redmine_plugins/redmine_dmsf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Litmus WebDAV tester requirements

Browse Source
This commit is contained in:
Karel Pičman 2018-05-16 14:03:33 +02:00
parent 873354ad2c
commit dac29096e2
3 changed files with 73 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/redmine_dmsf.iml

5
lib/redmine_dmsf/webdav/dmsf_resource.rb
View File

@ -209,6 +209,11 @@ module RedmineDmsf
Conflict
end
elsif folder
# To fullfil Litmus requirements to not delete folder if fragments are in the URL
uri = URI(request.get_header('REQUEST_URI'))
if uri && uri.fragment
raise BadRequest
end
raise Forbidden unless User.current.admin? || User.current.allowed_to?(:folder_manipulation, project)
raise Forbidden unless DmsfFolder.permissions?(folder, false)
folder.delete(false) ? NoContent : Conflict

40
test/integration/webdav/dmsf_webdav_delete_test.rb
View File

@ -42,6 +42,7 @@ class DmsfWebdavDeleteTest < RedmineDmsf::Test::IntegrationTest
Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] = 'WEBDAV_READ_WRITE'
Setting.plugin_redmine_dmsf['dmsf_webdav_use_project_names'] = false
Setting.plugin_redmine_dmsf['dmsf_storage_directory'] = File.expand_path '../../../fixtures/files', __FILE__
@project1.enable_module! :dmsf # Flag module enabled
User.current = nil
end
@ -90,6 +91,7 @@ class DmsfWebdavDeleteTest < RedmineDmsf::Test::IntegrationTest
end
def test_dmsf_not_enabled
@project1.disable_module! :dmsf
delete "/dmsf/webdav/#{@project1.identifier}/test.txt", nil, @jsmith
assert_response :missing # Item does not exist, as project is not enabled.
end
@ -101,16 +103,13 @@ class DmsfWebdavDeleteTest < RedmineDmsf::Test::IntegrationTest
end
def test_unlocked_file
if Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] == 'WEBDAV_READ_WRITE'
delete "/dmsf/webdav/#{@project1.identifier}/#{@file1.name}", nil, @admin
assert_response :success # If its in the 20x range it's acceptable, should be 204.
@file1.reload
assert @file1.deleted?, "File #{@file1.name} hasn't been deleted"
end
end
def test_unathorized_user
@project1.enable_module! :dmsf # Flag module enabled
delete "/dmsf/webdav/#{@project1.identifier}/#{@file1.name}", nil, @jsmith
assert_response :missing # Without folder_view permission, he will not even be aware of its existence.
@file1.reload
@ -118,18 +117,14 @@ class DmsfWebdavDeleteTest < RedmineDmsf::Test::IntegrationTest
end
def test_unathorized_user_forbidden
if Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] == 'WEBDAV_READ_WRITE'
@project1.enable_module! :dmsf # Flag module enabled
@role.add_permission! :view_dmsf_folders
delete "/dmsf/webdav/#{@project1.identifier}/#{@file1.name}", nil, @jsmith
assert_response :forbidden # Now jsmith's role has view_folder rights, however they do not hold file manipulation rights.
@file1.reload
assert !@file1.deleted?, "File #{@file1.name} is expected to exist"
end
end
def test_view_folder_not_allowed
@project1.enable_module! :dmsf # Flag module enabled
@role.add_permission! :file_manipulation
delete "/dmsf/webdav/#{@project1.identifier}/#{@folder1.title}", nil, @jsmith
assert_response :missing # Without folder_view permission, he will not even be aware of its existence.
@ -138,44 +133,33 @@ class DmsfWebdavDeleteTest < RedmineDmsf::Test::IntegrationTest
end
def test_folder_manipulation_not_allowed
if Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] == 'WEBDAV_READ_WRITE'
@project1.enable_module! :dmsf # Flag module enabled
@role.add_permission! :view_dmsf_folders
delete "/dmsf/webdav/#{@project1.identifier}/#{@folder1.title}", nil, @jsmith
assert_response :forbidden # Without manipulation permission, action is forbidden.
@folder1.reload
assert !@folder1.deleted?, "Foler #{@folder1.title} is expected to exist"
end
end
def test_folder_delete_by_admin
if Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] == 'WEBDAV_READ_WRITE'
@project1.enable_module! :dmsf # Flag module enabled
