WebDAV tests fixed and re-enabled
This commit is contained in:
Karel Picman
parent
b30d895656
commit
a1aee1100b
@ -102,15 +102,18 @@ class DmsfFile < ActiveRecord::Base
|
||||
|
||||
def delete
|
||||
if locked_for_user?
|
||||
Rails.logger.info l(:error_file_is_locked)
|
||||
errors[:base] << l(:error_file_is_locked)
|
||||
return false
|
||||
end
|
||||
begin
|
||||
if Setting.plugin_redmine_dmsf['dmsf_really_delete_files']
|
||||
Rails.logger.info '>>> destroy'
|
||||
self.revisions.visible.each {|r| r.delete(true)}
|
||||
self.destroy
|
||||
else
|
||||
# Revisions of a deleted file SHOULD be deleted too
|
||||
Rails.logger.info '>>> visible'
|
||||
self.revisions.visible.each {|r| r.delete }
|
||||
self.deleted = true
|
||||
self.deleted_by_user = User.current
|
||||
|
||||
@ -233,6 +233,7 @@ module RedmineDmsf
|
||||
# <instance> should be of entity to be deleted, we simply follow the Dmsf entity method
|
||||
# for deletion and return of appropriate status based on outcome.
|
||||
def delete
|
||||
Rails.logger.info ">>>> def delete"
|
||||
if(file?) then
|
||||
raise Forbidden unless User.current.admin? || User.current.allowed_to?(:file_manipulation, project)
|
||||
file.delete ? NoContent : Conflict
|
||||
|
||||
@ -48,7 +48,7 @@ run_tests()
|
||||
# Run tests within application - for some reason redmine:plugins:test wont work under 1.8
|
||||
bundle exec rake redmine:plugins:test:units NAME=redmine_dmsf
|
||||
bundle exec rake redmine:plugins:test:functionals NAME=redmine_dmsf
|
||||
# TODO: bundle exec rake redmine:plugins:test:integration NAME=redmine_dmsf
|
||||
bundle exec rake redmine:plugins:test:integration NAME=redmine_dmsf
|
||||
}
|
||||
|
||||
uninstall()
|
||||
|
||||
1
test/fixtures/files/p_ecookbook/test.txt
vendored
Normal file
1
test/fixtures/files/p_ecookbook/test.txt
vendored
Normal file
@ -0,0 +1 @@
|
||||
1234
|
||||
1
test/fixtures/files/p_onlinestore/test.txt
vendored
Normal file
1
test/fixtures/files/p_onlinestore/test.txt
vendored
Normal file
@ -0,0 +1 @@
|
||||
1234
|
||||
1
test/fixtures/files/test.txt
vendored
1
test/fixtures/files/test.txt
vendored
@ -1 +0,0 @@
|
||||
1234
|
||||
@ -1,6 +1,7 @@
|
||||
# Redmine plugin for Document Management System "Features"
|
||||
#
|
||||
# Copyright (C) 2012 Daniel Munn <dan.munn@munnster.co.uk>
|
||||
# Copyright (C) 2011-14 Karel Picman <karel.picman@kontron.com>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
@ -20,235 +21,201 @@ require File.expand_path('../../test_helper', __FILE__)
|
||||
|
||||
class DmsfWebdavIntegrationTest < RedmineDmsf::Test::IntegrationTest
|
||||
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules, :dmsf_folders, :dmsf_files, :dmsf_file_revisions
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules,
|
||||
:dmsf_folders, :dmsf_files, :dmsf_file_revisions
|
||||
|
||||
def setup
|
||||
DmsfFile.storage_path = File.expand_path("../fixtures/files", __FILE__)
|
||||
DmsfFile.storage_path = File.expand_path '../fixtures/files', __FILE__
|
||||
DmsfLock.delete_all
|
||||
@admin = credentials('admin')
|
||||
@jsmith = credentials('jsmith')
|
||||
@admin = credentials 'admin'
|
||||
@jsmith = credentials 'jsmith'
|
||||
@project1 = Project.find_by_id 1
|
||||
@project2 = Project.find_by_id 2
|
||||
@role_developer = Role.find 2
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav'] = '1'
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] = 'WEBDAV_READ_WRITE'
|
||||
super
|
||||
end
|
||||
|
||||
test "DELETE denied unless authenticated" do
|
||||
def test_truth
|
||||
assert_kind_of Project, @project1
|
||||
assert_kind_of Project, @project2
|
||||
assert_kind_of Role, @role_developer
|
||||
end
|
||||
|
||||
test 'DELETE denied unless authenticated' do
|
||||
delete 'dmsf/webdav'
|
||||
assert_response 401
|
||||
|
||||
delete "dmsf/webdav/#{Project.find(1).identifier}"
|
||||
assert_response 401
|
||||
|
||||
end
|
||||
|
||||
test "DELETE denied with failed authentication" do
|
||||
test 'DELETE denied with failed authentication' do
|
||||
delete 'dmsf/webdav', nil, credentials('admin', 'badpassword')
|
||||
assert_response 401
|
||||
|
||||
delete "dmsf/webdav/#{Project.find(1).identifier}", nil, credentials('admin', 'badpassword')
|
||||
delete "dmsf/webdav/#{@project1.identifier}", nil, credentials('admin', 'badpassword')
|
||||
assert_response 401
|
||||
end
|
||||
|
||||
test "DELETE denied on project folder" do
|
||||
test 'DELETE denied on project folder do' do
|
||||
delete 'dmsf/webdav/', nil, @admin
|
||||
assert_response 501
|
||||
end
|
||||
|
||||
test "DELETE denied on folder with children" do
|
||||
put "dmsf/webdav/#{Project.find(1).identifier}/folder1", nil, @admin
|
||||
test 'DELETE denied on folder with children' do
|
||||
put "dmsf/webdav/#{@project1.identifier}/folder1", nil, @admin
|
||||
assert_response 403 #forbidden
|
||||
end
|
||||
|
||||
test "DELETE failed on non-existant project" do
|
||||
delete "dmsf/webdav/not_a_project/file.txt", nil, @admin
|
||||
test 'DELETE failed on non-existant project' do
|
||||
delete 'dmsf/webdav/not_a_project/file.txt', nil, @admin
|
||||
assert_response 404 #Item does not exist
|
||||
end
|
||||
|
||||
test "DELETE failed on a non-dmsf-enabled project" do
|
||||
project = Project.find(2) #Project 2
|
||||
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @admin
|
||||
test 'DELETE failed on a non-dmsf-enabled project' do
|
||||
delete "dmsf/webdav/#{@project2.identifier}/test.txt", nil, @jsmith
|
||||
assert_response 404 #Item does not exist, as project is not enabled
|
||||
end
|
||||
|
||||
test "DELETE succeeds on unlocked file" do
|
||||
project = Project.find(1)
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
test 'DELETE failed when the strategy is read only' do
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] = 'WEBDAV_READ_ONLY'
|
||||
delete "dmsf/webdav/#{@project2.identifier}/test.txt", nil, @admin
|
||||
assert_response 502 #Item does not exist, as project is not enabled
|
||||
end
|
||||
|
||||
test 'DELETE succeeds on unlocked file' do
|
||||
file = DmsfFile.find_file_by_name @project1, nil, 'test.txt'
|
||||
assert !file.nil?, 'File test.txt is expected to exist'
|
||||
|
||||
assert_difference('project.dmsf_files.count', -1) do
|
||||
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @admin
|
||||
assert_difference('@project1.dmsf_files.visible.count', -1) do
|
||||
delete "dmsf/webdav/#{@project1.identifier}/test.txt", nil, @admin
|
||||
assert_response :success #If its in the 20x range it's acceptable, should be 204
|
||||
end
|
||||
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
file = DmsfFile.find_file_by_name @project1, nil, 'test.txt'
|
||||
assert file.nil?, 'File test.txt is expected to not exist'
|
||||
end
|
||||
|
||||
test "DELETE denied on existing file by unauthorised user" do
|
||||
project = Project.find(2)
|
||||
role = Role.find(2)
|
||||
test 'DELETE denied on existing file by unauthorised user' do
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
|
||||
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @jsmith
|
||||
delete "dmsf/webdav/#{@project2.identifier}/test.txt", nil, @jsmith
|
||||
assert_response 404 #Without folder_view permission, he will not even be aware of its existence
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
@role_developer.add_permission! :view_dmsf_folders
|
||||
|
||||
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @jsmith
|
||||
delete "dmsf/webdav/#{@project2.identifier}/test.txt", nil, @jsmith
|
||||
