@@ -1,202 +1,206 | |||
|
1 | 1 | # Redmine - project management software |
|
2 | 2 | # Copyright (C) 2006-2016 Jean-Philippe Lang |
|
3 | 3 | # |
|
4 | 4 | # This program is free software; you can redistribute it and/or |
|
5 | 5 | # modify it under the terms of the GNU General Public License |
|
6 | 6 | # as published by the Free Software Foundation; either version 2 |
|
7 | 7 | # of the License, or (at your option) any later version. |
|
8 | 8 | # |
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 | 12 | # GNU General Public License for more details. |
|
13 | 13 | # |
|
14 | 14 | # You should have received a copy of the GNU General Public License |
|
15 | 15 | # along with this program; if not, write to the Free Software |
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
17 | 17 | |
|
18 | 18 | class AttachmentsController < ApplicationController |
|
19 | 19 | before_action :find_attachment, :only => [:show, :download, :thumbnail, :destroy] |
|
20 | 20 | before_action :find_editable_attachments, :only => [:edit, :update] |
|
21 | 21 | before_action :file_readable, :read_authorize, :only => [:show, :download, :thumbnail] |
|
22 | 22 | before_action :delete_authorize, :only => :destroy |
|
23 | 23 | before_action :authorize_global, :only => :upload |
|
24 | 24 | |
|
25 | # Disable check for same origin requests for JS files, i.e. attachments with | |
|
26 | # MIME type text/javascript. | |
|
27 | skip_after_filter :verify_same_origin_request, :only => :download | |
|
28 | ||
|
25 | 29 | accept_api_auth :show, :download, :thumbnail, :upload, :destroy |
|
26 | 30 | |
|
27 | 31 | def show |
|
28 | 32 | respond_to do |format| |
|
29 | 33 | format.html { |
|
30 | 34 | if @attachment.is_diff? |
|
31 | 35 | @diff = File.read(@attachment.diskfile, :mode => "rb") |
|
32 | 36 | @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline' |
|
33 | 37 | @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type) |
|
34 | 38 | # Save diff type as user preference |
|
35 | 39 | if User.current.logged? && @diff_type != User.current.pref[:diff_type] |
|
36 | 40 | User.current.pref[:diff_type] = @diff_type |
|
37 | 41 | User.current.preference.save |
|
38 | 42 | end |
|
39 | 43 | render :action => 'diff' |
|
40 | 44 | elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte |
|
41 | 45 | @content = File.read(@attachment.diskfile, :mode => "rb") |
|
42 | 46 | render :action => 'file' |
|
43 | 47 | elsif @attachment.is_image? |
|
44 | 48 | render :action => 'image' |
|
45 | 49 | else |
|
46 | 50 | render :action => 'other' |
|
47 | 51 | end |
|
48 | 52 | } |
|
49 | 53 | format.api |
|
50 | 54 | end |
|
51 | 55 | end |
|
52 | 56 | |
|
53 | 57 | def download |
|
54 | 58 | if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project) |
|
55 | 59 | @attachment.increment_download |
|
56 | 60 | end |
|
57 | 61 | |
|
58 | 62 | if stale?(:etag => @attachment.digest) |
|
59 | 63 | # images are sent inline |
|
60 | 64 | send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), |
|
61 | 65 | :type => detect_content_type(@attachment), |
|
62 | 66 | :disposition => disposition(@attachment) |
|
63 | 67 | end |
|
64 | 68 | end |
|
65 | 69 | |
|
66 | 70 | def thumbnail |
|
67 | 71 | if @attachment.thumbnailable? && tbnail = @attachment.thumbnail(:size => params[:size]) |
|
68 | 72 | if stale?(:etag => tbnail) |
|
69 | 73 | send_file tbnail, |
|
70 | 74 | :filename => filename_for_content_disposition(@attachment.filename), |
|
71 | 75 | :type => detect_content_type(@attachment), |
|
72 | 76 | :disposition => 'inline' |
|
73 | 77 | end |
|
74 | 78 | else |
|
75 | 79 | # No thumbnail for the attachment or thumbnail could not be created |
