"controller did not find related log")
end
+ test "sharing auths available to admin" do
+ show_collection("collection_owned_by_active", "admin_trustedclient")
+ assert_not_nil assigns(:search_sharing)
+ end
+
+ test "sharing auths available to owner" do
+ show_collection("collection_owned_by_active", "active_trustedclient")
+ assert_not_nil assigns(:search_sharing)
+ end
+
+ test "sharing auths available to reader" do
+ show_collection("foo_collection_in_aproject",
+ "project_viewer_trustedclient")
+ assert_not_nil assigns(:search_sharing)
+ end
+
test "viewing collection files with a reader token" do
params = collection_params(:foo_file)
params[:reader_token] = api_fixture("api_client_authorizations",
"using a reader token set the session's API token")
end
- test "trying to get from Keep with an unscoped reader token prompts login" do
- params = collection_params(:foo_file, 'foo')
- params[:reader_token] =
- api_fixture('api_client_authorizations')['active_noscope']['api_token']
- get(:show_file, params)
- assert_response :redirect
+ [false, api_fixture('api_client_authorizations')['anonymous']['api_token']].
+ each do |anon_conf|
+ test "download a file using a reader token with insufficient scope (anon_conf=#{!!anon_conf})" do
+ Rails.configuration.anonymous_user_token = anon_conf
+ params = collection_params(:foo_file, 'foo')
+ params[:reader_token] =
+ api_fixture('api_client_authorizations')['active_noscope']['api_token']
+ get(:show_file, params)
+ if anon_conf
+ # Some files can be shown without a valid token, but not this one.
+ assert_response 404
+ else
+ # No files will ever be shown without a valid token. You
+ # should log in and try again.
+ assert_response :redirect
+ end
+ end
end
test "can get a file with an unpermissioned auth but in-scope reader token" do
projects / arvados.git / blobdiff