assert_response 403 #Now jsmith's role has view_folder rights, however they do not hold file manipulation rights
|
||||
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
assert !file.nil?, 'File test.txt is expected to exist'
|
||||
|
||||
role.remove_permission! :view_dmsf_folders
|
||||
project.disable_module! :dmsf
|
||||
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
assert file, 'File test.txt is expected to exist'
|
||||
end
|
||||
|
||||
test "DELETE fails when file_manipulation is granted but view_dmsf_folders is not" do
|
||||
project = Project.find(2)
|
||||
role = Role.find(2)
|
||||
test 'DELETE fails when file_manipulation is granted but view_dmsf_folders is not' do
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
@role_developer.add_permission! :file_manipulation
|
||||
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
role.add_permission! :file_manipulation
|
||||
|
||||
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @jsmith
|
||||
delete "dmsf/webdav/#{@project2.identifier}/test.txt", nil, @jsmith
|
||||
assert_response 404 #Without folder_view permission, he will not even be aware of its existence
|
||||
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
assert !file.nil?, 'File test.txt is expected to exist'
|
||||
|
||||
project.disable_module! :dmsf
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
assert file, 'File test.txt is expected to exist'
|
||||
end
|
||||
|
||||
test "DELETE fails on folder without folder_manipulation permission" do
|
||||
project = Project.find(2)
|
||||
role = Role.find(2)
|
||||
folder = DmsfFolder.find(3) #project 2/folder1
|
||||
test 'DELETE fails on folder without folder_manipulation permission' do
|
||||
folder = DmsfFolder.find 3 #project 2/folder1
|
||||
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
role.add_permission! :view_dmsf_folders
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
@role_developer.add_permission! :view_dmsf_folders
|
||||
|
||||
assert_no_difference('folder.subfolders.length') do
|
||||
delete "dmsf/webdav/#{project.identifier}/folder1/folder2", nil, @jsmith
|
||||
delete "dmsf/webdav/#{@project2.identifier}/folder1/folder2", nil, @jsmith
|
||||
assert_response 403 #Without manipulation permission, action is forbidden
|
||||
end
|
||||
|
||||
project.disable_module! :dmsf
|
||||
|
||||
end
|
||||
|
||||
test "DELETE folder is successful by administrator" do
|
||||
project = Project.find(2)
|
||||
folder = DmsfFolder.find(3) #project 2/folder1
|
||||
test 'DELETE folder is successful by administrator' do
|
||||
folder = DmsfFolder.find 3 #project 2/folder1
|
||||
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
|
||||
assert_difference('folder.subfolders.length', -1) do
|
||||
delete "dmsf/webdav/#{project.identifier}/folder1/folder2", nil, @admin
|
||||
delete "dmsf/webdav/#{@project2.identifier}/folder1/folder2", nil, @admin
|
||||
assert_response :success
|
||||
folder.reload #We know there is a change, but does the object?
|
||||
end
|
||||
|
||||
|
||||
project.disable_module! :dmsf
|
||||
|
||||
end
|
||||
|
||||
test "DELETE folder is successful by user with roles" do
|
||||
project = Project.find(2)
|
||||
folder = DmsfFolder.find(3) #project 2/folder1
|
||||
role = Role.find(2)
|
||||
test 'DELETE folder is successful by user with roles' do
|
||||
folder = DmsfFolder.find 3 #project 2/folder1
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :folder_manipulation
|
||||
@role_developer.add_permission! :view_dmsf_folders
|
||||
@role_developer.add_permission! :folder_manipulation
|
||||
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
|
||||
assert_difference('folder.subfolders.length', -1) do
|
||||
delete "dmsf/webdav/#{project.identifier}/folder1/folder2", nil, @jsmith
|
||||
delete "dmsf/webdav/#{@project2.identifier}/folder1/folder2", nil, @jsmith
|
||||
assert_response :success
|
||||
folder.reload #We know there is a change, but does the object?
|
||||
end
|
||||
|
||||
project.disable_module! :dmsf
|
||||
|
||||
end
|
||||
|
||||
test "DELETE file is successful by administrator" do
|
||||
project = Project.find(2)
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
assert !file.nil?, 'File test.txt is expected to exist'
|
||||
test 'DELETE file is successful by administrator' do
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
assert file, 'File test.txt is expected to exist'
|
||||
|
||||
project.enable_module! :dmsf
|
||||
@project2.enable_module! :dmsf
|
||||
|
||||
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @admin
|
||||
delete "dmsf/webdav/#{@project2.identifier}/test.txt", nil, @admin
|
||||
assert_response :success
|
||||
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
assert file.nil?, 'File test.txt is expected to not exist'
|
||||
|
||||
project.disable_module! :dmsf
|
||||
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
assert_nil file, 'File test.txt is expected to not exist'
|
||||
end
|
||||
|
||||
test "DELETE file is successful by user with correct permissions" do
|
||||
project = Project.find(2)
|
||||
role = Role.find(2)
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
test 'DELETE file is successful by user with correct permissions' do
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
|
||||
project.enable_module! :dmsf
|
||||
@project2.enable_module! :dmsf
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
@role_developer.add_permission! :view_dmsf_folders
|
||||
@role_developer.add_permission! :file_manipulation
|
||||
|
||||
assert file, 'File test.txt is expected to exist'
|
||||
|
||||
assert !file.nil?, 'File test.txt is expected to exist'
|
||||
|
||||
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @jsmith
|
||||
delete "dmsf/webdav/#{@project2.identifier}/test.txt", nil, @jsmith
|
||||
assert_response :success
|
||||
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
assert file.nil?, 'File test.txt is expected to not exist'
|
||||
|
||||
project.disable_module! :dmsf
|
||||
role.remove_permission! :view_dmsf_folders
|
||||
role.remove_permission! :file_manipulation
|
||||
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
assert_nil file, 'File test.txt is expected to not exist'
|
||||
end
|
||||
|
||||
test "DELETE fails when file is locked" do
|
||||
role = Role.find(2)
|
||||
project = Project.find(2)
|
||||
test 'DELETE fails when file is locked' do
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
@role_developer.add_permission! :view_dmsf_folders
|
||||
@role_developer.add_permission! :file_manipulation
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
log_user 'admin', 'admin' #login as admin
|
||||
|
||||
log_user "admin", "admin" #login as admin
|
||||
assert !User.current.anonymous?, 'Current user is not anonymous'
|
||||
|
||||
assert !User.current.anonymous?, "Current user is not anonymous"
|
||||
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
assert file.lock!, "File failed to be locked by #{User.current.name}"
|
||||
|
||||
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @jsmith
|
||||
delete "dmsf/webdav/#{@project2.identifier}/test.txt", nil, @jsmith
|
||||
assert_response 423 #Locked
|
||||
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
assert !file.nil?, 'File test.txt is expected to exist'
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
assert file, 'File test.txt is expected to exist'
|
||||
|
||||
User.current = User.find(1) #For some reason the above delete request changes User.current
|
||||
User.current = User.find 1 #For some reason the above delete request changes User.current
|
||||
|
||||
file.unlock!
