##// END OF EJS Templates
Allow to download javascript attachments again (#23376)....
Jean-Philippe Lang -
r15474:76bf2404d511
parent child
Show More
@@ -1,202 +1,206
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AttachmentsController < ApplicationController
19 19 before_action :find_attachment, :only => [:show, :download, :thumbnail, :destroy]
20 20 before_action :find_editable_attachments, :only => [:edit, :update]
21 21 before_action :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
22 22 before_action :delete_authorize, :only => :destroy
23 23 before_action :authorize_global, :only => :upload
24 24
25 # Disable check for same origin requests for JS files, i.e. attachments with
26 # MIME type text/javascript.
27 skip_after_filter :verify_same_origin_request, :only => :download
28
25 29 accept_api_auth :show, :download, :thumbnail, :upload, :destroy
26 30
27 31 def show
28 32 respond_to do |format|
29 33 format.html {
30 34 if @attachment.is_diff?
31 35 @diff = File.read(@attachment.diskfile, :mode => "rb")
32 36 @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
33 37 @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
34 38 # Save diff type as user preference
35 39 if User.current.logged? && @diff_type != User.current.pref[:diff_type]
36 40 User.current.pref[:diff_type] = @diff_type
37 41 User.current.preference.save
38 42 end
39 43 render :action => 'diff'
40 44 elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
41 45 @content = File.read(@attachment.diskfile, :mode => "rb")
42 46 render :action => 'file'
43 47 elsif @attachment.is_image?
44 48 render :action => 'image'
45 49 else
46 50 render :action => 'other'
47 51 end
48 52 }
49 53 format.api
50 54 end
51 55 end
52 56
53 57 def download
54 58 if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
55 59 @attachment.increment_download
56 60 end
57 61
58 62 if stale?(:etag => @attachment.digest)
59 63 # images are sent inline
60 64 send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
61 65 :type => detect_content_type(@attachment),
62 66 :disposition => disposition(@attachment)
63 67 end
64 68 end
65 69
66 70 def thumbnail
67 71 if @attachment.thumbnailable? && tbnail = @attachment.thumbnail(:size => params[:size])
68 72 if stale?(:etag => tbnail)
69 73 send_file tbnail,
70 74 :filename => filename_for_content_disposition(@attachment.filename),
71 75 :type => detect_content_type(@attachment),
72 76 :disposition => 'inline'
73 77 end
74 78 else
75 79 # No thumbnail for the attachment or thumbnail could not be created
76 80 head 404
77 81 end
78 82 end
79 83
80 84 def upload
81 85 # Make sure that API users get used to set this content type
82 86 # as it won't trigger Rails' automatic parsing of the request body for parameters
83 87 unless request.content_type == 'application/octet-stream'
84 88 head 406
85 89 return
86 90 end
87 91
88 92 @attachment = Attachment.new(:file => request.raw_post)
89 93 @attachment.author = User.current
90 94 @attachment.filename = params[:filename].presence || Redmine::Utils.random_hex(16)
91 95 @attachment.content_type = params[:content_type].presence
92 96 saved = @attachment.save
93 97
94 98 respond_to do |format|
95 99 format.js
96 100 format.api {
97 101 if saved
98 102 render :action => 'upload', :status => :created
99 103 else
100 104 render_validation_errors(@attachment)
101 105 end
102 106 }
103 107 end
104 108 end
105 109
106 110 def edit
107 111 end
108 112
109 113 def update
110 114 if params[:attachments].is_a?(Hash)
111 115 if Attachment.update_attachments(@attachments, params[:attachments])
112 116 redirect_back_or_default home_path
113 117 return
114 118 end
115 119 end
116 120 render :action => 'edit'
117 121 end
118 122
119 123 def destroy
120 124 if @attachment.container.respond_to?(:init_journal)
121 125 @attachment.container.init_journal(User.current)
122 126 end
123 127 if @attachment.container
124 128 # Make sure association callbacks are called
125 129 @attachment.container.attachments.delete(@attachment)
126 130 else
127 131 @attachment.destroy
128 132 end
129 133
130 134 respond_to do |format|
131 135 format.html { redirect_to_referer_or project_path(@project) }
132 136 format.js
133 137 format.api { render_api_ok }
134 138 end
135 139 end
136 140
137 141 private
138 142
139 143 def find_attachment
140 144 @attachment = Attachment.find(params[:id])
141 145 # Show 404 if the filename in the url is wrong
142 146 raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
143 147 @project = @attachment.project
144 148 rescue ActiveRecord::RecordNotFound
145 149 render_404
146 150 end
147 151
148 152 def find_editable_attachments
149 153 klass = params[:object_type].to_s.singularize.classify.constantize rescue nil
150 154 unless klass && klass.reflect_on_association(:attachments)
151 155 render_404
152 156 return
153 157 end
154 158
155 159 @container = klass.find(params[:object_id])
156 160 if @container.respond_to?(:visible?) && !@container.visible?