|
76 | 80 | head 404 |
|
77 | 81 | end |
|
78 | 82 | end |
|
79 | 83 | |
|
80 | 84 | def upload |
|
81 | 85 | # Make sure that API users get used to set this content type |
|
82 | 86 | # as it won't trigger Rails' automatic parsing of the request body for parameters |
|
83 | 87 | unless request.content_type == 'application/octet-stream' |
|
84 | 88 | head 406 |
|
85 | 89 | return |
|
86 | 90 | end |
|
87 | 91 | |
|
88 | 92 | @attachment = Attachment.new(:file => request.raw_post) |
|
89 | 93 | @attachment.author = User.current |
|
90 | 94 | @attachment.filename = params[:filename].presence || Redmine::Utils.random_hex(16) |
|
91 | 95 | @attachment.content_type = params[:content_type].presence |
|
92 | 96 | saved = @attachment.save |
|
93 | 97 | |
|
94 | 98 | respond_to do |format| |
|
95 | 99 | format.js |
|
96 | 100 | format.api { |
|
97 | 101 | if saved |
|
98 | 102 | render :action => 'upload', :status => :created |
|
99 | 103 | else |
|
100 | 104 | render_validation_errors(@attachment) |
|
101 | 105 | end |
|
102 | 106 | } |
|
103 | 107 | end |
|
104 | 108 | end |
|
105 | 109 | |
|
106 | 110 | def edit |
|
107 | 111 | end |
|
108 | 112 | |
|
109 | 113 | def update |
|
110 | 114 | if params[:attachments].is_a?(Hash) |
|
111 | 115 | if Attachment.update_attachments(@attachments, params[:attachments]) |
|
112 | 116 | redirect_back_or_default home_path |
|
113 | 117 | return |
|
114 | 118 | end |
|
115 | 119 | end |
|
116 | 120 | render :action => 'edit' |
|
117 | 121 | end |
|
118 | 122 | |
|
119 | 123 | def destroy |
|
120 | 124 | if @attachment.container.respond_to?(:init_journal) |
|
121 | 125 | @attachment.container.init_journal(User.current) |
|
122 | 126 | end |
|
123 | 127 | if @attachment.container |
|
124 | 128 | # Make sure association callbacks are called |
|
125 | 129 | @attachment.container.attachments.delete(@attachment) |
|
126 | 130 | else |
|
127 | 131 | @attachment.destroy |
|
128 | 132 | end |
|
129 | 133 | |
|
130 | 134 | respond_to do |format| |
|
131 | 135 | format.html { redirect_to_referer_or project_path(@project) } |
|
132 | 136 | format.js |
|
133 | 137 | format.api { render_api_ok } |
|
134 | 138 | end |
|
135 | 139 | end |
|
136 | 140 | |
|
137 | 141 | private |
|
138 | 142 | |
|
139 | 143 | def find_attachment |
|
140 | 144 | @attachment = Attachment.find(params[:id]) |
|
141 | 145 | # Show 404 if the filename in the url is wrong |
|
142 | 146 | raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename |
|
143 | 147 | @project = @attachment.project |
|
144 | 148 | rescue ActiveRecord::RecordNotFound |
|
145 | 149 | render_404 |
|
146 | 150 | end |
|
147 | 151 | |
|
148 | 152 | def find_editable_attachments |
|
149 | 153 | klass = params[:object_type].to_s.singularize.classify.constantize rescue nil |
|
150 | 154 | unless klass && klass.reflect_on_association(:attachments) |
|
151 | 155 | render_404 |
|
152 | 156 | return |
|
153 | 157 | end |
|
154 | 158 | |
|
155 | 159 | @container = klass.find(params[:object_id]) |
|
156 | 160 | if @container.respond_to?(:visible?) && !@container.visible? |
|
157 | 161 | render_403 |
|
158 | 162 | return |
|
159 | 163 | end |
|
160 | 164 | @attachments = @container.attachments.select(&:editable?) |
|
161 | 165 | if @container.respond_to?(:project) |
|
162 | 166 | @project = @container.project |
|
163 | 167 | end |
|
164 | 168 | render_404 if @attachments.empty? |
|
165 | 169 | rescue ActiveRecord::RecordNotFound |
|
166 | 170 | render_404 |
|
167 | 171 | end |
|
168 | 172 | |
|
169 | 173 | # Checks that the file exists and is readable |
|
170 | 174 | def file_readable |
|
171 | 175 | if @attachment.readable? |
|
172 | 176 | true |