|
||||
assert !file.locked?, "File failed to unlock by #{User.current.name}"
|
||||
project.disable_module! :dmsf
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
||||
end
|
||||
@ -1,6 +1,7 @@
|
||||
# Redmine plugin for Document Management System "Features"
|
||||
#
|
||||
# Copyright (C) 2012 Daniel Munn <dan.munn@munnster.co.uk>
|
||||
# Copyright (C) 2011-14 Karel Picman <karel.picman@kontron.com>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
@ -20,117 +21,114 @@ require File.expand_path('../../test_helper', __FILE__)
|
||||
|
||||
class DmsfWebdavIntegrationTest < RedmineDmsf::Test::IntegrationTest
|
||||
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules, :dmsf_folders, :dmsf_files, :dmsf_file_revisions
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules,
|
||||
:dmsf_folders, :dmsf_files, :dmsf_file_revisions
|
||||
|
||||
def setup
|
||||
@headers = credentials('admin')
|
||||
@admin = credentials 'admin'
|
||||
@jsmith = credentials 'jsmith'
|
||||
@project1 = Project.find_by_id 1
|
||||
@project2 = Project.find_by_id 2
|
||||
@role_developer = Role.find 2
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav'] = '1'
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] = 'WEBDAV_READ_WRITE'
|
||||
DmsfFile.storage_path = File.expand_path '../fixtures/files', __FILE__
|
||||
super
|
||||
end
|
||||
|
||||
def teardown
|
||||
@headers = nil
|
||||
def test_truth
|
||||
assert_kind_of Project, @project1
|
||||
assert_kind_of Project, @project2
|
||||
assert_kind_of Role, @role_developer
|
||||
end
|
||||
|
||||
test "should deny anonymous" do
|
||||
test 'should deny anonymous' do
|
||||
get 'dmsf/webdav'
|
||||
assert_response 401
|
||||
end
|
||||
|
||||
test "should deny failed authentication" do
|
||||
test 'should deny failed authentication' do
|
||||
get 'dmsf/webdav', nil, credentials('admin', 'badpassword')
|
||||
assert_response 401
|
||||
end
|
||||
|
||||
test "should permit authenticated user" do
|
||||
get 'dmsf/webdav', nil, @headers
|
||||
test 'should permit authenticated user' do
|
||||
get 'dmsf/webdav', nil, @admin
|
||||
assert_response :success
|
||||
end
|
||||
|
||||
test "should list DMSF enabled project" do
|
||||
|
||||
get 'dmsf/webdav', nil, @headers
|
||||
test 'should list DMSF enabled project' do
|
||||
get 'dmsf/webdav', nil, @admin
|
||||
assert_response :success
|
||||
|
||||
assert !response.body.match(Project.find(1).name).nil?, "Expected to find project #{Project.find(1).name} in return data"
|
||||
assert !response.body.match(@project1.name).nil?, "Expected to find project #{@project1.name} in return data"
|
||||
end
|
||||
|
||||
test "should not list non-DMSF enabled project" do
|
||||
|
||||
get 'dmsf/webdav', nil, @headers
|
||||
test 'should not list non-DMSF enabled project' do
|
||||
get 'dmsf/webdav', nil, @jsmith
|
||||
assert_response :success
|
||||
|
||||
assert response.body.match(Project.find(2).name).nil?, "Unexpected find of project #{Project.find(2).name} in return data"
|
||||
assert response.body.match(@project2.name).nil?, "Unexpected find of project #{@project2.name} in return data"
|
||||
end
|
||||
|
||||
test "should return status 404 when accessing non-existant or non dmsf-enabled project" do
|
||||
|
||||
test 'should return status 404 when accessing non-existant or non dmsf-enabled project' do
|
||||
## Test project resource object
|
||||
|
||||
get 'dmsf/webdav/project_does_not_exist', nil, @headers
|
||||
get 'dmsf/webdav/project_does_not_exist', nil, @jsmith
|
||||
assert_response 404
|
||||
|
||||
get "dmsf/webdav/#{Project.find(2).identifier}", nil, @headers
|
||||
get "dmsf/webdav/#{@project2.identifier}", nil, @jsmith
|
||||
assert_response 404
|
||||
|
||||
|
||||
## Test dmsf resource object
|
||||
|
||||
get 'dmsf/webdav/project_does_not_exist/test1', nil, @headers
|
||||
get 'dmsf/webdav/project_does_not_exist/test1', nil, @jsmith
|
||||
assert_response 404
|
||||
|
||||
get "dmsf/webdav/#{Project.find(2).identifier}/test.txt", nil, @headers
|
||||
get "dmsf/webdav/#{@project2.identifier}/test.txt", nil, @jsmith
|
||||
assert_response 404
|
||||
end
|
||||
|
||||
test "download file from DMSF enabled project" do
|
||||
test 'download file from DMSF enabled project' do
|
||||
# TODO: the storage path is not set as expected => reset
|
||||
DmsfFile.storage_path = File.expand_path('../../fixtures/files', __FILE__)
|
||||
get "dmsf/webdav/#{Project.find(1).identifier}/test.txt", nil, @headers
|
||||
assert_response 200
|
||||
assert (response.body != "1234"), "File downloaded with expected contents"
|
||||
end
|
||||
|
||||
test "should list dmsf contents within \"#{Project.find(1).identifier}\"" do
|
||||
get "dmsf/webdav/#{Project.find(1).identifier}", nil, @headers
|
||||
get "dmsf/webdav/#{@project1.identifier}/test.txt", nil, @admin
|
||||
assert_response :success
|
||||
assert !response.body.match(DmsfFolder.find(1).title).nil?, "Expected to find #{DmsfFolder.find(1).title} in return data"
|
||||
assert !response.body.match(DmsfFile.find(1).name).nil?, "Expected to find #{DmsfFile.find(1).name} in return data"
|
||||
assert_equal response.body, '1234', "File downloaded with unexpected contents: '#{response.body}'"
|
||||
end
|
||||
|
||||
test "user assigned to project" do
|
||||
test 'should list dmsf contents within project' do
|
||||
get "dmsf/webdav/#{@project1.identifier}", nil, @admin
|
||||
assert_response :success
|
||||
folder = DmsfFolder.find_by_id 1
|
||||
assert folder
|
||||
assert response.body.match(folder.title), "Expected to find #{folder.title} in return data"
|
||||
file = DmsfFile.find_by_id 1
|
||||
assert file
|
||||
assert response.body.match(file.name), "Expected to find #{file.name} in return data"
|
||||
end
|
||||
|
||||
test 'user assigned to project' do
|
||||
# We'll be using project 2 and user jsmith for this test (Manager)
|
||||
project = Project.find(2)
|
||||
role = Role.find(2) #Developer role
|
||||
jsmith = credentials('jsmith')
|
||||
user = User.find(2)
|
||||
|
||||
get "dmsf/webdav/#{project.identifier}", nil, jsmith
|
||||
get "dmsf/webdav/#{@project2.identifier}", nil, @jsmith
|
||||