157 161 render_403
158 162 return
159 163 end
160 164 @attachments = @container.attachments.select(&:editable?)
161 165 if @container.respond_to?(:project)
162 166 @project = @container.project
163 167 end
164 168 render_404 if @attachments.empty?
165 169 rescue ActiveRecord::RecordNotFound
166 170 render_404
167 171 end
168 172
169 173 # Checks that the file exists and is readable
170 174 def file_readable
171 175 if @attachment.readable?
172 176 true
173 177 else
174 178 logger.error "Cannot send attachment, #{@attachment.diskfile} does not exist or is unreadable."
175 179 render_404
176 180 end
177 181 end
178 182
179 183 def read_authorize
180 184 @attachment.visible? ? true : deny_access
181 185 end
182 186
183 187 def delete_authorize
184 188 @attachment.deletable? ? true : deny_access
185 189 end
186 190
187 191 def detect_content_type(attachment)
188 192 content_type = attachment.content_type
189 193 if content_type.blank? || content_type == "application/octet-stream"
190 194 content_type = Redmine::MimeType.of(attachment.filename)
191 195 end
192 196 content_type.to_s
193 197 end
194 198
195 199 def disposition(attachment)
196 200 if attachment.is_image? || attachment.is_pdf?
197 201 'inline'
198 202 else
199 203 'attachment'
200 204 end
201 205 end
202 206 end
@@ -1,470 +1,483
1 1 # encoding: utf-8
2 2 #
3 3 # Redmine - project management software
4 4 # Copyright (C) 2006-2016 Jean-Philippe Lang
5 5 #
6 6 # This program is free software; you can redistribute it and/or
7 7 # modify it under the terms of the GNU General Public License
8 8 # as published by the Free Software Foundation; either version 2
9 9 # of the License, or (at your option) any later version.
10 10 #
11 11 # This program is distributed in the hope that it will be useful,
12 12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 14 # GNU General Public License for more details.
15 15 #
16 16 # You should have received a copy of the GNU General Public License
17 17 # along with this program; if not, write to the Free Software
18 18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
19 19
20 20 require File.expand_path('../../test_helper', __FILE__)
21 21
22 22 class AttachmentsControllerTest < Redmine::ControllerTest
23 23 fixtures :users, :projects, :roles, :members, :member_roles,
24 24 :enabled_modules, :issues, :trackers, :attachments,
25 25 :versions, :wiki_pages, :wikis, :documents
26 26
27 27 def setup
28 28 User.current = nil
29 29 set_fixtures_attachments_directory
30 30 end
31 31
32 32 def teardown
33 33 set_tmp_attachments_directory
34 34 end
35 35
36 36 def test_show_diff
37 37 ['inline', 'sbs'].each do |dt|
38 38 # 060719210727_changeset_utf8.diff
39 39 get :show, :id => 14, :type => dt
40 40 assert_response :success
41 41
42 42 assert_equal 'text/html', @response.content_type
43 43 assert_select 'th.filename', :text => /issues_controller.rb\t\(rΓ©vision 1484\)/
44 44 assert_select 'td.line-code', :text => /Demande créée avec succès/
45 45 end
46 46 set_tmp_attachments_directory
47 47 end
48 48
49 49 def test_show_diff_replace_cannot_convert_content
50 50 with_settings :repositories_encodings => 'UTF-8' do
51 51 ['inline', 'sbs'].each do |dt|
52 52 # 060719210727_changeset_iso8859-1.diff
53 53 get :show, :id => 5, :type => dt
54 54 assert_response :success
55 55
56 56 assert_equal 'text/html', @response.content_type
57 57 assert_select 'th.filename', :text => /issues_controller.rb\t\(r\?vision 1484\)/
58 58 assert_select 'td.line-code', :text => /Demande cr\?\?e avec succ\?s/
59 59 end
60 60 end
61 61 set_tmp_attachments_directory
62 62 end
63 63
64 64 def test_show_diff_latin_1
