2015-03-10 09:50:42 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe UploadsController do
|
2016-03-15 08:20:54 -04:00
|
|
|
let!(:user) { create(:user, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
|
2015-03-10 09:50:42 -04:00
|
|
|
|
|
|
|
describe "GET show" do
|
|
|
|
context "when viewing a user avatar" do
|
|
|
|
context "when signed in" do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user is blocked" do
|
|
|
|
before do
|
|
|
|
user.block
|
|
|
|
end
|
|
|
|
|
|
|
|
it "redirects to the sign in page" do
|
|
|
|
get :show, model: "user", mounted_as: "avatar", id: user.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_session_path)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user isn't blocked" do
|
|
|
|
it "responds with status 200" do
|
|
|
|
get :show, model: "user", mounted_as: "avatar", id: user.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2016-03-18 20:04:53 -04:00
|
|
|
|
2015-03-10 09:50:42 -04:00
|
|
|
context "when not signed in" do
|
|
|
|
it "responds with status 200" do
|
|
|
|
get :show, model: "user", mounted_as: "avatar", id: user.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when viewing a project avatar" do
|
|
|
|
let!(:project) { create(:project, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
|
|
|
|
|
|
|
|
context "when the project is public" do
|
|
|
|
before do
|
|
|
|
project.update_attribute(:visibility_level, Project::PUBLIC)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when not signed in" do
|
|
|
|
it "responds with status 200" do
|
|
|
|
get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when signed in" do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "responds with status 200" do
|
|
|
|
get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the project is private" do
|
|
|
|
before do
|
|
|
|
project.update_attribute(:visibility_level, Project::PRIVATE)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when not signed in" do
|
|
|
|
it "redirects to the sign in page" do
|
|
|
|
get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_session_path)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when signed in" do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user has access to the project" do
|
|
|
|
before do
|
|
|
|
project.team << [user, :master]
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user is blocked" do
|
|
|
|
before do
|
|
|
|
user.block
|
|
|
|
project.team << [user, :master]
|
|
|
|
end
|
|
|
|
|
|
|
|
it "redirects to the sign in page" do
|
|
|
|
get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_session_path)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user isn't blocked" do
|
|
|
|
it "responds with status 200" do
|
|
|
|
get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user doesn't have access to the project" do
|
|
|
|
it "responds with status 404" do
|
|
|
|
get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when viewing a group avatar" do
|
2016-03-18 20:04:53 -04:00
|
|
|
let!(:group) { create(:group, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
|
2015-03-10 09:50:42 -04:00
|
|
|
|
2016-03-20 16:03:53 -04:00
|
|
|
context "when the group is public" do
|
2015-03-10 09:50:42 -04:00
|
|
|
context "when not signed in" do
|
|
|
|
it "responds with status 200" do
|
|
|
|
get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when signed in" do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "responds with status 200" do
|
|
|
|
get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-03-20 16:03:53 -04:00
|
|
|
context "when the group is private" do
|
2016-03-20 18:09:33 -04:00
|
|
|
before do
|
|
|
|
group.update_attribute(:visibility_level, Gitlab::VisibilityLevel::PRIVATE)
|
|
|
|
end
|
|
|
|
|
2015-03-10 09:50:42 -04:00
|
|
|
context "when signed in" do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user has access to the project" do
|
|
|
|
before do
|
2016-03-20 18:09:33 -04:00
|
|
|
group.add_developer(user)
|
2015-03-10 09:50:42 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user is blocked" do
|
|
|
|
before do
|
|
|
|
user.block
|
|
|
|
end
|
|
|
|
|
|
|
|
it "redirects to the sign in page" do
|
|
|
|
get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_session_path)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user isn't blocked" do
|
|
|
|
it "responds with status 200" do
|
|
|
|
get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user doesn't have access to the project" do
|
|
|
|
it "responds with status 404" do
|
|
|
|
get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when viewing a note attachment" do
|
|
|
|
let!(:note) { create(:note, :with_attachment) }
|
|
|
|
let(:project) { note.project }
|
|
|
|
|
|
|
|
context "when the project is public" do
|
|
|
|
before do
|
|
|
|
project.update_attribute(:visibility_level, Project::PUBLIC)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when not signed in" do
|
|
|
|
it "responds with status 200" do
|
|
|
|
get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when signed in" do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "responds with status 200" do
|
|
|
|
get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the project is private" do
|
|
|
|
before do
|
|
|
|
project.update_attribute(:visibility_level, Project::PRIVATE)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when not signed in" do
|
|
|
|
it "redirects to the sign in page" do
|
|
|
|
get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_session_path)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when signed in" do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user has access to the project" do
|
|
|
|
before do
|
|
|
|
project.team << [user, :master]
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user is blocked" do
|
|
|
|
before do
|
|
|
|
user.block
|
|
|
|
project.team << [user, :master]
|
|
|
|
end
|
|
|
|
|
|
|
|
it "redirects to the sign in page" do
|
|
|
|
get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_session_path)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user isn't blocked" do
|
|
|
|
it "responds with status 200" do
|
|
|
|
get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user doesn't have access to the project" do
|
|
|
|
it "responds with status 404" do
|
|
|
|
get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
|
|
|
|
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|