assert_response 404
|
||||
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
|
||||
get "dmsf/webdav/#{project.identifier}", nil, jsmith
|
||||
get "dmsf/webdav/#{@project2.identifier}", nil, @jsmith
|
||||
assert_response 404
|
||||
|
||||
role.add_permission! :view_dmsf_folders #assign rights
|
||||
@role_developer.add_permission! :view_dmsf_folders #assign rights
|
||||
|
||||
get "dmsf/webdav/#{project.identifier}", nil, jsmith
|
||||
get "dmsf/webdav/#{@project2.identifier}", nil, @jsmith
|
||||
assert_response :success
|
||||
|
||||
get "dmsf/webdav/#{project.identifier}/test.txt", nil, jsmith
|
||||
get "dmsf/webdav/#{@project2.identifier}/test.txt", nil, @jsmith
|
||||
assert_response 403 #Access is not granted as does not hold view_dmsf_files role (yet)
|
||||
|
||||
role.add_permission! :view_dmsf_files #assign rights
|
||||
|
||||
get "dmsf/webdav/#{project.identifier}/test.txt", nil, jsmith
|
||||
@role_developer.add_permission! :view_dmsf_files #assign rights
|
||||
# TODO: the storage path is not set as expected => reset
|
||||
DmsfFile.storage_path = File.expand_path('../../fixtures/files', __FILE__)
|
||||
get "dmsf/webdav/#{@project2.identifier}/test.txt", nil, @jsmith
|
||||
assert_response :success
|
||||
assert (response.body != "1234"), "File downloaded with expected contents"
|
||||
|
||||
#tear down
|
||||
project.disable_module! :dmsf
|
||||
role.remove_permission! :view_dmsf_folders
|
||||
role.remove_permission! :view_dmsf_files
|
||||
|
||||
assert_equal response.body, '1234', "File downloaded with unexpected contents: '#{response.body}'"
|
||||
end
|
||||
|
||||
end
|
||||
@ -1,6 +1,7 @@
|
||||
# Redmine plugin for Document Management System "Features"
|
||||
#
|
||||
# Copyright (C) 2012 Daniel Munn <dan.munn@munnster.co.uk>
|
||||
# Copyright (C) 2011-14 Karel Picman <karel.picman@kontron.com>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
@ -20,20 +21,30 @@ require File.expand_path('../../test_helper', __FILE__)
|
||||
|
||||
class DmsfWebdavOptionsTest < RedmineDmsf::Test::IntegrationTest
|
||||
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules, :dmsf_folders
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules,
|
||||
:dmsf_folders
|
||||
|
||||
def setup
|
||||
DmsfFile.storage_path = File.expand_path('../../fixtures/files', __FILE__)
|
||||
@project1 = Project.find_by_id 1
|
||||
@project2 = Project.find_by_id 2
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav'] = '1'
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] = 'WEBDAV_READ_WRITE'
|
||||
DmsfFile.storage_path = File.expand_path '../fixtures/files', __FILE__
|
||||
end
|
||||
|
||||
test "HEAD requires authentication" do
|
||||
make_request "/dmsf/webdav/#{Project.find(1).identifier}"
|
||||
def test_truth
|
||||
assert_kind_of Project, @project1
|
||||
assert_kind_of Project, @project2
|
||||
end
|
||||
|
||||
test 'HEAD requires authentication' do
|
||||
make_request "/dmsf/webdav/#{@project1.identifier}"
|
||||
assert_response 401
|
||||
check_headers_dont_exist
|
||||
end
|
||||
|
||||
test "HEAD responds with authentication" do
|
||||
make_request "/dmsf/webdav/#{Project.find(1).identifier}", "admin"
|
||||
test 'HEAD responds with authentication' do
|
||||
make_request "/dmsf/webdav/#{@project1.identifier}", 'admin'
|
||||
assert_response :success
|
||||
check_headers_exist
|
||||
end
|
||||
@ -43,31 +54,33 @@ class DmsfWebdavOptionsTest < RedmineDmsf::Test::IntegrationTest
|
||||
# header and invalidates the test - where as a folder listing will always not include a last-modified
|
||||
# (but may include an etag, so there is an allowance for a 1 in 2 failure rate on (optionally) required
|
||||
# headers)
|
||||
test "HEAD responds to file" do
|
||||
make_request "/dmsf/webdav/#{Project.find(1).identifier}/test.txt", "admin"
|
||||
test 'HEAD responds to file' do
|
||||
# TODO: the storage path is not set as expected => reset
|
||||
DmsfFile.storage_path = File.expand_path('../../fixtures/files', __FILE__)
|
||||
make_request "/dmsf/webdav/#{@project1.identifier}/test.txt", 'admin'
|
||||
assert_response :success
|
||||
check_headers_exist #Note it'll allow 1 out of the 3 expected to fail
|
||||
end
|
||||
|
||||
test "HEAD fails when file or folder not found" do
|
||||
make_request "/dmsf/webdav/#{Project.find(1).identifier}/not_here.txt", "admin"
|
||||
test 'HEAD fails when file or folder not found' do
|
||||
make_request "/dmsf/webdav/#{@project1.identifier}/not_here.txt", 'admin'
|
||||
assert_response 404
|
||||
check_headers_dont_exist
|
||||
|
||||
make_request "/dmsf/webdav/folder_not_here", "admin"
|
||||
make_request '/dmsf/webdav/folder_not_here', 'admin'
|
||||
assert_response 404
|
||||
check_headers_dont_exist
|
||||
end
|
||||
|
||||
test "HEAD fails when project is not enabled for DMSF" do
|
||||
test 'HEAD fails when project is not enabled for DMSF' do
|
||||
|
||||
make_request "/dmsf/webdav/#{Project.find(2).identifier}/test.txt", "admin"
|
||||
make_request "/dmsf/webdav/#{@project2.identifier}/test.txt", 'jsmith'
|
||||
assert_response 404
|
||||
check_headers_dont_exist
|
||||
end
|
||||
|
||||
|
||||
private
|
||||
|
||||
def make_request(*args)
|
||||
if (args.length == 1) #Just a URL
|
||||
head args.first
|
||||
@ -77,7 +90,7 @@ class DmsfWebdavOptionsTest < RedmineDmsf::Test::IntegrationTest
|
||||
end
|
||||
|
||||
def check_headers_exist
|
||||
assert !(response.headers.nil? || response.headers.empty?), "Head returned without headers" #Headers exist?
|
||||
assert !(response.headers.nil? || response.headers.empty?), 'Head returned without headers' #Headers exist?
|
||||
values = {}
|
||||
values[:etag] = {:optional => true, :content => response.headers['Etag']}
|
||||
values[:content_type] = response.headers['Content-Type']
|
||||
@ -97,7 +110,7 @@ class DmsfWebdavOptionsTest < RedmineDmsf::Test::IntegrationTest
|
||||
end
|
||||
|
||||
def check_headers_dont_exist
|
||||
assert !(response.headers.nil? || response.headers.empty?), "Head returned without headers" #Headers exist?
|
||||
assert !(response.headers.nil? || response.headers.empty?), 'Head returned without headers' #Headers exist?