65 65 with_settings :repositories_encodings => 'UTF-8,ISO-8859-1' do
66 66 ['inline', 'sbs'].each do |dt|
67 67 # 060719210727_changeset_iso8859-1.diff
68 68 get :show, :id => 5, :type => dt
69 69 assert_response :success
70 70
71 71 assert_equal 'text/html', @response.content_type
72 72 assert_select 'th.filename', :text => /issues_controller.rb\t\(rΓ©vision 1484\)/
73 73 assert_select 'td.line-code', :text => /Demande créée avec succès/
74 74 end
75 75 end
76 76 set_tmp_attachments_directory
77 77 end
78 78
79 79 def test_save_diff_type
80 80 user1 = User.find(1)
81 81 user1.pref[:diff_type] = nil
82 82 user1.preference.save
83 83 user = User.find(1)
84 84 assert_nil user.pref[:diff_type]
85 85 @request.session[:user_id] = 1 # admin
86 86
87 87 get :show, :id => 5
88 88 assert_response :success
89 89 user.reload
90 90 assert_equal "inline", user.pref[:diff_type]
91 91
92 92 get :show, :id => 5, :type => 'sbs'
93 93 assert_response :success
94 94 user.reload
95 95 assert_equal "sbs", user.pref[:diff_type]
96 96 end
97 97
98 98 def test_diff_show_filename_in_mercurial_export
99 99 set_tmp_attachments_directory
100 100 a = Attachment.new(:container => Issue.find(1),
101 101 :file => uploaded_test_file("hg-export.diff", "text/plain"),
102 102 :author => User.find(1))
103 103 assert a.save
104 104 assert_equal 'hg-export.diff', a.filename
105 105
106 106 get :show, :id => a.id, :type => 'inline'
107 107 assert_response :success
108 108 assert_equal 'text/html', @response.content_type
109 109 assert_select 'th.filename', :text => 'test1.txt'
110 110 end
111 111
112 112 def test_show_text_file
113 113 get :show, :id => 4
114 114 assert_response :success
115 115 assert_equal 'text/html', @response.content_type
116 116 set_tmp_attachments_directory
117 117 end
118 118
119 119 def test_show_text_file_utf_8
120 120 set_tmp_attachments_directory
121 121 a = Attachment.new(:container => Issue.find(1),
122 122 :file => uploaded_test_file("japanese-utf-8.txt", "text/plain"),
123 123 :author => User.find(1))
124 124 assert a.save
125 125 assert_equal 'japanese-utf-8.txt', a.filename
126 126
127 127 str_japanese = "\xe6\x97\xa5\xe6\x9c\xac\xe8\xaa\x9e".force_encoding('UTF-8')
128 128
129 129 get :show, :id => a.id
130 130 assert_response :success
131 131 assert_equal 'text/html', @response.content_type
132 132 assert_select 'tr#L1' do
133 133 assert_select 'th.line-num', :text => '1'
134 134 assert_select 'td', :text => /#{str_japanese}/
135 135 end
136 136 end
137 137
138 138 def test_show_text_file_replace_cannot_convert_content
139 139 set_tmp_attachments_directory
140 140 with_settings :repositories_encodings => 'UTF-8' do
141 141 a = Attachment.new(:container => Issue.find(1),
142 142 :file => uploaded_test_file("iso8859-1.txt", "text/plain"),
143 143 :author => User.find(1))
144 144 assert a.save
145 145 assert_equal 'iso8859-1.txt', a.filename
146 146
147 147 get :show, :id => a.id
148 148 assert_response :success
149 149 assert_equal 'text/html', @response.content_type
150 150 assert_select 'tr#L7' do
151 151 assert_select 'th.line-num', :text => '7'
152 152 assert_select 'td', :text => /Demande cr\?\?e avec succ\?s/
153 153 end
154 154 end
155 155 end
156 156
157 157 def test_show_text_file_latin_1
158 158 set_tmp_attachments_directory
159 159 with_settings :repositories_encodings => 'UTF-8,ISO-8859-1' do
160 160 a = Attachment.new(:container => Issue.find(1),
161 161 :file => uploaded_test_file("iso8859-1.txt", "text/plain"),
162 162 :author => User.find(1))
163 163 assert a.save
164 164 assert_equal 'iso8859-1.txt', a.filename
165 165
166 166 get :show, :id => a.id
167 167 assert_response :success
168 168 assert_equal 'text/html', @response.content_type
