redmine_dmsf/test/integration/dmsf_webdav_put_test.rb

# Redmine plugin for Document Management System "Features"
#
# Copyright (C) 2012   Daniel Munn <dan.munn@munnster.co.uk>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

require File.expand_path('../../test_helper', __FILE__)
require 'fileutils'

class DmsfWebdavIntegrationTest < RedmineDmsf::Test::IntegrationTest

  fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules, :dmsf_folders, :dmsf_files, :dmsf_file_revisions

  def setup
    DmsfLock.delete_all #Delete all locks that are in our test DB - probably not safe but ho hum
    timestamp = DateTime.now.strftime("%y%m%d%H%M")
    DmsfFile.storage_path = File.expand_path("./dmsf_test-#{timestamp}", DmsfHelper.temp_dir)
    Dir.mkdir(DmsfFile.storage_path) unless File.directory?(DmsfFile.storage_path)
    @admin = credentials('admin')
    @jsmith = credentials('jsmith')
    super
  end

  def teardown
    @headers = nil
    #Delete our tmp folder
    begin
      FileUtils.rm_rf DmsfFile.storage_path
    rescue 
      warn "DELETE FAILED"
    end
  end

  test "PUT denied unless authenticated" do
    put 'dmsf/webdav'
    assert_response 401

    put "dmsf/webdav/#{Project.find(1).identifier}"
    assert_response 401

  end

  test "PUT denied with failed authentication" do
    put 'dmsf/webdav', nil, credentials('admin', 'badpassword')
    assert_response 401

    put "dmsf/webdav/#{Project.find(1).identifier}", nil, credentials('admin', 'badpassword')
    assert_response 401
  end

  test "PUT denied at root level" do
    put 'dmsf/webdav/test.txt', "1234", @admin.merge!({:content_type => :text})
    assert_response 501
  end

  test "PUT denied on collection/folder" do
    put "dmsf/webdav/#{Project.find(1).identifier}", "1234", @admin.merge!({:content_type => :text})
    assert_response 403 #forbidden
  end

  test "PUT failed on non-existant project" do
    put "dmsf/webdav/not_a_project/file.txt", "1234", @admin.merge!({:content_type => :text})
    assert_response 409 # Conflict, not_a_project does not exist - file.txt cannot be created
  end

  test "PUT as admin granted on dmsf-enabled project" do

    put "dmsf/webdav/#{Project.find(1).identifier}/test-1234.txt", "1234", @admin.merge!({:content_type => :text})
    assert_response 201 #201 Created

    #Lets check for our file
    file = DmsfFile.find_file_by_name(Project.find(1), nil, "test-1234.txt")
    assert !file.nil?, 'Check for files existance'

  end

  test "PUT failed as admin on non-dmsf enabled project" do
    put "dmsf/webdav/#{Project.find(2).identifier}/test-1234.txt", "1234", @admin.merge!({:content_type => :text})
    assert_response 409 #Should report conflict, as project 2 technically doesn't exist if not enabled

    #Lets check for our file
    file = DmsfFile.find_file_by_name(Project.find(2), nil, "test-1234.txt")
    assert file.nil?, 'Check for files existance'
  end

  test "PUT failed when insuficient permissions on project" do

    project = Project.find(2)
    project.enable_module! :dmsf #Flag module enabled
    role = Role.find(2)

    put "dmsf/webdav/#{project.identifier}/test-1234.txt", "1234", @jsmith.merge!({:content_type => :text})
    assert_response 409 #We don't hold the permission view_dmsf_folders, and thus project 2 doesn't exist to us.

    role.add_permission! :view_dmsf_folders 

    put "dmsf/webdav/#{project.identifier}/test-1234.txt", "1234", @jsmith.merge!({:content_type => :text})
    assert_response 403 #We don't hold the permission file_manipulation - so we're unable to do anything with files

    role.remove_permission! :view_dmsf_folders
    role.add_permission! :file_manipulation

    #Check we don't have write access even if we do have the file_manipulation permission
    put "dmsf/webdav/#{project.identifier}/test-1234.txt", "1234", @jsmith.merge!({:content_type => :text})
    assert_response 409 #We don't hold the permission view_dmsf_folders, and thus project 2 doesn't exist to us.