|
||||
values = {}
|
||||
values[:etag] = response.headers['Etag'];
|
||||
values[:last_modified] = response.headers['Last-Modified']
|
||||
@ -106,5 +119,4 @@ class DmsfWebdavOptionsTest < RedmineDmsf::Test::IntegrationTest
|
||||
}
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
@ -1,6 +1,7 @@
|
||||
# Redmine plugin for Document Management System "Features"
|
||||
#
|
||||
# Copyright (C) 2012 Daniel Munn <dan.munn@munnster.co.uk>
|
||||
# Copyright (C) 2011-14 Karel Picman <karel.picman@kontron.com>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
@ -20,71 +21,68 @@ require File.expand_path('../../test_helper', __FILE__)
|
||||
|
||||
class DmsfWebdavMkcolTest < RedmineDmsf::Test::IntegrationTest
|
||||
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules, :dmsf_folders
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules,
|
||||
:dmsf_folders
|
||||
|
||||
def setup
|
||||
@headers = credentials('admin')
|
||||
@admin = credentials 'admin'
|
||||
@jsmith = credentials 'jsmith'
|
||||
@project1 = Project.find_by_id 1
|
||||
@project2 = Project.find_by_id 2
|
||||
@role_developer = Role.find 2
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav'] = '1'
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] = 'WEBDAV_READ_WRITE'
|
||||
super
|
||||
end
|
||||
|
||||
def teardown
|
||||
@headers = nil
|
||||
def test_truth
|
||||
assert_kind_of Project, @project1
|
||||
assert_kind_of Project, @project2
|
||||
assert_kind_of Role, @role_developer
|
||||
end
|
||||
|
||||
test "MKCOL requires authentication" do
|
||||
xml_http_request :mkcol, "dmsf/webdav/test1"
|
||||
test 'MKCOL requires authentication' do
|
||||
xml_http_request :mkcol, 'dmsf/webdav/test1'
|
||||
assert_response 401
|
||||
end
|
||||
|
||||
test "MKCOL fails to create folder at root level" do
|
||||
xml_http_request :mkcol, "dmsf/webdav/test1", nil, @headers
|
||||
test 'MKCOL fails to create folder at root level' do
|
||||
xml_http_request :mkcol, 'dmsf/webdav/test1', nil, @admin
|
||||
assert_response 501 #Not Implemented at this level
|
||||
end
|
||||
|
||||
test "should not succeed on a non-existant project" do
|
||||
xml_http_request :mkcol, "dmsf/webdav/project_doesnt_exist/test1", nil, @headers
|
||||
test 'should not succeed on a non-existant project' do
|
||||
xml_http_request :mkcol, 'dmsf/webdav/project_doesnt_exist/test1', nil, @admin
|
||||
assert_response 404 #Not found
|
||||
end
|
||||
|
||||
test "should not succed on a non-dmsf enabled project" do
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{Project.find(2).identifier}/test1", nil, @headers
|
||||
assert_response 404
|
||||
test 'should not succed on a non-dmsf enabled project' do
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{@project2.identifier}/test1", nil, @jsmith
|
||||
assert_response :forbidden
|
||||
end
|
||||
|
||||
test "should create folder on dmsf enabled project" do
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{Project.find(1).identifier}/test1", nil, @headers
|
||||
test 'should create folder on dmsf enabled project' do
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{@project1.identifier}/test1", nil, @admin
|
||||
assert_response :success
|
||||
end
|
||||
|
||||
test "should fail to create folder that already exists" do
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{Project.find(1).identifier}/test1", nil, @headers
|
||||
test 'should fail to create folder that already exists' do
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{@project1.identifier}/test1", nil, @admin
|
||||
assert_response :success
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{Project.find(1).identifier}/test1", nil, @headers
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{@project1.identifier}/test1", nil, @admin
|
||||
assert_response 405 #Method not Allowed
|
||||
end
|
||||
|
||||
test "should fail to create folder for user without rights" do
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{Project.find(1).identifier}/test1", nil, credentials('jsmith')
|
||||
test 'should fail to create folder for user without rights' do
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{@project1.identifier}/test1", nil, @jsmith
|
||||
assert_response 403 #Forbidden
|
||||
end
|
||||
|
||||
test "should create folder for non-admin user with rights" do
|
||||
|
||||
role = Role.find(2) #Developer role
|
||||
jsmith = credentials('jsmith')
|
||||
user = User.find(2)
|
||||
project = Project.find(2)
|
||||
|
||||
role.add_permission! :folder_manipulation
|
||||
project.enable_module! :dmsf
|
||||
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{project.identifier}/test1", nil, credentials('jsmith')
|
||||
test 'should create folder for non-admin user with rights' do
|
||||
@role_developer.add_permission! :folder_manipulation
|
||||
@project2.enable_module! :dmsf
|
||||
xml_http_request :mkcol, "dmsf/webdav/#{@project2.identifier}/test1", nil, @jsmith
|
||||
assert_response :success
|
||||
|
||||
role.remove_permission! :folder_manipulation
|
||||
project.disable_module! :dmsf
|
||||
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
@ -1,6 +1,7 @@
|
||||
# Redmine plugin for Document Management System "Features"
|
||||
#
|
||||
# Copyright (C) 2012 Daniel Munn <dan.munn@munnster.co.uk>
|
||||
# Copyright (C) 2011-14 Karel Picman <karel.picman@kontron.com>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
@ -20,106 +21,110 @@ require File.expand_path('../../test_helper', __FILE__)
|
||||
|
||||
class DmsfWebdavOptionsTest < RedmineDmsf::Test::IntegrationTest
|
||||
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules, :dmsf_folders
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules,
|
||||
:dmsf_folders
|
||||
|
||||
def setup
|
||||
@headers = credentials('admin')
|
||||
@admin = credentials 'admin'
|
||||
@project1 = Project.find_by_id 1
|
||||
@project2 = Project.find_by_id 2
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav'] = '1'
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] = 'WEBDAV_READ_WRITE'
|
||||
super
|
||||
end
|
||||
|
||||
def teardown
|
||||
@headers = nil
|
||||
def test_truth
|
||||
assert_kind_of Project, @project1
|
||||
assert_kind_of Project, @project2
|
||||
end
|
||||
|
||||
test "OPTIONS requires no authentication for root level" do
|
||||
xml_http_request :options, "dmsf/webdav"
|
||||
test 'OPTIONS requires no authentication for root level' do
|
||||
xml_http_request :options, 'dmsf/webdav'
|
||||
assert_response :success
|
||||
end
|
||||
|
||||
test "OPTIONS returns expected Allow header" do
|
||||
xml_http_request :options, "dmsf/webdav"
|
||||
test 'OPTIONS returns expected Allow header' do
|
||||
xml_http_request :options, 'dmsf/webdav'
|
||||
assert_response :success
|
||||
assert !(response.headers.nil? || response.headers.empty?), "Response headers are empty"
|
||||
assert !response.headers["Allow"].nil? , "Allow header is empty or does not exist"
|
||||
assert response.headers["Allow"] == "OPTIONS,HEAD,GET,PUT,POST,DELETE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK", "Allow header returns expected content"
|
||||
assert !(response.headers.nil? || response.headers.empty?), 'Response headers are empty'
|
||||
assert response.headers['Allow'] , 'Allow header is empty or does not exist'
|
||||
assert response.headers['Allow'] == 'OPTIONS,HEAD,GET,PUT,POST,DELETE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK', 'Allow header returns expected content'
|
||||
end
|
||||
|
||||
test "OPTIONS returns expected Dav header" do
|
||||
xml_http_request :options, "dmsf/webdav"
|
||||
test 'OPTIONS returns expected Dav header' do
|