169 169 assert_select 'tr#L7' do
170 170 assert_select 'th.line-num', :text => '7'
171 171 assert_select 'td', :text => /Demande créée avec succès/
172 172 end
173 173 end
174 174 end
175 175
176 176 def test_show_text_file_should_show_other_if_too_big
177 177 @request.session[:user_id] = 2
178 178 with_settings :file_max_size_displayed => 512 do
179 179 Attachment.find(4).update_attribute :filesize, 754.kilobyte
180 180 get :show, :id => 4
181 181 assert_response :success
182 182 assert_equal 'text/html', @response.content_type
183 183 assert_select '.nodata', :text => 'No preview available'
184 184 end
185 185 set_tmp_attachments_directory
186 186 end
187 187
188 188 def test_show_image
189 189 @request.session[:user_id] = 2
190 190 get :show, :id => 16
191 191 assert_response :success
192 192 assert_equal 'text/html', @response.content_type
193 193 assert_select 'img.filecontent', :src => attachments(:attachments_010).filename
194 194 end
195 195
196 196 def test_show_other
197 197 @request.session[:user_id] = 2
198 198 get :show, :id => 6
199 199 assert_equal 'text/html', @response.content_type
200 200 assert_select '.nodata', :text => 'No preview available'
201 201 set_tmp_attachments_directory
202 202 end
203 203
204 204 def test_show_file_from_private_issue_without_permission
205 205 get :show, :id => 15
206 206 assert_redirected_to '/login?back_url=http%3A%2F%2Ftest.host%2Fattachments%2F15'
207 207 set_tmp_attachments_directory
208 208 end
209 209
210 210 def test_show_file_from_private_issue_with_permission
211 211 @request.session[:user_id] = 2
212 212 get :show, :id => 15
213 213 assert_response :success
214 214 assert_select 'h2', :text => /private.diff/
215 215 set_tmp_attachments_directory
216 216 end
217 217
218 218 def test_show_file_without_container_should_be_allowed_to_author
219 219 set_tmp_attachments_directory
220 220 attachment = Attachment.create!(:file => uploaded_test_file("testfile.txt", "text/plain"), :author_id => 2)
221 221
222 222 @request.session[:user_id] = 2
223 223 get :show, :id => attachment.id
224 224 assert_response 200
225 225 end
226 226
227 227 def test_show_file_without_container_should_be_denied_to_other_users
228 228 set_tmp_attachments_directory
229 229 attachment = Attachment.create!(:file => uploaded_test_file("testfile.txt", "text/plain"), :author_id => 2)
230 230
231 231 @request.session[:user_id] = 3
232 232 get :show, :id => attachment.id
233 233 assert_response 403
234 234 end
235 235
236 236 def test_show_invalid_should_respond_with_404
237 237 get :show, :id => 999
238 238 assert_response 404
239 239 end
240 240
241 241 def test_download_text_file
242 242 get :download, :id => 4
243 243 assert_response :success
244 244 assert_equal 'application/x-ruby', @response.content_type
245 245 etag = @response.etag
246 246 assert_not_nil etag
247 247
248 248 @request.env["HTTP_IF_NONE_MATCH"] = etag
249 249 get :download, :id => 4
250 250 assert_response 304
251 251
252 252 set_tmp_attachments_directory
253 253 end
254 254
255 def test_download_js_file
256 set_tmp_attachments_directory
257 attachment = Attachment.create!(
258 :file => mock_file_with_options(:original_filename => "hello.js", :content_type => "text/javascript"),
259 :author_id => 2,
260 :container => Issue.find(1)
261 )
262
263 get :download, :id => attachment.id
264 assert_response :success
265 assert_equal 'text/javascript', @response.content_type
266 end
267
255 268 def test_download_version_file_with_issue_tracking_disabled
256 269 Project.find(1).disable_module! :issue_tracking
257 270 get :download, :id => 9
258 271 assert_response :success
259 272 end
260 273
