |
|
52 | :tag => 'content_url', | |
| 53 | :content => 'http://www.example.com/attachments/download/7/archive.zip' |
|
53 | :content => 'http://www.example.com/attachments/download/7/archive.zip' | |
| 54 | } |
|
54 | } | |
| 55 | } |
|
55 | } | |
| 56 | } |
|
56 | } | |
| 57 | end |
|
57 | end | |
| 58 |
|
58 | |||
| 59 | test "GET /attachments/:id.xml should deny access without credentials" do |
|
59 | test "GET /attachments/:id.xml should deny access without credentials" do | |
| 60 | get '/attachments/7.xml' |
|
60 | get '/attachments/7.xml' | |
| 61 | assert_response 401 |
|
61 | assert_response 401 | |
| 62 | set_tmp_attachments_directory |
|
62 | set_tmp_attachments_directory | |
| 63 | end |
|
63 | end | |
| 64 |
|
64 | |||
| 65 | test "GET /attachments/download/:id/:filename should return the attachment content" do |
|
65 | test "GET /attachments/download/:id/:filename should return the attachment content" do | |
| 66 | get '/attachments/download/7/archive.zip', {}, credentials('jsmith') |
|
66 | get '/attachments/download/7/archive.zip', {}, credentials('jsmith') | |
| 67 | assert_response :success |
|
67 | assert_response :success | |
| 68 | assert_equal 'application/octet-stream', @response.content_type |
|
68 | assert_equal 'application/octet-stream', @response.content_type | |
| 69 | set_tmp_attachments_directory |
|
69 | set_tmp_attachments_directory | |
| 70 | end |
|
70 | end | |
| 71 |
|
71 | |||
| 72 | test "GET /attachments/download/:id/:filename should deny access without credentials" do |
|
72 | test "GET /attachments/download/:id/:filename should deny access without credentials" do | |
| 73 | get '/attachments/download/7/archive.zip' |
|
73 | get '/attachments/download/7/archive.zip' | |
| 74 | assert_response 302 |
|
74 | assert_response 302 | |
| 75 | set_tmp_attachments_directory |
|
75 | set_tmp_attachments_directory | |
| 76 | end |
|
76 | end | |
| 77 |
|
77 | |||
| 78 | test "POST /uploads.xml should return the token" do |
|
78 | test "POST /uploads.xml should return the token" do | |
| 79 | set_tmp_attachments_directory |
|
79 | set_tmp_attachments_directory | |
| 80 | assert_difference 'Attachment.count' do |
|
80 | assert_difference 'Attachment.count' do | |
| 81 | post '/uploads.xml', 'File content', {"CONTENT_TYPE" => 'application/octet-stream'}.merge(credentials('jsmith')) |
|
81 | post '/uploads.xml', 'File content', {"CONTENT_TYPE" => 'application/octet-stream'}.merge(credentials('jsmith')) | |
| 82 | assert_response :created |
|
82 | assert_response :created | |
| 83 | assert_equal 'application/xml', response.content_type |
|
83 | assert_equal 'application/xml', response.content_type | |
| 84 | end |
|
84 | end | |
| 85 |
|
85 | |||
| 86 | xml = Hash.from_xml(response.body) |
|
86 | xml = Hash.from_xml(response.body) | |
| 87 | assert_kind_of Hash, xml['upload'] |
|
87 | assert_kind_of Hash, xml['upload'] | |
| 88 | token = xml['upload']['token'] |
|
88 | token = xml['upload']['token'] | |
| 89 | assert_not_nil token |
|
89 | assert_not_nil token | |
| 90 |
|
90 | |||
| 91 | attachment = Attachment.first(:order => 'id DESC') |
|
91 | attachment = Attachment.first(:order => 'id DESC') | |
| 92 | assert_equal token, attachment.token |
|
92 | assert_equal token, attachment.token | |
| 93 | assert_nil attachment.container |
|
93 | assert_nil attachment.container | |
| 94 | assert_equal 2, attachment.author_id |
|
94 | assert_equal 2, attachment.author_id | |
| 95 | assert_equal 'File content'.size, attachment.filesize |
|
95 | assert_equal 'File content'.size, attachment.filesize | |
| 96 | assert attachment.content_type.blank? |
|
96 | assert attachment.content_type.blank? | |
| 97 | assert attachment.filename.present? |
|
97 | assert attachment.filename.present? | |
| 98 | assert_match /\d+_[0-9a-z]+/, attachment.diskfile |
|
98 | assert_match /\d+_[0-9a-z]+/, attachment.diskfile | |
| 99 | assert File.exist?(attachment.diskfile) |
|
99 | assert File.exist?(attachment.diskfile) | |
| 100 | assert_equal 'File content', File.read(attachment.diskfile) |