|
173 | 177 | else |
|
174 | 178 | logger.error "Cannot send attachment, #{@attachment.diskfile} does not exist or is unreadable." |
|
175 | 179 | render_404 |
|
176 | 180 | end |
|
177 | 181 | end |
|
178 | 182 | |
|
179 | 183 | def read_authorize |
|
180 | 184 | @attachment.visible? ? true : deny_access |
|
181 | 185 | end |
|
182 | 186 | |
|
183 | 187 | def delete_authorize |
|
184 | 188 | @attachment.deletable? ? true : deny_access |
|
185 | 189 | end |
|
186 | 190 | |
|
187 | 191 | def detect_content_type(attachment) |
|
188 | 192 | content_type = attachment.content_type |
|
189 | 193 | if content_type.blank? || content_type == "application/octet-stream" |
|
190 | 194 | content_type = Redmine::MimeType.of(attachment.filename) |
|
191 | 195 | end |
|
192 | 196 | content_type.to_s |
|
193 | 197 | end |
|
194 | 198 | |
|
195 | 199 | def disposition(attachment) |
|
196 | 200 | if attachment.is_image? || attachment.is_pdf? |
|
197 | 201 | 'inline' |
|
198 | 202 | else |
|
199 | 203 | 'attachment' |
|
200 | 204 | end |
|
201 | 205 | end |
|
202 | 206 | end |
@@ -1,470 +1,483 | |||
|
1 | 1 | # encoding: utf-8 |
|
2 | 2 | # |
|
3 | 3 | # Redmine - project management software |
|
4 | 4 | # Copyright (C) 2006-2016 Jean-Philippe Lang |
|
5 | 5 | # |
|
6 | 6 | # This program is free software; you can redistribute it and/or |
|
7 | 7 | # modify it under the terms of the GNU General Public License |
|
8 | 8 | # as published by the Free Software Foundation; either version 2 |
|
9 | 9 | # of the License, or (at your option) any later version. |
|
10 | 10 | # |
|
11 | 11 | # This program is distributed in the hope that it will be useful, |
|
12 | 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
13 | 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
14 | 14 | # GNU General Public License for more details. |
|
15 | 15 | # |
|
16 | 16 | # You should have received a copy of the GNU General Public License |
|
17 | 17 | # along with this program; if not, write to the Free Software |
|
18 | 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
19 | 19 | |
|
20 | 20 | require File.expand_path('../../test_helper', __FILE__) |
|
21 | 21 | |
|
22 | 22 | class AttachmentsControllerTest < Redmine::ControllerTest |
|
23 | 23 | fixtures :users, :projects, :roles, :members, :member_roles, |
|
24 | 24 | :enabled_modules, :issues, :trackers, :attachments, |
|
25 | 25 | :versions, :wiki_pages, :wikis, :documents |
|
26 | 26 | |
|
27 | 27 | def setup |
|
28 | 28 | User.current = nil |
|
29 | 29 | set_fixtures_attachments_directory |
|
30 | 30 | end |
|
31 | 31 | |
|
32 | 32 | def teardown |
|
33 | 33 | set_tmp_attachments_directory |
|
34 | 34 | end |
|
35 | 35 | |
|
36 | 36 | def test_show_diff |
|
37 | 37 | ['inline', 'sbs'].each do |dt| |
|
38 | 38 | # 060719210727_changeset_utf8.diff |
|
39 | 39 | get :show, :id => 14, :type => dt |
|
40 | 40 | assert_response :success |
|
41 | 41 | |
|
42 | 42 | assert_equal 'text/html', @response.content_type |
|
43 | 43 | assert_select 'th.filename', :text => /issues_controller.rb\t\(rΓ©vision 1484\)/ |
|
44 | 44 | assert_select 'td.line-code', :text => /Demande créée avec succès/ |
|
45 | 45 | end |
|
46 | 46 | set_tmp_attachments_directory |
|
47 | 47 | end |
|
48 | 48 | |
|
49 | 49 | def test_show_diff_replace_cannot_convert_content |
|
50 | 50 | with_settings :repositories_encodings => 'UTF-8' do |
|
51 | 51 | ['inline', 'sbs'].each do |dt| |
|
52 | 52 | # 060719210727_changeset_iso8859-1.diff |
|
53 | 53 | get :show, :id => 5, :type => dt |
|
54 | 54 | assert_response :success |
|
55 | 55 | |
|
56 | 56 | assert_equal 'text/html', @response.content_type |
|
