2019-07-31 22:56:46 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
RSpec.describe Groups::UploadsController do
|
2018-11-08 19:23:39 +05:30
|
|
|
include WorkhorseHelpers
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
let(:model) { create(:group, :public) }
|
|
|
|
let(:params) do
|
|
|
|
{ group_id: model }
|
|
|
|
end
|
|
|
|
|
2019-09-04 21:01:54 +05:30
|
|
|
let(:other_model) { create(:group, :public) }
|
|
|
|
let(:other_params) do
|
|
|
|
{ group_id: other_model }
|
|
|
|
end
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
it_behaves_like 'handle uploads' do
|
|
|
|
let(:uploader_class) { NamespaceFileUploader }
|
|
|
|
end
|
2018-11-08 19:23:39 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
context 'with a moved group' do
|
|
|
|
let!(:upload) { create(:upload, :issuable_upload, :with_file, model: model) }
|
|
|
|
let(:group) { model }
|
|
|
|
let(:old_path) { group.to_param + 'old' }
|
2021-04-29 21:17:54 +05:30
|
|
|
let!(:redirect_route) { model.redirect_routes.create!(path: old_path) }
|
2020-03-13 15:44:24 +05:30
|
|
|
let(:upload_path) { File.basename(upload.path) }
|
|
|
|
|
|
|
|
it 'redirects to a file with the proper extension' do
|
|
|
|
get :show, params: { group_id: old_path, filename: upload_path, secret: upload.secret }
|
|
|
|
|
|
|
|
expect(response.location).to eq(show_group_uploads_url(group, upload.secret, upload_path))
|
|
|
|
expect(response.location).to end_with(upload.path)
|
|
|
|
expect(response).to have_gitlab_http_status(:redirect)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2022-07-16 23:28:13 +05:30
|
|
|
describe "GET #show" do
|
|
|
|
let(:filename) { "rails_sample.jpg" }
|
|
|
|
let(:user) { create(:user) }
|
|
|
|
let(:jpg) { fixture_file_upload('spec/fixtures/rails_sample.jpg', 'image/jpg') }
|
|
|
|
let(:txt) { fixture_file_upload('spec/fixtures/doc_sample.txt', 'text/plain') }
|
|
|
|
let(:secret) { FileUploader.generate_secret }
|
|
|
|
let(:uploader_class) { FileUploader }
|
|
|
|
|
|
|
|
let(:upload_service) do
|
|
|
|
UploadService.new(model, jpg, uploader_class).execute
|
|
|
|
end
|
|
|
|
|
|
|
|
let(:show_upload) do
|
|
|
|
get :show, params: params.merge(secret: secret, filename: filename)
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
allow(FileUploader).to receive(:generate_secret).and_return(secret)
|
|
|
|
|
|
|
|
allow_next_instance_of(FileUploader) do |instance|
|
|
|
|
allow(instance).to receive(:image?).and_return(true)
|
|
|
|
end
|
|
|
|
|
|
|
|
upload_service
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the group is public' do
|
|
|
|
before do
|
|
|
|
model.update_attribute(:visibility_level, Gitlab::VisibilityLevel::PUBLIC)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when not signed in" do
|
2022-08-27 11:52:29 +05:30
|
|
|
it "responds with appropriate status" do
|
|
|
|
show_upload
|
2022-07-16 23:28:13 +05:30
|
|
|
|
2022-08-27 11:52:29 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2022-07-16 23:28:13 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when signed in" do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user doesn't have access to the model" do
|
2022-08-27 11:52:29 +05:30
|
|
|
it "responds with status 200" do
|
|
|
|
show_upload
|
2022-07-16 23:28:13 +05:30
|
|
|
|
2022-08-27 11:52:29 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2022-07-16 23:28:13 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the group is private' do
|
|
|
|
before do
|
|
|
|
model.update_attribute(:visibility_level, Gitlab::VisibilityLevel::PRIVATE)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when not signed in" do
|
2022-08-27 11:52:29 +05:30
|
|
|
it "responds with appropriate status" do
|
|
|
|
show_upload
|
2022-07-16 23:28:13 +05:30
|
|
|
|
2022-08-27 11:52:29 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2022-07-16 23:28:13 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when signed in" do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user doesn't have access to the model" do
|
2022-08-27 11:52:29 +05:30
|
|
|
it "responds with status 200" do
|
|
|
|
show_upload
|
2022-07-16 23:28:13 +05:30
|
|
|
|
2022-08-27 11:52:29 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2022-07-16 23:28:13 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-11-08 19:23:39 +05:30
|
|
|
def post_authorize(verified: true)
|
|
|
|
request.headers.merge!(workhorse_internal_api_request_header) if verified
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
post :authorize, params: { group_id: model.full_path }, format: :json
|
2018-11-08 19:23:39 +05:30
|
|
|
end
|
2018-03-17 18:26:18 +05:30
|
|
|
end
|