||||
xml_http_request :options, 'dmsf/webdav'
|
||||
assert_response :success
|
||||
assert !(response.headers.nil? || response.headers.empty?), "Response headers are empty"
|
||||
assert !response.headers["Dav"].nil? , "Dav header is empty or does not exist"
|
||||
assert response.headers["Dav"] == "1,2,3", "Dav header - expected: 1,2,3"
|
||||
assert !(response.headers.nil? || response.headers.empty?), 'Response headers are empty'
|
||||
assert response.headers['Dav'] , 'Dav header is empty or does not exist'
|
||||
assert response.headers['Dav'] == '1,2,3', 'Dav header - expected: 1,2,3'
|
||||
end
|
||||
|
||||
test "OPTIONS returns expected Ms-Auth-Via header" do
|
||||
xml_http_request :options, "dmsf/webdav"
|
||||
test 'OPTIONS returns expected Ms-Auth-Via header' do
|
||||
xml_http_request :options, 'dmsf/webdav'
|
||||
assert_response :success
|
||||
assert !(response.headers.nil? || response.headers.empty?), "Response headers are empty"
|
||||
assert !response.headers["Ms-Author-Via"].nil? , "Ms-Author-Via header is empty or does not exist"
|
||||
assert response.headers["Ms-Author-Via"] == "DAV", "Ms-Author-Via header - expected: DAV"
|
||||
assert !(response.headers.nil? || response.headers.empty?), 'Response headers are empty'
|
||||
assert response.headers['Ms-Author-Via'] , 'Ms-Author-Via header is empty or does not exist'
|
||||
assert response.headers['Ms-Author-Via'] == 'DAV', 'Ms-Author-Via header - expected: DAV'
|
||||
end
|
||||
|
||||
test "OPTIONS requires authentication for non-root request" do
|
||||
xml_http_request :options, "dmsf/webdav/#{Project.find(1).identifier}"
|
||||
test 'OPTIONS requires authentication for non-root request' do
|
||||
xml_http_request :options, "dmsf/webdav/#{@project1.identifier}"
|
||||
assert_response 401 #Unauthorized
|
||||
end
|
||||
|
||||
test "Un-authenticated OPTIONS returns expected Allow header" do
|
||||
xml_http_request :options, "dmsf/webdav/#{Project.find(1).identifier}"
|
||||
test 'Un-authenticated OPTIONS returns expected Allow header' do
|
||||
xml_http_request :options, "dmsf/webdav/#{@project1.identifier}"
|
||||
assert_response 401
|
||||
assert !(response.headers.nil? || response.headers.empty?), "Response headers are empty"
|
||||
assert response.headers["Allow"].nil? , "Allow header should not exist"
|
||||
assert response.headers["Allow"] != "OPTIONS,HEAD,GET,PUT,POST,DELETE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK", "Allow header returns expected"
|
||||
assert !(response.headers.nil? || response.headers.empty?), 'Response headers are empty'
|
||||
assert_nil response.headers['Allow'] , 'Allow header should not exist'
|
||||
#assert response.headers['Allow'] != 'OPTIONS,HEAD,GET,PUT,POST,DELETE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK', 'Allow header returns expected'
|
||||
end
|
||||
|
||||
test "Un-authenticated OPTIONS returns expected Dav header" do
|
||||
xml_http_request :options, "dmsf/webdav/#{Project.find(1).identifier}"
|
||||
test 'Un-authenticated OPTIONS returns expected Dav header' do
|
||||
xml_http_request :options, "dmsf/webdav/#{@project1.identifier}"
|
||||
assert_response 401
|
||||
assert !(response.headers.nil? || response.headers.empty?), "Response headers are empty"
|
||||
assert response.headers["Dav"].nil? , "Dav header should not exist"
|
||||
assert response.headers["Dav"] != "1,2,3", "Dav header - expected: <None>"
|
||||
assert !(response.headers.nil? || response.headers.empty?), 'Response headers are empty'
|
||||
assert_nil response.headers['Dav'] , 'Dav header should not exist'
|
||||
#assert response.headers['Dav'] != '1,2,3', 'Dav header - expected: <None>'
|
||||
end
|
||||
|
||||
test "Un-athenticated OPTIONS returns expected Ms-Auth-Via header" do
|
||||
xml_http_request :options, "dmsf/webdav/#{Project.find(1).identifier}"
|
||||
test 'Un-athenticated OPTIONS returns expected Ms-Auth-Via header' do
|
||||
xml_http_request :options, "dmsf/webdav/#{@project1.identifier}"
|
||||
assert_response 401
|
||||
assert !(response.headers.nil? || response.headers.empty?), "Response headers are empty"
|
||||
assert response.headers["Ms-Author-Via"].nil? , "Ms-Author-Via header should not exist"
|
||||
assert response.headers["Ms-Author-Via"] != "DAV", "Ms-Author-Via header - expected: <None>"
|
||||
assert !(response.headers.nil? || response.headers.empty?), 'Response headers are empty'
|
||||
assert_nil response.headers['Ms-Author-Via'] , 'Ms-Author-Via header should not exist'
|
||||
#assert response.headers["Ms-Author-Via"] != "DAV", "Ms-Author-Via header - expected: <None>"
|
||||
end
|
||||
|
||||
|
||||
test "Authenticated OPTIONS returns expected Allow header" do
|
||||
xml_http_request :options, "dmsf/webdav/#{Project.find(1).identifier}", nil, @headers
|
||||
test 'Authenticated OPTIONS returns expected Allow header' do
|
||||
xml_http_request :options, "dmsf/webdav/#{@project1.identifier}", nil, @admin
|
||||
assert_response :success
|
||||
assert !(response.headers.nil? || response.headers.empty?), "Response headers are empty"
|
||||
assert !response.headers["Allow"].nil? , "Allow header is empty or does not exist"
|
||||
assert response.headers["Allow"] == "OPTIONS,HEAD,GET,PUT,POST,DELETE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK", "Allow header returns expected"
|
||||
assert response.headers['Allow'], 'Allow header is empty or does not exist'
|
||||
assert response.headers['Allow'] == 'OPTIONS,HEAD,GET,PUT,POST,DELETE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK', 'Allow header returns expected'
|
||||
end
|
||||
|
||||
test "Authenticated OPTIONS returns expected Dav header" do
|
||||
xml_http_request :options, "dmsf/webdav/#{Project.find(1).identifier}", nil, @headers
|
||||
test 'Authenticated OPTIONS returns expected Dav header' do
|
||||
xml_http_request :options, "dmsf/webdav/#{@project1.identifier}", nil, @admin
|
||||
assert_response :success
|
||||
assert !(response.headers.nil? || response.headers.empty?), "Response headers are empty"
|
||||
assert !response.headers["Dav"].nil? , "Dav header is empty or does not exist"
|
||||
assert response.headers["Dav"] == "1,2,3", "Dav header - expected: 1,2,3"
|
||||
assert !(response.headers.nil? || response.headers.empty?), 'Response headers are empty'
|
||||
assert response.headers['Dav'], 'Dav header is empty or does not exist'
|
||||
assert response.headers['Dav'] == '1,2,3', 'Dav header - expected: 1,2,3'
|
||||
end
|
||||
|
||||
test "Authenticated OPTIONS returns expected Ms-Auth-Via header" do
|
||||
xml_http_request :options, "dmsf/webdav/#{Project.find(1).identifier}", nil, @headers
|
||||
test 'Authenticated OPTIONS returns expected Ms-Auth-Via header' do
|
||||
xml_http_request :options, "dmsf/webdav/#{@project1.identifier}", nil, @admin
|
||||
assert_response :success
|
||||
assert !(response.headers.nil? || response.headers.empty?), "Response headers are empty"
|
||||
assert !response.headers["Ms-Author-Via"].nil? , "Ms-Author-Via header is empty or does not exist"
|
||||
assert response.headers["Ms-Author-Via"] == "DAV", "Ms-Author-Via header - expected: DAV"
|
||||
assert !(response.headers.nil? || response.headers.empty?), 'Response headers are empty'
|
||||
assert response.headers['Ms-Author-Via'], 'Ms-Author-Via header is empty or does not exist'
|
||||
assert response.headers['Ms-Author-Via'] == 'DAV', 'Ms-Author-Via header - expected: DAV'
|
||||
end
|
||||
|
||||
test "Authenticated OPTIONS returns 404 for not-found or non-dmsf-enabled items" do
|
||||
xml_http_request :options, "dmsf/webdav/#{Project.find(2).identifier}", nil, @headers
|
||||
assert_response 404 #not found