delete "/dmsf/webdav/#{@project1.identifier}/#{@folder6.title}", nil, @admin
assert_response :success
@folder6.reload
assert @folder6.deleted?, "Folder #{@folder1.title} is not expected to exist"
end
end
def test_folder_delete_by_user
if Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] == 'WEBDAV_READ_WRITE'
@role.add_permission! :view_dmsf_folders
@role.add_permission! :folder_manipulation
@project1.enable_module! :dmsf # Flag module enabled
delete "/dmsf/webdav/#{@project1.identifier}/#{@folder6.title}", nil, @jsmith
assert_response :success
@folder6.reload
assert @folder6.deleted?, "Folder #{@folder1.title} is not expected to exist"
end
end
def test_folder_delete_by_user_with_project_names
Setting.plugin_redmine_dmsf['dmsf_webdav_use_project_names'] = true
if Setting.plugin_redmine_dmsf['dmsf_webdav_use_project_names'] == true
@role.add_permission! :view_dmsf_folders
@role.add_permission! :folder_manipulation
@project1.enable_module! :dmsf # Flag module enabled
delete "/dmsf/webdav/#{@project1.identifier}/#{@folder6.title}", nil, @jsmith
assert_response 404
p1name_uri = Addressable::URI.escape(RedmineDmsf::Webdav::ProjectResource.create_project_name(@project1))
@ -184,21 +168,15 @@ class DmsfWebdavDeleteTest < RedmineDmsf::Test::IntegrationTest
@folder6.reload
assert @folder6.deleted?, "Folder #{@folder1.title} is not expected to exist"
end
end
def test_file_delete_by_administrator
if Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] == 'WEBDAV_READ_WRITE'
@project1.enable_module! :dmsf
delete "/dmsf/webdav/#{@project1.identifier}/#{@file1.name}", nil, @admin
assert_response :success
@file1.reload
assert @file1.deleted?, "File #{@file1.name} is not expected to exist"
end
end
def test_file_delete_by_user
if Setting.plugin_redmine_dmsf['dmsf_webdav_strategy'] == 'WEBDAV_READ_WRITE'
@project1.enable_module! :dmsf
@role.add_permission! :view_dmsf_folders
@role.add_permission! :file_delete
delete "/dmsf/webdav/#{@project1.identifier}/#{@file1.name}", nil, @jsmith
@ -206,12 +184,9 @@ class DmsfWebdavDeleteTest < RedmineDmsf::Test::IntegrationTest
@file1.reload
assert @file1.deleted?, "File #{@file1.name} is not expected to exist"
end
end
def test_file_delete_by_user_with_project_names
Setting.plugin_redmine_dmsf['dmsf_webdav_use_project_names'] = true
if Setting.plugin_redmine_dmsf['dmsf_webdav_use_project_names'] == true
@project1.enable_module! :dmsf
@role.add_permission! :view_dmsf_folders
@role.add_permission! :file_delete
delete "/dmsf/webdav/#{@project1.identifier}/#{@file1.name}", nil, @jsmith
@ -222,10 +197,15 @@ class DmsfWebdavDeleteTest < RedmineDmsf::Test::IntegrationTest
@file1.reload
assert @file1.deleted?, "File #{@file1.name} is not expected to exist"
end
def test_folder_delete_fragments
@role.add_permission! :view_dmsf_folders
@role.add_permission! :folder_manipulation
delete "/dmsf/webdav/#{@project1.identifier}/#{@folder6.title}/#frament=HTTP/1.1", nil, @jsmith
assert_response 400 # BadRequest
end
def test_locked_folder
@project1.enable_module! :dmsf # Flag module enabled
@role.add_permission! :view_dmsf_folders
@role.add_permission! :folder_manipulation
@folder6.lock!
@ -236,7 +216,6 @@ class DmsfWebdavDeleteTest < RedmineDmsf::Test::IntegrationTest
end
def test_locked_file
@project1.enable_module! :dmsf
@role.add_permission! :view_dmsf_folders
@role.add_permission! :file_delete
@file1.lock!
@ -248,8 +227,6 @@ class DmsfWebdavDeleteTest < RedmineDmsf::Test::IntegrationTest
def test_non_versioned_file
Setting.plugin_redmine_dmsf['dmsf_webdav_disable_versioning'] = '\.tmp$'
if Setting.plugin_redmine_dmsf['dmsf_webdav_disable_versioning'] == '\.tmp$'
@project1.enable_module! :dmsf
@role.add_permission! :view_dmsf_folders
@role.add_permission! :file_delete
delete "/dmsf/webdav/#{@project1.identifier}/#{@file1.name}", nil, @jsmith
@ -257,6 +234,5 @@ class DmsfWebdavDeleteTest < RedmineDmsf::Test::IntegrationTest
# The file should be destroyed
assert_nil DmsfFile.visible.find_by_id @file1.id
end
end
end