diff options
| author | Sean McGivern <sean@mcgivern.me.uk> | 2017-05-04 10:47:10 +0000 |
|---|---|---|
| committer | Sean McGivern <sean@mcgivern.me.uk> | 2017-05-04 10:47:10 +0000 |
| commit | ba608dc0f2c2377f7ca2095a8bc4e5d44921b67f (patch) | |
| tree | a5540d9278c738f216f2bdc2f4a290c2a5e75cf7 /spec | |
| parent | ef71bf6278759aafb1a480916cfafb9c9650eddc (diff) | |
| parent | 43ff7386411af0f538710f3627622f71e5e34472 (diff) | |
| download | gitlab-ce-ba608dc0f2c2377f7ca2095a8bc4e5d44921b67f.tar.gz | |
Merge branch '12910-uploader-pers-snippet' into 'master'
Prepare uploaders for personal snippets comments
See merge request !11022
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/controllers/uploads_controller_spec.rb | 87 | ||||
| -rw-r--r-- | spec/policies/personal_snippet_policy_spec.rb | 141 | ||||
| -rw-r--r-- | spec/services/upload_service_spec.rb (renamed from spec/services/projects/upload_service_spec.rb) | 4 | ||||
| -rw-r--r-- | spec/uploaders/personal_file_uploader_spec.rb | 31 |
4 files changed, 261 insertions, 2 deletions
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb index f67d26da0ac..7dedfe160a6 100644 --- a/spec/controllers/uploads_controller_spec.rb +++ b/spec/controllers/uploads_controller_spec.rb @@ -8,6 +8,93 @@ end describe UploadsController do let!(:user) { create(:user, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) } + describe 'POST create' do + let(:model) { 'personal_snippet' } + let(:snippet) { create(:personal_snippet, :public) } + let(:jpg) { fixture_file_upload(Rails.root + 'spec/fixtures/rails_sample.jpg', 'image/jpg') } + let(:txt) { fixture_file_upload(Rails.root + 'spec/fixtures/doc_sample.txt', 'text/plain') } + + context 'when a user does not have permissions to upload a file' do + it "returns 401 when the user is not logged in" do + post :create, model: model, id: snippet.id, format: :json + + expect(response).to have_http_status(401) + end + + it "returns 404 when user can't comment on a snippet" do + private_snippet = create(:personal_snippet, :private) + + sign_in(user) + post :create, model: model, id: private_snippet.id, format: :json + + expect(response).to have_http_status(404) + end + end + + context 'when a user is logged in' do + before do + sign_in(user) + end + + it "returns an error without file" do + post :create, model: model, id: snippet.id, format: :json + + expect(response).to have_http_status(422) + end + + it "returns an error with invalid model" do + expect { post :create, model: 'invalid', id: snippet.id, format: :json } + .to raise_error(ActionController::UrlGenerationError) + end + + it "returns 404 status when object not found" do + post :create, model: model, id: 9999, format: :json + + expect(response).to have_http_status(404) + end + + context 'with valid image' do + before do + post :create, model: 'personal_snippet', id: snippet.id, file: jpg, format: :json + end + + it 'returns a content with original filename, new link, and correct type.' do + expect(response.body).to match '\"alt\":\"rails_sample\"' + expect(response.body).to match "\"url\":\"/uploads" + end + + it 'creates a corresponding Upload record' do + upload = Upload.last + + aggregate_failures do + expect(upload).to exist + expect(upload.model).to eq snippet + end + end + end + + context 'with valid non-image file' do + before do + post :create, model: 'personal_snippet', id: snippet.id, file: txt, format: :json + end + + it 'returns a content with original filename, new link, and correct type.' do + expect(response.body).to match '\"alt\":\"doc_sample.txt\"' + expect(response.body).to match "\"url\":\"/uploads" + end + + it 'creates a corresponding Upload record' do + upload = Upload.last + + aggregate_failures do + expect(upload).to exist + expect(upload.model).to eq snippet + end + end + end + end + end + describe "GET show" do context 'Content-Disposition security measures' do let(:project) { create(:empty_project, :public) } diff --git a/spec/policies/personal_snippet_policy_spec.rb b/spec/policies/personal_snippet_policy_spec.rb new file mode 100644 index 00000000000..58aa1145c9e --- /dev/null +++ b/spec/policies/personal_snippet_policy_spec.rb @@ -0,0 +1,141 @@ +require 'spec_helper' + +describe PersonalSnippetPolicy, models: true do + let(:regular_user) { create(:user) } + let(:external_user) { create(:user, :external) } + let(:admin_user) { create(:user, :admin) } + + let(:author_permissions) do + [ + :update_personal_snippet, + :admin_personal_snippet, + :destroy_personal_snippet + ] + end + + def permissions(user) + described_class.abilities(user, snippet).to_set + end + + context 'public snippet' do + let(:snippet) { create(:personal_snippet, :public) } + + context 