|
||||
xml_http_request :options, "dmsf/webdav/does-not-exist", nil, @headers
|
||||
assert_response 404 #not found
|
||||
test 'Authenticated OPTIONS returns 401 for not-found or non-dmsf-enabled items' do
|
||||
xml_http_request :options, "dmsf/webdav/#{@project2.identifier}", nil, @jsmith
|
||||
assert_response 401 # refused
|
||||
xml_http_request :options, 'dmsf/webdav/does-not-exist', nil, @jsmith
|
||||
assert_response 401 # refused
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
@ -1,6 +1,7 @@
|
||||
# Redmine plugin for Document Management System "Features"
|
||||
#
|
||||
# Copyright (C) 2012 Daniel Munn <dan.munn@munnster.co.uk>
|
||||
# Copyright (C) 2011-14 Karel Picman <karel.picman@kontron.com>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
@ -23,23 +24,22 @@ class DmsfWebdavPostTest < RedmineDmsf::Test::IntegrationTest
|
||||
fixtures :users, :enabled_modules
|
||||
|
||||
def setup
|
||||
@headers = credentials('admin')
|
||||
@admin = credentials 'admin'
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav'] = '1'
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] = 'WEBDAV_READ_WRITE'
|
||||
super
|
||||
end
|
||||
|
||||
def teardown
|
||||
@headers = nil
|
||||
end
|
||||
|
||||
# Test that any post request is authenticated
|
||||
def test_post_request_authenticated
|
||||
post "/dmsf/webdav/"
|
||||
post '/dmsf/webdav/'
|
||||
assert_response 401 # 401 Unauthorized
|
||||
end
|
||||
|
||||
#Test post is not implimented
|
||||
# Test post is not implemented
|
||||
def test_post_not_implemented
|
||||
post "/dmsf/webdav/", nil, @headers
|
||||
post '/dmsf/webdav/', nil, @admin
|
||||
assert_response 501 # 501 Not Implemented
|
||||
end
|
||||
|
||||
end
|
||||
@ -1,6 +1,7 @@
|
||||
# Redmine plugin for Document Management System "Features"
|
||||
#
|
||||
# Copyright (C) 2012 Daniel Munn <dan.munn@munnster.co.uk>
|
||||
# Copyright (C) 2011-14 Karel Picman <karel.picman@kontron.com>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
@ -21,168 +22,155 @@ require 'fileutils'
|
||||
|
||||
class DmsfWebdavIntegrationTest < RedmineDmsf::Test::IntegrationTest
|
||||
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules, :dmsf_folders, :dmsf_files, :dmsf_file_revisions
|
||||
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules,
|
||||
:dmsf_folders, :dmsf_files, :dmsf_file_revisions
|
||||
|
||||
def setup
|
||||
DmsfLock.delete_all #Delete all locks that are in our test DB - probably not safe but ho hum
|
||||
timestamp = DateTime.now.strftime("%y%m%d%H%M")
|
||||
DmsfFile.storage_path = File.expand_path("./dmsf_test-#{timestamp}", DmsfHelper.temp_dir)
|
||||
Dir.mkdir(DmsfFile.storage_path) unless File.directory?(DmsfFile.storage_path)
|
||||
@admin = credentials('admin')
|
||||
@jsmith = credentials('jsmith')
|
||||
@admin = credentials 'admin'
|
||||
@jsmith = credentials 'jsmith'
|
||||
@jsmith = credentials 'jsmith'
|
||||
@project1 = Project.find_by_id 1
|
||||
@project2 = Project.find_by_id 2
|
||||
@role_developer = Role.find 2
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav'] = '1'
|
||||
Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] = 'WEBDAV_READ_WRITE'
|
||||
super
|
||||
end
|
||||
|
||||
def teardown
|
||||
@headers = nil
|
||||
#Delete our tmp folder
|
||||
begin
|
||||
FileUtils.rm_rf DmsfFile.storage_path
|
||||
rescue
|
||||
warn "DELETE FAILED"
|
||||
end
|
||||
# def teardown
|
||||
# # Delete our tmp folder
|
||||
# begin
|
||||
# FileUtils.rm_rf DmsfFile.storage_path
|
||||
# rescue
|
||||
# warn 'DELETE FAILED'
|
||||
# end
|
||||
# end
|
||||
|
||||
def test_truth
|
||||
assert_kind_of Project, @project1
|
||||
assert_kind_of Project, @project2
|
||||
assert_kind_of Role, @role_developer
|
||||
end
|
||||
|
||||
test "PUT denied unless authenticated" do
|
||||
test 'PUT denied unless authenticated' do
|
||||
put 'dmsf/webdav'
|
||||
assert_response 401
|
||||
|
||||
put "dmsf/webdav/#{Project.find(1).identifier}"
|
||||
put "dmsf/webdav/#{@project1.identifier}"
|
||||
assert_response 401
|
||||
|
||||
end
|
||||
|
||||
test "PUT denied with failed authentication" do
|
||||
test 'PUT denied with failed authentication' do
|
||||
put 'dmsf/webdav', nil, credentials('admin', 'badpassword')
|
||||
assert_response 401
|
||||
|
||||
put "dmsf/webdav/#{Project.find(1).identifier}", nil, credentials('admin', 'badpassword')
|
||||
put "dmsf/webdav/#{@project1.identifier}", nil, credentials('admin', 'badpassword')
|
||||
assert_response 401
|
||||
end
|
||||
|
||||
test "PUT denied at root level" do
|
||||
test 'PUT denied at root level' do
|
||||
put 'dmsf/webdav/test.txt', "1234", @admin.merge!({:content_type => :text})
|
||||
assert_response 501
|
||||
end
|
||||
|
||||
test "PUT denied on collection/folder" do
|
||||
put "dmsf/webdav/#{Project.find(1).identifier}", "1234", @admin.merge!({:content_type => :text})
|
||||
test 'PUT denied on collection/folder' do
|
||||
put "dmsf/webdav/#{@project1.identifier}", '1234', @admin.merge!({:content_type => :text})
|
||||
assert_response 403 #forbidden
|
||||
end
|
||||
|
||||
test "PUT failed on non-existant project" do
|
||||
put "dmsf/webdav/not_a_project/file.txt", "1234", @admin.merge!({:content_type => :text})
|
||||
test 'PUT failed on non-existant project' do
|
||||
put 'dmsf/webdav/not_a_project/file.txt', '1234', @admin.merge!({:content_type => :text})
|
||||
assert_response 409 # Conflict, not_a_project does not exist - file.txt cannot be created
|
||||
end
|
||||
|
||||
test "PUT as admin granted on dmsf-enabled project" do
|
||||
|
||||
put "dmsf/webdav/#{Project.find(1).identifier}/test-1234.txt", "1234", @admin.merge!({:content_type => :text})
|
||||
test 'PUT as admin granted on dmsf-enabled project' do
|
||||
put "dmsf/webdav/#{@project1.identifier}/test-1234.txt", '1234', @admin.merge!({:content_type => :text})
|
||||
assert_response 201 #201 Created
|
||||
|
||||
#Lets check for our file
|
||||
file = DmsfFile.find_file_by_name(Project.find(1), nil, "test-1234.txt")
|
||||
assert !file.nil?, 'Check for files existance'
|
||||
|
||||
file = DmsfFile.find_file_by_name @project1, nil, 'test-1234.txt'
|
||||
assert file, 'Check for files existance'
|
||||
end
|
||||
|
||||
test "PUT failed as admin on non-dmsf enabled project" do
|
||||
put "dmsf/webdav/#{Project.find(2).identifier}/test-1234.txt", "1234", @admin.merge!({:content_type => :text})
|
||||
test 'PUT failed as jsmith on non-dmsf enabled project' do
|
||||
put "dmsf/webdav/#{@project2.identifier}/test-1234.txt", '1234', @jsmith.merge!({:content_type => :text})
|
||||
assert_response 409 #Should report conflict, as project 2 technically doesn't exist if not enabled
|
||||
|
||||
#Lets check for our file
|
||||
file = DmsfFile.find_file_by_name(Project.find(2), nil, "test-1234.txt")
|
||||
assert file.nil?, 'Check for files existance'
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test-1234.txt'
|
||||
assert_nil file, 'Check for files existance'
|
||||
end
|
||||
|
||||
test "PUT failed when insuficient permissions on project" do
|
||||
test 'PUT failed when insuficient permissions on project' do
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
|
||||
project = Project.find(2)
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
role = Role.find(2)
|
||||
|
||||
put "dmsf/webdav/#{project.identifier}/test-1234.txt", "1234", @jsmith.merge!({:content_type => :text})
|
||||
put "dmsf/webdav/#{@project2.identifier}/test-1234.txt", '1234', @jsmith.merge!({:content_type => :text})
|
||||
assert_response 409 #We don't hold the permission view_dmsf_folders, and thus project 2 doesn't exist to us.
