summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/functional/attachments_controller_test.rb16
-rw-r--r--test/integration/attachments_test.rb52
2 files changed, 67 insertions, 1 deletions
diff --git a/test/functional/attachments_controller_test.rb b/test/functional/attachments_controller_test.rb
index 7b0ded8f9..5c8d72b90 100644
--- a/test/functional/attachments_controller_test.rb
+++ b/test/functional/attachments_controller_test.rb
@@ -623,6 +623,22 @@ class AttachmentsControllerTest < Redmine::ControllerTest
assert_response 404
end
+ def test_download_all_with_invisible_journal
+ Project.find(1).update_column :is_public, false
+ Member.delete_all
+ @request.session[:user_id] = 2
+ User.current = User.find(2)
+ assert_not Journal.find(3).journalized.visible?
+ get(
+ :download_all,
+ :params => {
+ :object_type => 'journals',
+ :object_id => '3'
+ }
+ )
+ assert_response 403
+ end
+
def test_download_all_with_maximum_bulk_download_size_larger_than_attachments
with_settings :bulk_download_max_size => 0 do
@request.session[:user_id] = 2
diff --git a/test/integration/attachments_test.rb b/test/integration/attachments_test.rb
index 197eda6aa..ab07f3a31 100644
--- a/test/integration/attachments_test.rb
+++ b/test/integration/attachments_test.rb
@@ -25,7 +25,9 @@ class AttachmentsTest < Redmine::IntegrationTest
:roles, :members, :member_roles,
:trackers, :projects_trackers,
:issues, :issue_statuses, :enumerations,
- :attachments
+ :attachments,
+ :wiki_content_versions, :wiki_contents, :wiki_pages,
+ :journals, :journal_details
def test_upload_should_set_default_content_type
log_user('jsmith', 'jsmith')
@@ -223,6 +225,54 @@ class AttachmentsTest < Redmine::IntegrationTest
set_tmp_attachments_directory
end
+ def test_download_all_with_wrong_container_type
+ set_tmp_attachments_directory
+
+ # make the attachment readable
+ assert a = Attachment.find(3)
+ FileUtils.mkdir_p File.dirname(a.diskfile)
+ (File.open(a.diskfile, 'wb') << 'test').close
+
+ # there is no 'download all' for WikiContentVersions
+ with_settings :login_required => '0' do
+ get "/attachments/wiki_content_versions/7/download"
+ assert_response :not_found
+ end
+ with_settings :login_required => '1' do
+ get "/attachments/wiki_content_versions/7/download"
+ assert_response :not_found
+ end
+ end
+
+ def test_download_all_for_journal_should_check_visibility
+ set_tmp_attachments_directory
+ Project.find(1).update_column :is_public, false
+
+ # make the attachment readable
+ assert a = Attachment.find(4)
+ FileUtils.mkdir_p File.dirname(a.diskfile)
+ (File.open(a.diskfile, 'wb') << 'test').close
+
+ with_settings :login_required => '0' do
+ get "/attachments/journals/3/download"
+ assert_response 403
+ end
+ with_settings :login_required => '1' do
+ get "/attachments/journals/3/download"
+ assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fattachments%2Fjournals%2F3%2Fdownload"
+ end
+
+ Project.find(1).update_column :is_public, true
+ with_settings :login_required => '0' do
+ get "/attachments/journals/3/download"
+ assert_response :success
+ end
+ with_settings :login_required => '1' do
+ get "/attachments/journals/3/download"
+ assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fattachments%2Fjournals%2F3%2Fdownload"
+ end
+ end
+
private
def ajax_upload(filename, content, attachment_id=1)