261 274 def test_download_should_assign_content_type_if_blank
262 275 Attachment.find(4).update_attribute(:content_type, '')
263 276
264 277 get :download, :id => 4
265 278 assert_response :success
266 279 assert_equal 'text/x-ruby', @response.content_type
267 280 set_tmp_attachments_directory
268 281 end
269 282
270 283 def test_download_should_assign_better_content_type_than_application_octet_stream
271 284 Attachment.find(4).update! :content_type => "application/octet-stream"
272 285
273 286 get :download, :id => 4
274 287 assert_response :success
275 288 assert_equal 'text/x-ruby', @response.content_type
276 289 set_tmp_attachments_directory
277 290 end
278 291
279 292 def test_download_missing_file
280 293 get :download, :id => 2
281 294 assert_response 404
282 295 set_tmp_attachments_directory
283 296 end
284 297
285 298 def test_download_should_be_denied_without_permission
286 299 get :download, :id => 7
287 300 assert_redirected_to '/login?back_url=http%3A%2F%2Ftest.host%2Fattachments%2Fdownload%2F7'
288 301 set_tmp_attachments_directory
289 302 end
290 303
291 304 if convert_installed?
292 305 def test_thumbnail
293 306 Attachment.clear_thumbnails
294 307 @request.session[:user_id] = 2
295 308 get :thumbnail, :id => 16
296 309 assert_response :success
297 310 assert_equal 'image/png', response.content_type
298 311
299 312 etag = @response.etag
300 313 assert_not_nil etag
301 314
302 315 @request.env["HTTP_IF_NONE_MATCH"] = etag
303 316 get :thumbnail, :id => 16
304 317 assert_response 304
305 318 end
306 319
307 320 def test_thumbnail_should_not_exceed_maximum_size
308 321 Redmine::Thumbnail.expects(:generate).with {|source, target, size| size == 800}
309 322
310 323 @request.session[:user_id] = 2
311 324 get :thumbnail, :id => 16, :size => 2000
312 325 end
313 326
314 327 def test_thumbnail_should_round_size
315 328 Redmine::Thumbnail.expects(:generate).with {|source, target, size| size == 250}
316 329
317 330 @request.session[:user_id] = 2
318 331 get :thumbnail, :id => 16, :size => 260
319 332 end
320 333
321 334 def test_thumbnail_should_return_404_for_non_image_attachment
322 335 @request.session[:user_id] = 2
323 336
324 337 get :thumbnail, :id => 15
325 338 assert_response 404
326 339 end
327 340
328 341 def test_thumbnail_should_return_404_if_thumbnail_generation_failed
329 342 Attachment.any_instance.stubs(:thumbnail).returns(nil)
330 343 @request.session[:user_id] = 2
331 344
332 345 get :thumbnail, :id => 16
333 346 assert_response 404
334 347 end
335 348
336 349 def test_thumbnail_should_be_denied_without_permission
337 350 get :thumbnail, :id => 16
338 351 assert_redirected_to '/login?back_url=http%3A%2F%2Ftest.host%2Fattachments%2Fthumbnail%2F16'
339 352 end
340 353 else
341 354 puts '(ImageMagick convert not available)'
342 355 end
343 356
344 357 def test_edit
345 358 @request.session[:user_id] = 2
346 359 get :edit, :object_type => 'issues', :object_id => '2'
347 360 assert_response :success
348 361
349 362 assert_select 'form[action=?]', '/attachments/issues/2' do
350 363 Issue.find(2).attachments.each do |attachment|
351 364 assert_select "tr#attachment-#{attachment.id}"
352 365 end
353 366
354 367 assert_select 'tr#attachment-4' do
355 368 assert_select 'input[name=?][value=?]', 'attachments[4][filename]', 'source.rb'
356 369 assert_select 'input[name=?][value=?]', 'attachments[4][description]', 'This is a Ruby source file'
357 370 end
358 371 end
359 372 end
360 373
361 374 def test_edit_invalid_container_class_should_return_404
362 375 get :edit, :object_type => 'nuggets', :object_id => '3'
363 376 assert_response 404
364 377 end
365 378
366 379 def test_edit_invalid_object_should_return_404