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
@role_developer.add_permission! :view_dmsf_folders
|
||||
|
||||
put "dmsf/webdav/#{project.identifier}/test-1234.txt", "1234", @jsmith.merge!({:content_type => :text})
|
||||
put "dmsf/webdav/#{@project2.identifier}/test-1234.txt", '1234', @jsmith.merge!({:content_type => :text})
|
||||
assert_response 403 #We don't hold the permission file_manipulation - so we're unable to do anything with files
|
||||
|
||||
role.remove_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
@role_developer.remove_permission! :view_dmsf_folders
|
||||
@role_developer.add_permission! :file_manipulation
|
||||
|
||||
#Check we don't have write access even if we do have the file_manipulation permission
|
||||
put "dmsf/webdav/#{project.identifier}/test-1234.txt", "1234", @jsmith.merge!({:content_type => :text})
|
||||
put "dmsf/webdav/#{@project2.identifier}/test-1234.txt", '1234', @jsmith.merge!({:content_type => :text})
|
||||
assert_response 409 #We don't hold the permission view_dmsf_folders, and thus project 2 doesn't exist to us.
|
||||
|
||||
#Lets check for our file
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test-1234.txt")
|
||||
assert file.nil?, 'File test-1234 was found in projects dmsf folder.'
|
||||
|
||||
role.remove_permission! :view_dmsf_folders
|
||||
role.remove_permission! :file_manipulation
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test-1234.txt'
|
||||
assert_nil file, 'File test-1234 was found in projects dmsf folder.'
|
||||
end
|
||||
|
||||
test "PUT succeeds for non-admin with correct permissions" do
|
||||
project = Project.find(2)
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
role = Role.find(2)
|
||||
test 'PUT succeeds for non-admin with correct permissions' do
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
|
||||
put "dmsf/webdav/#{project.identifier}/test-1234.txt", "1234", @jsmith.merge!({:content_type => :text})
|
||||
put "dmsf/webdav/#{@project2.identifier}/test-1234.txt", '1234', @jsmith.merge!({:content_type => :text})
|
||||
assert_response 409 #We don't hold the permission view_dmsf_folders, and thus project 2 doesn't exist to us.
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
@role_developer.add_permission! :view_dmsf_folders
|
||||
@role_developer.add_permission! :file_manipulation
|
||||
|
||||
#Check we don't have write access even if we do have the file_manipulation permission
|
||||
put "dmsf/webdav/#{project.identifier}/test-1234.txt", "1234", @jsmith.merge!({:content_type => :text})
|
||||
put "dmsf/webdav/#{@project2.identifier}/test-1234.txt", '1234', @jsmith.merge!({:content_type => :text})
|
||||
assert_response 201 #Now we have permissions :D
|
||||
|
||||
#Lets check for our file
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test-1234.txt")
|
||||
assert !file.nil?, 'File test-1234 was not found in projects dmsf folder.'
|
||||
|
||||
role.remove_permission! :view_dmsf_folders
|
||||
role.remove_permission! :file_manipulation
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test-1234.txt'
|
||||
assert file, 'File test-1234 was not found in projects dmsf folder.'
|
||||
end
|
||||
|
||||
test "PUT writes revision successfully for unlocked file" do
|
||||
project = Project.find(2)
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
role = Role.find(2)
|
||||
test 'PUT writes revision successfully for unlocked file' do
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
@role_developer.add_permission! :view_dmsf_folders
|
||||
@role_developer.add_permission! :file_manipulation
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
assert_difference('file.revisions.count') do
|
||||
put "dmsf/webdav/#{project.identifier}/test.txt", "1234", @jsmith.merge!({:content_type => :text})
|
||||
put "dmsf/webdav/#{@project2.identifier}/test.txt", '1234', @jsmith.merge!({:content_type => :text})
|
||||
assert_response 201 #Created
|
||||
end
|
||||
|
||||
role.remove_permission! :view_dmsf_folders
|
||||
role.remove_permission! :file_manipulation
|
||||
|
||||
end
|
||||
|
||||
test "PUT fails revision when file is locked" do
|
||||
role = Role.find(2)
|
||||
project = Project.find(2)
|
||||
test 'PUT fails revision when file is locked' do
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
@role_developer.add_permission! :view_dmsf_folders
|
||||
@role_developer.add_permission! :file_manipulation
|
||||
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
log_user 'admin', 'admin' # login as admin
|
||||
assert !User.current.anonymous?, 'Current user is not anonymous'
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
|
||||
log_user "admin", "admin" #login as jsmith
|
||||
assert !User.current.anonymous?, "Current user is not anonymous"
|
||||
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
assert file.lock!, "File failed to be locked by #{User.current.name}"
|
||||
|
||||
assert_no_difference('file.revisions.count') do
|
||||
put "dmsf/webdav/#{project.identifier}/test.txt", "1234", @jsmith.merge!({:content_type => :text})
|
||||
put "dmsf/webdav/#{@project2.identifier}/test.txt", '1234', @jsmith.merge!({:content_type => :text})
|
||||
assert_response 423 #Locked
|
||||
end
|
||||
|
||||
@ -190,29 +178,21 @@ class DmsfWebdavIntegrationTest < RedmineDmsf::Test::IntegrationTest
|
||||
file.unlock!
|
||||
|
||||
assert !file.locked?, "File failed to unlock by #{User.current.name}"
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
|
||||
end
|
||||
|
||||
test "PUT fails revision when file is locked and user is administrator" do
|
||||
role = Role.find(2)
|
||||
project = Project.find(2)
|
||||
test 'PUT fails revision when file is locked and user is administrator' do
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
@role_developer.add_permission! :view_dmsf_folders
|
||||
@role_developer.add_permission! :file_manipulation
|
||||
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
|
||||
log_user "jsmith", "jsmith" #login as jsmith
|
||||
log_user 'jsmith', 'jsmith' # login as jsmith
|
||||
assert !User.current.anonymous?, "Current user is not anonymous"
|
||||
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
assert file.lock!, "File failed to be locked by #{User.current.name}"
|
||||
|
||||
assert_no_difference('file.revisions.count') do
|
||||
put "dmsf/webdav/#{project.identifier}/test.txt", "1234", @admin.merge!({:content_type => :text})
|
||||
put "dmsf/webdav/#{@project2.identifier}/test.txt", "1234", @admin.merge!({:content_type => :text})
|
||||
assert_response 423 #Created
|
||||
end
|
||||
User.current = User.find(2)
|
||||
@ -222,36 +202,27 @@ class DmsfWebdavIntegrationTest < RedmineDmsf::Test::IntegrationTest
|
||||
#nothing
|
||||
end
|
||||
assert !file.locked?, "File failed to unlock by #{User.current.name}"
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
end
|
||||
|
||||
test "PUT accepts revision when file is locked and user is same as lock holder" do
|
||||
role = Role.find(2)
|
||||
project = Project.find(2)
|
||||
test 'PUT accepts revision when file is locked and user is same as lock holder' do
|
||||
@project2.enable_module! :dmsf #Flag module enabled
|
||||
@role_developer.add_permission! :view_dmsf_folders
|
||||
@role_developer.add_permission! :file_manipulation
|
||||
|
||||
project.enable_module! :dmsf #Flag module enabled
|
||||
log_user 'jsmith', 'jsmith' #login as jsmith
|
||||
assert !User.current.anonymous?, 'Current user is not anonymous'
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
|
||||
log_user "jsmith", "jsmith" #login as jsmith
|
||||
assert !User.current.anonymous?, "Current user is not anonymous"
|
||||
|
||||
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
|
||||
file = DmsfFile.find_file_by_name @project2, nil, 'test.txt'
|
||||
assert file.lock!, "File failed to be locked by #{User.current.name}"
|
||||
|
||||
assert_difference('file.revisions.count') do
|
||||
put "dmsf/webdav/#{project.identifier}/test.txt", "1234", @jsmith.merge!({:content_type => :text})
|
||||
put "dmsf/webdav/#{@project2.identifier}/test.txt", '1234', @jsmith.merge!({:content_type => :text})
|
||||
assert_response 201 #Created
|
||||
end
|
||||
|
||||
file.unlock!
|
||||
|
||||
assert !file.locked?, "File failed to unlock by #{User.current.name}"
|
||||
end
|
||||
|
||||
role.add_permission! :view_dmsf_folders
|
||||
role.add_permission! :file_manipulation
|
||||
end
|
||||
end
|
||||
Loading…
x
Reference in New Issue
Block a user