'no user' do + subject { permissions(nil) } + + it do + is_expected.to include(:read_personal_snippet) + is_expected.not_to include(:comment_personal_snippet) + is_expected.not_to include(*author_permissions) + end + end + + context 'regular user' do + subject { permissions(regular_user) } + + it do + is_expected.to include(:read_personal_snippet) + is_expected.to include(:comment_personal_snippet) + is_expected.not_to include(*author_permissions) + end + end + + context 'author' do + subject { permissions(snippet.author) } + + it do + is_expected.to include(:read_personal_snippet) + is_expected.to include(:comment_personal_snippet) + is_expected.to include(*author_permissions) + end + end + end + + context 'internal snippet' do + let(:snippet) { create(:personal_snippet, :internal) } + + context 'no user' do + subject { permissions(nil) } + + it do + is_expected.not_to include(:read_personal_snippet) + is_expected.not_to include(:comment_personal_snippet) + is_expected.not_to include(*author_permissions) + end + end + + context 'regular user' do + subject { permissions(regular_user) } + + it do + is_expected.to include(:read_personal_snippet) + is_expected.to include(:comment_personal_snippet) + is_expected.not_to include(*author_permissions) + end + end + + context 'external user' do + subject { permissions(external_user) } + + it do + is_expected.not_to include(:read_personal_snippet) + is_expected.not_to include(:comment_personal_snippet) + is_expected.not_to include(*author_permissions) + end + end + + context 'snippet author' do + subject { permissions(snippet.author) } + + it do + is_expected.to include(:read_personal_snippet) + is_expected.to include(:comment_personal_snippet) + is_expected.to include(*author_permissions) + end + end + end + + context 'private snippet' do + let(:snippet) { create(:project_snippet, :private) } + + context 'no user' do + subject { permissions(nil) } + + it do + is_expected.not_to include(:read_personal_snippet) + is_expected.not_to include(:comment_personal_snippet) + is_expected.not_to include(*author_permissions) + end + end + + context 'regular user' do + subject { permissions(regular_user) } + + it do + is_expected.not_to include(:read_personal_snippet) + is_expected.not_to include(:comment_personal_snippet) + is_expected.not_to include(*author_permissions) + end + end + + context 'external user' do + subject { permissions(external_user) } + + it do + is_expected.not_to include(:read_personal_snippet) + is_expected.not_to include(:comment_personal_snippet) + is_expected.not_to include(*author_permissions) + end + end + + context 'snippet author' do + subject { permissions(snippet.author) } + + it do + is_expected.to include(:read_personal_snippet) + is_expected.to include(:comment_personal_snippet) + is_expected.to include(*author_permissions) + end + end + end +end diff --git a/spec/services/projects/upload_service_spec.rb b/spec/services/upload_service_spec.rb index d2cefa46bfa..95ba28dbecd 100644 --- a/spec/services/projects/upload_service_spec.rb +++ b/spec/services/upload_service_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper' -describe Projects::UploadService, services: true do +describe UploadService, services: true do describe 'File service' do before do @user = create(:user) @@ -68,6 +68,6 @@ describe Projects::UploadService, services: true do end def upload_file(project, file) - Projects::UploadService.new(project, file).execute + described_class.new(project, file, FileUploader).execute end end diff --git a/spec/uploaders/personal_file_uploader_spec.rb b/spec/uploaders/personal_file_uploader_spec.rb new file mode 100644 index 00000000000..fb92f2ae3ab --- /dev/null +++ b/spec/uploaders/personal_file_uploader_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' + +describe PersonalFileUploader do + let(:uploader) { described_class.new(build_stubbed(:empty_project)) } + let(:snippet) { create(:personal_snippet) } + + describe '.absolute_path' do + it 'returns the correct absolute path by building it dynamically' do + upload = double(model: snippet, path: 'secret/foo.jpg') + + dynamic_segment = "personal_snippet/#{snippet.id}" + + expect(described_class.absolute_path(upload)).to end_with("#{dynamic_segment}/secret/foo.jpg") + end + end + + describe '#to_h' do + it 'returns the hass' do + uploader = described_class.new(snippet, 'secret') + + allow(uploader).to receive(:file).and_return(double(extension: 'txt', filename: 'file_name')) + expected_url = "/uploads/personal_snippet/#{snippet.id}/secret/file_name" + + expect(uploader.to_h).to eq( + alt: 'file_name', + url: expected_url, + markdown: "[file_name](#{expected_url})" + ) + end + end +end |