    #Lets check for our file
    file = DmsfFile.find_file_by_name(project, nil, "test-1234.txt")
    assert file.nil?, 'File test-1234 was found in projects dmsf folder.'

    role.remove_permission! :view_dmsf_folders
    role.remove_permission! :file_manipulation
  end

  test "PUT succeeds for non-admin with correct permissions" do
    project = Project.find(2)
    project.enable_module! :dmsf #Flag module enabled
    role = Role.find(2)

    put "dmsf/webdav/#{project.identifier}/test-1234.txt", "1234", @jsmith.merge!({:content_type => :text})
    assert_response 409 #We don't hold the permission view_dmsf_folders, and thus project 2 doesn't exist to us.

    role.add_permission! :view_dmsf_folders
    role.add_permission! :file_manipulation

    #Check we don't have write access even if we do have the file_manipulation permission
    put "dmsf/webdav/#{project.identifier}/test-1234.txt", "1234", @jsmith.merge!({:content_type => :text})
    assert_response 201 #Now we have permissions :D

    #Lets check for our file
    file = DmsfFile.find_file_by_name(project, nil, "test-1234.txt")
    assert !file.nil?, 'File test-1234 was not found in projects dmsf folder.'

    role.remove_permission! :view_dmsf_folders
    role.remove_permission! :file_manipulation
  end

  test "PUT writes revision successfully for unlocked file" do
    project = Project.find(2)
    project.enable_module! :dmsf #Flag module enabled
    role = Role.find(2)

    role.add_permission! :view_dmsf_folders
    role.add_permission! :file_manipulation

    file = DmsfFile.find_file_by_name(project, nil, "test.txt")
    assert_difference('file.revisions.count') do
      put "dmsf/webdav/#{project.identifier}/test.txt", "1234", @jsmith.merge!({:content_type => :text})
      assert_response 201 #Created
    end

    role.remove_permission! :view_dmsf_folders
    role.remove_permission! :file_manipulation

  end

  test "PUT fails revision when file is locked" do
    role = Role.find(2)
    project = Project.find(2)

    project.enable_module! :dmsf #Flag module enabled

    role.add_permission! :view_dmsf_folders
    role.add_permission! :file_manipulation

    log_user "admin", "admin" #login as jsmith
    assert !User.current.anonymous?, "Current user is not anonymous"

    file = DmsfFile.find_file_by_name(project, nil, "test.txt")
    assert file.lock!, "File failed to be locked by #{User.current.name}"

    assert_no_difference('file.revisions.count') do
      put "dmsf/webdav/#{project.identifier}/test.txt", "1234", @jsmith.merge!({:content_type => :text})
      assert_response 423 #Locked
    end

    User.current = User.find(1)
    file.unlock!
    
    assert !file.locked?, "File failed to unlock by #{User.current.name}"

    role.add_permission! :view_dmsf_folders
    role.add_permission! :file_manipulation

  end

  test "PUT fails revision when file is locked and user is administrator" do
    role = Role.find(2)
    project = Project.find(2)

    project.enable_module! :dmsf #Flag module enabled

    role.add_permission! :view_dmsf_folders
    role.add_permission! :file_manipulation

    log_user "jsmith", "jsmith" #login as jsmith
    assert !User.current.anonymous?, "Current user is not anonymous"

    file = DmsfFile.find_file_by_name(project, nil, "test.txt")
    assert file.lock!, "File failed to be locked by #{User.current.name}"

    assert_no_difference('file.revisions.count') do
      put "dmsf/webdav/#{project.identifier}/test.txt", "1234", @admin.merge!({:content_type => :text})
      assert_response 423 #Created
    end
    User.current = User.find(2)
    begin
      file.unlock!
    rescue
      #nothing
    end
    assert !file.locked?, "File failed to unlock by #{User.current.name}"

    role.add_permission! :view_dmsf_folders
    role.add_permission! :file_manipulation
  end

  test "PUT accepts revision when file is locked and user is same as lock holder" do
    role = Role.find(2)
    project = Project.find(2)

    project.enable_module! :dmsf #Flag module enabled

    role.add_permission! :view_dmsf_folders
    role.add_permission! :file_manipulation

    log_user "jsmith", "jsmith" #login as jsmith
    assert !User.current.anonymous?, "Current user is not anonymous"

    file = DmsfFile.find_file_by_name(project, nil, "test.txt")
    assert file.lock!, "File failed to be locked by #{User.current.name}"

    assert_difference('file.revisions.count') do
      put "dmsf/webdav/#{project.identifier}/test.txt", "1234", @jsmith.merge!({:content_type => :text})
      assert_response 201 #Created
    end

    file.unlock!

    assert !file.locked?, "File failed to unlock by #{User.current.name}"

    role.add_permission! :view_dmsf_folders
    role.add_permission! :file_manipulation
  end
end