|
100 | assert_equal 'File content', File.read(attachment.diskfile) | |
| 101 | end |
|
101 | end | |
| 102 |
|
102 | |||
| 103 | test "POST /uploads.json should return the token" do |
|
103 | test "POST /uploads.json should return the token" do | |
| 104 | set_tmp_attachments_directory |
|
104 | set_tmp_attachments_directory | |
| 105 | assert_difference 'Attachment.count' do |
|
105 | assert_difference 'Attachment.count' do | |
| 106 | post '/uploads.json', 'File content', {"CONTENT_TYPE" => 'application/octet-stream'}.merge(credentials('jsmith')) |
|
106 | post '/uploads.json', 'File content', {"CONTENT_TYPE" => 'application/octet-stream'}.merge(credentials('jsmith')) | |
| 107 | assert_response :created |
|
107 | assert_response :created | |
| 108 | assert_equal 'application/json', response.content_type |
|
108 | assert_equal 'application/json', response.content_type | |
| 109 | end |
|
109 | end | |
| 110 |
|
110 | |||
| 111 | json = ActiveSupport::JSON.decode(response.body) |
|
111 | json = ActiveSupport::JSON.decode(response.body) | |
| 112 | assert_kind_of Hash, json['upload'] |
|
112 | assert_kind_of Hash, json['upload'] | |
| 113 | token = json['upload']['token'] |
|
113 | token = json['upload']['token'] | |
| 114 | assert_not_nil token |
|
114 | assert_not_nil token | |
| 115 |
|
115 | |||
| 116 | attachment = Attachment.first(:order => 'id DESC') |
|
116 | attachment = Attachment.first(:order => 'id DESC') | |
| 117 | assert_equal token, attachment.token |
|
117 | assert_equal token, attachment.token | |
| 118 | end |
|
118 | end | |
| 119 |
|
119 | |||
|
|
120 | test "POST /uploads.xml should accept :filename param as the attachment filename" do | |||
|
|
121 | set_tmp_attachments_directory | |||
|
|
122 | assert_difference 'Attachment.count' do | |||
|
|
123 | post '/uploads.xml?filename=test.txt', 'File content', {"CONTENT_TYPE" => 'application/octet-stream'}.merge(credentials('jsmith')) | |||
|
|
124 | assert_response :created | |||
|
|
125 | end | |||
|
|
126 | ||||
|
|
127 | attachment = Attachment.order('id DESC').first | |||
|
|
128 | assert_equal 'test.txt', attachment.filename | |||
|
|
129 | assert_match /_test\.txt$/, attachment.diskfile | |||
|
|
130 | end | |||
|
|
131 | ||||
| 120 | test "POST /uploads.xml should not accept other content types" do |
|
132 | test "POST /uploads.xml should not accept other content types" do | |
| 121 | set_tmp_attachments_directory |
|
133 | set_tmp_attachments_directory | |
| 122 | assert_no_difference 'Attachment.count' do |
|
134 | assert_no_difference 'Attachment.count' do | |
| 123 | post '/uploads.xml', 'PNG DATA', {"CONTENT_TYPE" => 'image/png'}.merge(credentials('jsmith')) |
|
135 | post '/uploads.xml', 'PNG DATA', {"CONTENT_TYPE" => 'image/png'}.merge(credentials('jsmith')) | |
| 124 | assert_response 406 |
|
136 | assert_response 406 | |
| 125 | end |
|
137 | end | |
| 126 | end |
|
138 | end | |
| 127 |
|
139 | |||
| 128 | test "POST /uploads.xml should return errors if file is too big" do |
|
140 | test "POST /uploads.xml should return errors if file is too big" do | |
| 129 | set_tmp_attachments_directory |
|
141 | set_tmp_attachments_directory | |
| 130 | with_settings :attachment_max_size => 1 do |
|
142 | with_settings :attachment_max_size => 1 do | |
| 131 | assert_no_difference 'Attachment.count' do |
|
143 | assert_no_difference 'Attachment.count' do | |
| 132 | post '/uploads.xml', ('x' * 2048), {"CONTENT_TYPE" => 'application/octet-stream'}.merge(credentials('jsmith')) |
|
144 | post '/uploads.xml', ('x' * 2048), {"CONTENT_TYPE" => 'application/octet-stream'}.merge(credentials('jsmith')) | |
| 133 | assert_response 422 |
|
145 | assert_response 422 | |
| 134 | assert_tag 'error', :content => /exceeds the maximum allowed file size/ |
|
146 | assert_tag 'error', :content => /exceeds the maximum allowed file size/ | |
| 135 | end |
|
147 | end | |
| 136 | end |
|
148 | end | |
| 137 | end |
|
149 | end | |
| 138 | end |
|
150 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now