X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ed0067ee9964c70f646a5f4f72c1302cc19c007c..820ce7ad92cba95587800a275e14bbf24670898f:/apps/workbench/test/controllers/collections_controller_test.rb diff --git a/apps/workbench/test/controllers/collections_controller_test.rb b/apps/workbench/test/controllers/collections_controller_test.rb index 9f4c5da229..45124f7a9e 100644 --- a/apps/workbench/test/controllers/collections_controller_test.rb +++ b/apps/workbench/test/controllers/collections_controller_test.rb @@ -56,6 +56,25 @@ class CollectionsControllerTest < ActionController::TestCase assert_equal([['.', 'foo', 3]], assigns(:object).files) end + test "viewing a collection with spaces in filename" do + show_collection(:w_a_z_file, :active) + assert_equal([['.', 'w a z', 5]], assigns(:object).files) + end + + test "download a file with spaces in filename" do + collection = api_fixture('collections')['w_a_z_file'] + fakepipe = IO.popen(['echo', '-n', 'w a z'], 'rb') + IO.expects(:popen).with { |cmd, mode| + cmd.include? "#{collection['uuid']}/w a z" + }.returns(fakepipe) + get :show_file, { + uuid: collection['uuid'], + file: 'w a z' + }, session_for(:active) + assert_response :success + assert_equal 'w a z', response.body + end + test "viewing a collection fetches related projects" do show_collection({id: api_fixture('collections')["foo_file"]['portable_data_hash']}, :active) assert_includes(assigns(:same_pdh).map(&:owner_uuid), @@ -91,6 +110,22 @@ class CollectionsControllerTest < ActionController::TestCase "controller did not find related log") end + test "sharing auths available to admin" do + show_collection("collection_owned_by_active", "admin_trustedclient") + assert_not_nil assigns(:search_sharing) + end + + test "sharing auths available to owner" do + show_collection("collection_owned_by_active", "active_trustedclient") + assert_not_nil assigns(:search_sharing) + end + + test "sharing auths available to reader" do + show_collection("foo_collection_in_aproject", + "project_viewer_trustedclient") + assert_not_nil assigns(:search_sharing) + end + test "viewing collection files with a reader token" do params = collection_params(:foo_file) params[:reader_token] = api_fixture("api_client_authorizations", @@ -131,6 +166,18 @@ class CollectionsControllerTest < ActionController::TestCase "failed to get a correct file from Keep") end + test 'anonymous download' do + Rails.configuration.anonymous_user_token = + api_fixture('api_client_authorizations')['anonymous']['api_token'] + expect_content = stub_file_content + get :show_file, { + uuid: api_fixture('collections')['user_agreement_in_anonymously_accessible_project']['uuid'], + file: 'GNU_General_Public_License,_version_3.pdf', + } + assert_response :success + assert_equal expect_content, response.body + end + test "can't get a file from Keep without permission" do params = collection_params(:foo_file, 'foo') sess = session_for(:spectator) @@ -158,12 +205,23 @@ class CollectionsControllerTest < ActionController::TestCase "using a reader token set the session's API token") end - test "trying to get from Keep with an unscoped reader token prompts login" do - params = collection_params(:foo_file, 'foo') - params[:reader_token] = - api_fixture('api_client_authorizations')['active_noscope']['api_token'] - get(:show_file, params) - assert_response :redirect + [false, api_fixture('api_client_authorizations')['anonymous']['api_token']]. + each do |anon_conf| + test "download a file using a reader token with insufficient scope (anon_conf=#{!!anon_conf})" do + Rails.configuration.anonymous_user_token = anon_conf + params = collection_params(:foo_file, 'foo') + params[:reader_token] = + api_fixture('api_client_authorizations')['active_noscope']['api_token'] + get(:show_file, params) + if anon_conf + # Some files can be shown without a valid token, but not this one. + assert_response 404 + else + # No files will ever be shown without a valid token. You + # should log in and try again. + assert_response :redirect + end + end end test "can get a file with an unpermissioned auth but in-scope reader token" do