57 | 57 | assert_select 'th.filename', :text => /issues_controller.rb\t\(r\?vision 1484\)/ |
|
58 | 58 | assert_select 'td.line-code', :text => /Demande cr\?\?e avec succ\?s/ |
|
59 | 59 | end |
|
60 | 60 | end |
|
61 | 61 | set_tmp_attachments_directory |
|
62 | 62 | end |
|
63 | 63 | |
|
64 | 64 | def test_show_diff_latin_1 |
|
65 | 65 | with_settings :repositories_encodings => 'UTF-8,ISO-8859-1' do |
|
66 | 66 | ['inline', 'sbs'].each do |dt| |
|
67 | 67 | # 060719210727_changeset_iso8859-1.diff |
|
68 | 68 | get :show, :id => 5, :type => dt |
|
69 | 69 | assert_response :success |
|
70 | 70 | |
|
71 | 71 | assert_equal 'text/html', @response.content_type |
|
72 | 72 | assert_select 'th.filename', :text => /issues_controller.rb\t\(rΓ©vision 1484\)/ |
|
73 | 73 | assert_select 'td.line-code', :text => /Demande créée avec succès/ |
|
74 | 74 | end |
|
75 | 75 | end |
|
76 | 76 | set_tmp_attachments_directory |
|
77 | 77 | end |
|
78 | 78 | |
|
79 | 79 | def test_save_diff_type |
|
80 | 80 | user1 = User.find(1) |
|
81 | 81 | user1.pref[:diff_type] = nil |
|
82 | 82 | user1.preference.save |
|
83 | 83 | user = User.find(1) |
|
84 | 84 | assert_nil user.pref[:diff_type] |
|
85 | 85 | @request.session[:user_id] = 1 # admin |
|
86 | 86 | |
|
87 | 87 | get :show, :id => 5 |
|
88 | 88 | assert_response :success |
|
89 | 89 | user.reload |
|
90 | 90 | assert_equal "inline", user.pref[:diff_type] |
|
91 | 91 | |
|
92 | 92 | get :show, :id => 5, :type => 'sbs' |
|
93 | 93 | assert_response :success |
|
94 | 94 | user.reload |
|
95 | 95 | assert_equal "sbs", user.pref[:diff_type] |
|
96 | 96 | end |
|
97 | 97 | |
|
98 | 98 | def test_diff_show_filename_in_mercurial_export |
|
99 | 99 | set_tmp_attachments_directory |
|
100 | 100 | a = Attachment.new(:container => Issue.find(1), |
|
101 | 101 | :file => uploaded_test_file("hg-export.diff", "text/plain"), |
|
102 | 102 | :author => User.find(1)) |
|
103 | 103 | assert a.save |
|
104 | 104 | assert_equal 'hg-export.diff', a.filename |
|
105 | 105 | |
|
106 | 106 | get :show, :id => a.id, :type => 'inline' |
|
107 | 107 | assert_response :success |
|
108 | 108 | assert_equal 'text/html', @response.content_type |
|
109 | 109 | assert_select 'th.filename', :text => 'test1.txt' |
|
110 | 110 | end |
|
111 | 111 | |
|
112 | 112 | def test_show_text_file |
|
113 | 113 | get :show, :id => 4 |
|
114 | 114 | assert_response :success |
|
115 | 115 | assert_equal 'text/html', @response.content_type |
|
116 | 116 | set_tmp_attachments_directory |
|
117 | 117 | end |
|
118 | 118 | |
|
119 | 119 | def test_show_text_file_utf_8 |
|
120 | 120 | set_tmp_attachments_directory |
|
121 | 121 | a = Attachment.new(:container => Issue.find(1), |
|
122 | 122 | :file => uploaded_test_file("japanese-utf-8.txt", "text/plain"), |
|
123 | 123 | :author => User.find(1)) |
|
124 | 124 | assert a.save |
|
125 | 125 | assert_equal 'japanese-utf-8.txt', a.filename |
|
126 | 126 | |
|
127 | 127 | str_japanese = "\xe6\x97\xa5\xe6\x9c\xac\xe8\xaa\x9e".force_encoding('UTF-8') |
|
128 | 128 | |
|
129 | 129 | get :show, :id => a.id |
|
130 | 130 | assert_response :success |
|
131 | 131 | assert_equal 'text/html', @response.content_type |
|
132 | 132 | assert_select 'tr#L1' do |
|
133 | 133 | assert_select 'th.line-num', :text => '1' |
|
134 | 134 | assert_select 'td', :text => /#{str_japanese}/ |
|
135 | 135 | end |
|
136 | 136 | end |
|
137 | 137 | |
|
138 | 138 | def test_show_text_file_replace_cannot_convert_content |
|
139 | 139 | set_tmp_attachments_directory |
|
140 | 140 | with_settings :repositories_encodings => 'UTF-8' do |
|
141 | 141 | a = Attachment.new(:container => Issue.find(1), |
|
142 | 142 | :file => uploaded_test_file("iso8859-1.txt", "text/plain"), |
