X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/3270fbf5a3cbd121dad7327513d5a5866c3583c4..fa166d52969bb6f002fb62b554ef227194e0febe:/apps/workbench/test/controllers/collections_controller_test.rb

diff --git a/apps/workbench/test/controllers/collections_controller_test.rb b/apps/workbench/test/controllers/collections_controller_test.rb
index 9f4c5da229..95c0a57db1 100644
--- a/apps/workbench/test/controllers/collections_controller_test.rb
+++ b/apps/workbench/test/controllers/collections_controller_test.rb
@@ -91,6 +91,22 @@ class CollectionsControllerTest < ActionController::TestCase
                     "controller did not find related log")
   end
 
+  test "sharing auths available to admin" do
+    show_collection("collection_owned_by_active", "admin_trustedclient")
+    assert_not_nil assigns(:search_sharing)
+  end
+
+  test "sharing auths available to owner" do
+    show_collection("collection_owned_by_active", "active_trustedclient")
+    assert_not_nil assigns(:search_sharing)
+  end
+
+  test "sharing auths available to reader" do
+    show_collection("foo_collection_in_aproject",
+                    "project_viewer_trustedclient")
+    assert_not_nil assigns(:search_sharing)
+  end
+
   test "viewing collection files with a reader token" do
     params = collection_params(:foo_file)
     params[:reader_token] = api_fixture("api_client_authorizations",
@@ -158,12 +174,23 @@ class CollectionsControllerTest < ActionController::TestCase
                      "using a reader token set the session's API token")
   end
 
-  test "trying to get from Keep with an unscoped reader token prompts login" do
-    params = collection_params(:foo_file, 'foo')
-    params[:reader_token] =
-      api_fixture('api_client_authorizations')['active_noscope']['api_token']
-    get(:show_file, params)
-    assert_response :redirect
+  [false, api_fixture('api_client_authorizations')['anonymous']['api_token']].
+    each do |anon_conf|
+    test "download a file using a reader token with insufficient scope (anon_conf=#{!!anon_conf})" do
+      Rails.configuration.anonymous_user_token = anon_conf
+      params = collection_params(:foo_file, 'foo')
+      params[:reader_token] =
+        api_fixture('api_client_authorizations')['active_noscope']['api_token']
+      get(:show_file, params)
+      if anon_conf
+        # Some files can be shown without a valid token, but not this one.
+        assert_response 404
+      else
+        # No files will ever be shown without a valid token. You
+        # should log in and try again.
+        assert_response :redirect
+      end
+    end
   end
 
   test "can get a file with an unpermissioned auth but in-scope reader token" do