367 380 get :edit, :object_type => 'issues', :object_id => '999'
368 381 assert_response 404
369 382 end
370 383
371 384 def test_edit_for_object_that_is_not_visible_should_return_403
372 385 get :edit, :object_type => 'issues', :object_id => '4'
373 386 assert_response 403
374 387 end
375 388
376 389 def test_update
377 390 @request.session[:user_id] = 2
378 391 patch :update, :object_type => 'issues', :object_id => '2', :attachments => {
379 392 '1' => {:filename => 'newname.text', :description => ''},
380 393 '4' => {:filename => 'newname.rb', :description => 'Renamed'},
381 394 }
382 395
383 396 assert_response 302
384 397 attachment = Attachment.find(4)
385 398 assert_equal 'newname.rb', attachment.filename
386 399 assert_equal 'Renamed', attachment.description
387 400 end
388 401
389 402 def test_update_with_failure
390 403 @request.session[:user_id] = 2
391 404 patch :update, :object_type => 'issues', :object_id => '3', :attachments => {
392 405 '1' => {:filename => '', :description => ''},
393 406 '4' => {:filename => 'newname.rb', :description => 'Renamed'},
394 407 }
395 408
396 409 assert_response :success
397 410 assert_select_error /file cannot be blank/i
398 411
399 412 # The other attachment should not be updated
400 413 attachment = Attachment.find(4)
401 414 assert_equal 'source.rb', attachment.filename
402 415 assert_equal 'This is a Ruby source file', attachment.description
403 416 end
404 417
405 418 def test_destroy_issue_attachment
406 419 set_tmp_attachments_directory
407 420 issue = Issue.find(3)
408 421 @request.session[:user_id] = 2
409 422
410 423 assert_difference 'issue.attachments.count', -1 do
411 424 assert_difference 'Journal.count' do
412 425 delete :destroy, :id => 1
413 426 assert_redirected_to '/projects/ecookbook'
414 427 end
415 428 end
416 429 assert_nil Attachment.find_by_id(1)
417 430 j = Journal.order('id DESC').first
418 431 assert_equal issue, j.journalized
419 432 assert_equal 'attachment', j.details.first.property
420 433 assert_equal '1', j.details.first.prop_key
421 434 assert_equal 'error281.txt', j.details.first.old_value
422 435 assert_equal User.find(2), j.user
423 436 end
424 437
425 438 def test_destroy_wiki_page_attachment
426 439 set_tmp_attachments_directory
427 440 @request.session[:user_id] = 2
428 441 assert_difference 'Attachment.count', -1 do
429 442 delete :destroy, :id => 3
430 443 assert_response 302
431 444 end
432 445 end
433 446
434 447 def test_destroy_project_attachment
435 448 set_tmp_attachments_directory
436 449 @request.session[:user_id] = 2
437 450 assert_difference 'Attachment.count', -1 do
438 451 delete :destroy, :id => 8
439 452 assert_response 302
440 453 end
441 454 end
442 455
443 456 def test_destroy_version_attachment
444 457 set_tmp_attachments_directory
445 458 @request.session[:user_id] = 2
446 459 assert_difference 'Attachment.count', -1 do
447 460 delete :destroy, :id => 9
448 461 assert_response 302
449 462 end
450 463 end
451 464
452 465 def test_destroy_version_attachment_with_issue_tracking_disabled
453 466 Project.find(1).disable_module! :issue_tracking
454 467 set_tmp_attachments_directory
455 468 @request.session[:user_id] = 2
456 469 assert_difference 'Attachment.count', -1 do
457 470 delete :destroy, :id => 9
458 471 assert_response 302
459 472 end
460 473 end
461 474
462 475 def test_destroy_without_permission
463 476 set_tmp_attachments_directory
464 477 assert_no_difference 'Attachment.count' do
465 478 delete :destroy, :id => 3
466 479 end
467 480 assert_response 302
468 481 assert Attachment.find_by_id(3)
469 482 end
470 483 end
General Comments 0
You need to be logged in to leave comments. Login now