|
143 | 143 | :author => User.find(1)) |
|
144 | 144 | assert a.save |
|
145 | 145 | assert_equal 'iso8859-1.txt', a.filename |
|
146 | 146 | |
|
147 | 147 | get :show, :id => a.id |
|
148 | 148 | assert_response :success |
|
149 | 149 | assert_equal 'text/html', @response.content_type |
|
150 | 150 | assert_select 'tr#L7' do |
|
151 | 151 | assert_select 'th.line-num', :text => '7' |
|
152 | 152 | assert_select 'td', :text => /Demande cr\?\?e avec succ\?s/ |
|
153 | 153 | end |
|
154 | 154 | end |
|
155 | 155 | end |
|
156 | 156 | |
|
157 | 157 | def test_show_text_file_latin_1 |
|
158 | 158 | set_tmp_attachments_directory |
|
159 | 159 | with_settings :repositories_encodings => 'UTF-8,ISO-8859-1' do |
|
160 | 160 | a = Attachment.new(:container => Issue.find(1), |
|
161 | 161 | :file => uploaded_test_file("iso8859-1.txt", "text/plain"), |
|
162 | 162 | :author => User.find(1)) |
|
163 | 163 | assert a.save |
|
164 | 164 | assert_equal 'iso8859-1.txt', a.filename |
|
165 | 165 | |
|
166 | 166 | get :show, :id => a.id |
|
167 | 167 | assert_response :success |
|
168 | 168 | assert_equal 'text/html', @response.content_type |
|
169 | 169 | assert_select 'tr#L7' do |
|
170 | 170 | assert_select 'th.line-num', :text => '7' |
|
171 | 171 | assert_select 'td', :text => /Demande créée avec succès/ |
|
172 | 172 | end |
|
173 | 173 | end |
|
174 | 174 | end |
|
175 | 175 | |
|
176 | 176 | def test_show_text_file_should_show_other_if_too_big |
|
177 | 177 | @request.session[:user_id] = 2 |
|
178 | 178 | with_settings :file_max_size_displayed => 512 do |
|
179 | 179 | Attachment.find(4).update_attribute :filesize, 754.kilobyte |
|
180 | 180 | get :show, :id => 4 |
|
181 | 181 | assert_response :success |
|
182 | 182 | assert_equal 'text/html', @response.content_type |
|
183 | 183 | assert_select '.nodata', :text => 'No preview available' |
|
184 | 184 | end |
|
185 | 185 | set_tmp_attachments_directory |
|
186 | 186 | end |
|
187 | 187 | |
|
188 | 188 | def test_show_image |
|
189 | 189 | @request.session[:user_id] = 2 |
|
190 | 190 | get :show, :id => 16 |
|
191 | 191 | assert_response :success |
|
192 | 192 | assert_equal 'text/html', @response.content_type |
|
193 | 193 | assert_select 'img.filecontent', :src => attachments(:attachments_010).filename |
|
194 | 194 | end |
|
195 | 195 | |
|
196 | 196 | def test_show_other |
|
197 | 197 | @request.session[:user_id] = 2 |
|
198 | 198 | get :show, :id => 6 |
|
199 | 199 | assert_equal 'text/html', @response.content_type |
|
200 | 200 | assert_select '.nodata', :text => 'No preview available' |
|
201 | 201 | set_tmp_attachments_directory |
|
202 | 202 | end |
|
203 | 203 | |
|
204 | 204 | def test_show_file_from_private_issue_without_permission |
|
205 | 205 | get :show, :id => 15 |
|
206 | 206 | assert_redirected_to '/login?back_url=http%3A%2F%2Ftest.host%2Fattachments%2F15' |
|
207 | 207 | set_tmp_attachments_directory |
|
208 | 208 | end |
|
209 | 209 | |
|
210 | 210 | def test_show_file_from_private_issue_with_permission |
|
211 | 211 | @request.session[:user_id] = 2 |
|
212 | 212 | get :show, :id => 15 |
|
213 | 213 | assert_response :success |
|
214 | 214 | assert_select 'h2', :text => /private.diff/ |
|
215 | 215 | set_tmp_attachments_directory |
|
216 | 216 | end |
|
217 | 217 | |
|
218 | 218 | def test_show_file_without_container_should_be_allowed_to_author |
|
219 | 219 | set_tmp_attachments_directory |
|
220 | 220 | attachment = Attachment.create!(:file => uploaded_test_file("testfile.txt", "text/plain"), :author_id => 2) |
|
221 | 221 | |
|
222 | 222 | @request.session[:user_id] = 2 |
|
223 | 223 | get :show, :id => attachment.id |
|
224 | 224 | assert_response 200 |
|
225 | 225 | end |
|
226 | 226 | |
|
227 | 227 | def test_show_file_without_container_should_be_denied_to_other_users |
|
228 | 228 | set_tmp_attachments_directory |
|
229 | 229 | attachment = Attachment.create!(:file => uploaded_test_file("testfile.txt", "text/plain"), :author_id => 2) |
|
230 | 230 | |
|
231 | 231 | @request.session[:user_id] = 3 |
|
232 | 232 | get :show, :id => attachment.id |
|
233 | 233 | assert_response 403 |
|
234 | 234 | end |
|
235 | 235 | |
|
236 | 236 | def test_show_invalid_should_respond_with_404 |
|
237 | 237 | get :show, :id => 999 |
|
238 | 238 | assert_response 404 |
|
239 | 239 | end |
|
240 | 240 | |
|
241 | 241 | def test_download_text_file |
|
242 | 242 | get :download, :id => 4 |
|
243 | 243 | assert_response :success |
|
244 | 244 | assert_equal 'application/x-ruby', @response.content_type |
|
245 | 245 | etag = @response.etag |
|
246 | 246 | assert_not_nil etag |
|
247 | 247 | |
|
248 | 248 | @request.env["HTTP_IF_NONE_MATCH"] = etag |
|
249 | 249 | get :download, :id => 4 |
|
250 | 250 | assert_response 304 |
|
251 | 251 | |
|
252 | 252 | set_tmp_attachments_directory |
|
253 | 253 | end |
|
254 | 254 | |
|
255 | def test_download_js_file | |
|
256 | set_tmp_attachments_directory | |
|
257 | attachment = Attachment.create!( | |
|
258 | :file => mock_file_with_options(:original_filename => "hello.js", :content_type => "text/javascript"), | |
|
259 | :author_id => 2, | |
|
260 | :container => Issue.find(1) | |
|
261 | ) | |
|
262 | ||
|
263 | get :download, :id => attachment.id | |
|
264 | assert_response :success | |
|
265 | assert_equal 'text/javascript', @response.content_type | |
|
266 | end | |
|
267 | ||
|
255 | 268 | def test_download_version_file_with_issue_tracking_disabled |
|
256 | 269 | Project.find(1).disable_module! :issue_tracking |
|
257 | 270 | get :download, :id => 9 |
|
258 | 271 | assert_response :success |
|
259 | 272 | end |
|
260 | 273 | |
|
261 | 274 | def test_download_should_assign_content_type_if_blank |
|
262 | 275 | Attachment.find(4).update_attribute(:content_type, '') |
|
263 | 276 | |
|
264 | 277 | get :download, :id => 4 |
|
265 | 278 | assert_response :success |
|
266 | 279 | assert_equal 'text/x-ruby', @response.content_type |
|
267 | 280 | set_tmp_attachments_directory |
|
268 | 281 | end |
|
269 | 282 | |
|
270 | 283 | def test_download_should_assign_better_content_type_than_application_octet_stream |
|
271 | 284 | Attachment.find(4).update! :content_type => "application/octet-stream" |
|
272 | 285 | |
|
273 | 286 | get :download, :id => 4 |
|
274 | 287 | assert_response :success |
|
275 | 288 | assert_equal 'text/x-ruby', @response.content_type |
|
276 | 289 | set_tmp_attachments_directory |
|
277 | 290 | end |
|
278 | 291 | |
|
279 | 292 | def test_download_missing_file |
|
280 | 293 | get :download, :id => 2 |
|
281 | 294 | assert_response 404 |
|
282 | 295 | set_tmp_attachments_directory |
|
283 | 296 | end |
|
284 | 297 | |
|
285 | 298 | def test_download_should_be_denied_without_permission |
|
286 | 299 | get :download, :id => 7 |
|
287 | 300 | assert_redirected_to '/login?back_url=http%3A%2F%2Ftest.host%2Fattachments%2Fdownload%2F7' |
|
288 | 301 | set_tmp_attachments_directory |
|
289 | 302 | end |
|
290 | 303 | |
|
291 | 304 | if convert_installed? |
|
292 | 305 | def test_thumbnail |
|
293 | 306 | Attachment.clear_thumbnails |
|
294 | 307 | @request.session[:user_id] = 2 |
|
295 | 308 | get :thumbnail, :id => 16 |
|
296 | 309 | assert_response :success |
|
297 | 310 | assert_equal 'image/png', response.content_type |
|
298 | 311 | |
|
299 | 312 | etag = @response.etag |
|
300 | 313 | assert_not_nil etag |
|
301 | 314 | |
|
302 | 315 | @request.env["HTTP_IF_NONE_MATCH"] = etag |
|
303 | 316 | get :thumbnail, :id => 16 |
|
304 | 317 | assert_response 304 |
|
305 | 318 | end |
|
306 | 319 | |
|
307 | 320 | def test_thumbnail_should_not_exceed_maximum_size |
|
308 | 321 | Redmine::Thumbnail.expects(:generate).with {|source, target, size| size == 800} |
|
309 | 322 | |
|
310 | 323 | @request.session[:user_id] = 2 |
|
311 | 324 | get :thumbnail, :id => 16, :size => 2000 |
|
312 | 325 | end |
|
313 | 326 | |
|
314 | 327 | def test_thumbnail_should_round_size |
|
315 | 328 | Redmine::Thumbnail.expects(:generate).with {|source, target, size| size == 250} |
|
316 | 329 | |
|
317 | 330 | @request.session[:user_id] = 2 |
|
318 | 331 | get :thumbnail, :id => 16, :size => 260 |
|
319 | 332 | end |
|
320 | 333 | |
|
321 | 334 | def test_thumbnail_should_return_404_for_non_image_attachment |
|
322 | 335 | @request.session[:user_id] = 2 |
|
323 | 336 | |
|
324 | 337 | get :thumbnail, :id => 15 |
|
325 | 338 | assert_response 404 |
|
326 | 339 | end |
|
327 | 340 | |
|
328 | 341 | def test_thumbnail_should_return_404_if_thumbnail_generation_failed |
|
329 | 342 | Attachment.any_instance.stubs(:thumbnail).returns(nil) |
|
330 | 343 | @request.session[:user_id] = 2 |
|
331 | 344 | |
|
332 | 345 | get :thumbnail, :id => 16 |
|
333 | 346 | assert_response 404 |
|
334 | 347 | end |
|
335 | 348 | |
|
336 | 349 | def test_thumbnail_should_be_denied_without_permission |
|
337 | 350 | get :thumbnail, :id => 16 |
|
338 | 351 | assert_redirected_to '/login?back_url=http%3A%2F%2Ftest.host%2Fattachments%2Fthumbnail%2F16' |
|
339 | 352 | end |
|
340 | 353 | else |
|
341 | 354 | puts '(ImageMagick convert not available)' |
|
342 | 355 | end |
|
343 | 356 | |
|
344 | 357 | def test_edit |
|
345 | 358 | @request.session[:user_id] = 2 |
|
346 | 359 | get :edit, :object_type => 'issues', :object_id => '2' |
|
347 | 360 | assert_response :success |
|
348 | 361 | |
|
349 | 362 | assert_select 'form[action=?]', '/attachments/issues/2' do |
|
350 | 363 | Issue.find(2).attachments.each do |attachment| |
|
351 | 364 | assert_select "tr#attachment-#{attachment.id}" |
|
352 | 365 | end |
|
353 | 366 | |
|
354 | 367 | assert_select 'tr#attachment-4' do |
|
355 | 368 | assert_select 'input[name=?][value=?]', 'attachments[4][filename]', 'source.rb' |
|
356 | 369 | assert_select 'input[name=?][value=?]', 'attachments[4][description]', 'This is a Ruby source file' |
|
357 | 370 | end |
|
358 | 371 | end |
|
359 | 372 | end |
|
360 | 373 | |
|
361 | 374 | def test_edit_invalid_container_class_should_return_404 |
|
362 | 375 | get :edit, :object_type => 'nuggets', :object_id => '3' |
|
363 | 376 | assert_response 404 |
|
364 | 377 | end |
|
365 | 378 | |
|
366 | 379 | def test_edit_invalid_object_should_return_404 |
|
367 | 380 | get :edit, :object_type => 'issues', :object_id => '999' |
|
368 | 381 | assert_response 404 |
|
369 | 382 | end |
|
370 | 383 | |
|
371 | 384 | def test_edit_for_object_that_is_not_visible_should_return_403 |
|
372 | 385 | get :edit, :object_type => 'issues', :object_id => '4' |
|
373 | 386 | assert_response 403 |
|
374 | 387 | end |
|
375 | 388 | |
|
376 | 389 | def test_update |
|
377 | 390 | @request.session[:user_id] = 2 |
|
378 | 391 | patch :update, :object_type => 'issues', :object_id => '2', :attachments => { |
|
379 | 392 | '1' => {:filename => 'newname.text', :description => ''}, |
|
380 | 393 | '4' => {:filename => 'newname.rb', :description => 'Renamed'}, |
|
381 | 394 | } |
|
382 | 395 | |
|
383 | 396 | assert_response 302 |
|
384 | 397 | attachment = Attachment.find(4) |
|
385 | 398 | assert_equal 'newname.rb', attachment.filename |
|
386 | 399 | assert_equal 'Renamed', attachment.description |
|
387 | 400 | end |
|
388 | 401 | |
|
389 | 402 | def test_update_with_failure |
|
390 | 403 | @request.session[:user_id] = 2 |
|
391 | 404 | patch :update, :object_type => 'issues', :object_id => '3', :attachments => { |
|
392 | 405 | '1' => {:filename => '', :description => ''}, |
|
393 | 406 | '4' => {:filename => 'newname.rb', :description => 'Renamed'}, |
|
394 | 407 | } |
|
395 | 408 | |
|
396 | 409 | assert_response :success |
|
397 | 410 | assert_select_error /file cannot be blank/i |
|
398 | 411 | |
|
399 | 412 | # The other attachment should not be updated |
|
400 | 413 | attachment = Attachment.find(4) |
|
401 | 414 | assert_equal 'source.rb', attachment.filename |
|
402 | 415 | assert_equal 'This is a Ruby source file', attachment.description |
|
403 | 416 | end |
|
404 | 417 | |
|
405 | 418 | def test_destroy_issue_attachment |
|
406 | 419 | set_tmp_attachments_directory |
|
407 | 420 | issue = Issue.find(3) |
|
408 | 421 | @request.session[:user_id] = 2 |
|
409 | 422 | |
|
410 | 423 | assert_difference 'issue.attachments.count', -1 do |
|
411 | 424 | assert_difference 'Journal.count' do |
|
412 | 425 | delete :destroy, :id => 1 |
|
413 | 426 | assert_redirected_to '/projects/ecookbook' |
|
414 | 427 | end |
|
415 | 428 | end |
|
416 | 429 | assert_nil Attachment.find_by_id(1) |
|
417 | 430 | j = Journal.order('id DESC').first |
|
418 | 431 | assert_equal issue, j.journalized |
|
419 | 432 | assert_equal 'attachment', j.details.first.property |
|
420 | 433 | assert_equal '1', j.details.first.prop_key |
|
421 | 434 | assert_equal 'error281.txt', j.details.first.old_value |
|
422 | 435 | assert_equal User.find(2), j.user |
|
423 | 436 | end |
|
424 | 437 | |
|
425 | 438 | def test_destroy_wiki_page_attachment |
|
426 | 439 | set_tmp_attachments_directory |
|
427 | 440 | @request.session[:user_id] = 2 |
|
428 | 441 | assert_difference 'Attachment.count', -1 do |
|
429 | 442 | delete :destroy, :id => 3 |
|
430 | 443 | assert_response 302 |
|
431 | 444 | end |
|
432 | 445 | end |
|
433 | 446 | |
|
434 | 447 | def test_destroy_project_attachment |
|
435 | 448 | set_tmp_attachments_directory |
|
436 | 449 | @request.session[:user_id] = 2 |
|
437 | 450 | assert_difference 'Attachment.count', -1 do |
|
438 | 451 | delete :destroy, :id => 8 |
|
439 | 452 | assert_response 302 |
|
440 | 453 | end |
|
441 | 454 | end |
|
442 | 455 | |
|
443 | 456 | def test_destroy_version_attachment |
|
444 | 457 | set_tmp_attachments_directory |
|
445 | 458 | @request.session[:user_id] = 2 |
|
446 | 459 | assert_difference 'Attachment.count', -1 do |
|
447 | 460 | delete :destroy, :id => 9 |
|
448 | 461 | assert_response 302 |
|
449 | 462 | end |
|
450 | 463 | end |
|
451 | 464 | |
|
452 | 465 | def test_destroy_version_attachment_with_issue_tracking_disabled |
|
453 | 466 | Project.find(1).disable_module! :issue_tracking |
|
454 | 467 | set_tmp_attachments_directory |
|
455 | 468 | @request.session[:user_id] = 2 |
|
456 | 469 | assert_difference 'Attachment.count', -1 do |
|
457 | 470 | delete :destroy, :id => 9 |
|
458 | 471 | assert_response 302 |
|
459 | 472 | end |
|
460 | 473 | end |
|
461 | 474 | |
|
462 | 475 | def test_destroy_without_permission |
|
463 | 476 | set_tmp_attachments_directory |
|
464 | 477 | assert_no_difference 'Attachment.count' do |
|
465 | 478 | delete :destroy, :id => 3 |
|
466 | 479 | end |
|
467 | 480 | assert_response 302 |
|
468 | 481 | assert Attachment.find_by_id(3) |
|
469 | 482 | end |
|
470 | 483 | end |
General Comments 0
You need to be logged in to leave comments.
Login now