redmine_plugins/redmine_dmsf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
redmine_dmsf/test/integration/dmsf_webdav_delete_test.rb
Karel Picman df36bccfba dos2unix
2013-12-17 09:24:08 +01:00

255 lines
8.1 KiB
Ruby
Raw Blame History

# Redmine plugin for Document Management System "Features"
#
# Copyright (C) 2012 Daniel Munn <dan.munn@munnster.co.uk>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require File.expand_path('../../test_helper', __FILE__)
class DmsfWebdavIntegrationTest < RedmineDmsf::Test::IntegrationTest
fixtures :projects, :users, :members, :member_roles, :roles, :enabled_modules, :dmsf_folders, :dmsf_files, :dmsf_file_revisions
def setup
DmsfFile.storage_path = File.expand_path("../fixtures/files", __FILE__)
DmsfLock.delete_all
@admin = credentials('admin')
@jsmith = credentials('jsmith')
super
end
test "DELETE denied unless authenticated" do
delete 'dmsf/webdav'
assert_response 401
delete "dmsf/webdav/#{Project.find(1).identifier}"
assert_response 401
end
test "DELETE denied with failed authentication" do
delete 'dmsf/webdav', nil, credentials('admin', 'badpassword')
assert_response 401
delete "dmsf/webdav/#{Project.find(1).identifier}", nil, credentials('admin', 'badpassword')
assert_response 401
end
test "DELETE denied on project folder" do
delete 'dmsf/webdav/', nil, @admin
assert_response 501
end
test "DELETE denied on folder with children" do
put "dmsf/webdav/#{Project.find(1).identifier}/folder1", nil, @admin
assert_response 403 #forbidden
end
test "DELETE failed on non-existant project" do
delete "dmsf/webdav/not_a_project/file.txt", nil, @admin
assert_response 404 #Item does not exist
end
test "DELETE failed on a non-dmsf-enabled project" do
project = Project.find(2) #Project 2
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @admin
assert_response 404 #Item does not exist, as project is not enabled
end
test "DELETE succeeds on unlocked file" do
project = Project.find(1)
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
assert !file.nil?, 'File test.txt is expected to exist'
assert_difference('DmsfFile.project_root_files(project).length', -1) do
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @admin
assert_response :success #If its in the 20x range it's acceptable, should be 204
end
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
assert file.nil?, 'File test.txt is expected to not exist'
end
test "DELETE denied on existing file by unauthorised user" do
project = Project.find(2)
role = Role.find(2)
project.enable_module! :dmsf #Flag module enabled
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @jsmith
assert_response 404 #Without folder_view permission, he will not even be aware of its existence
role.add_permission! :view_dmsf_folders
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @jsmith
assert_response 403 #Now jsmith's role has view_folder rights, however they do not hold file manipulation rights
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
assert !file.nil?, 'File test.txt is expected to exist'
role.remove_permission! :view_dmsf_folders
project.disable_module! :dmsf
end
test "DELETE fails when file_manipulation is granted but view_dmsf_folders is not" do
project = Project.find(2)
role = Role.find(2)
project.enable_module! :dmsf #Flag module enabled
role.add_permission! :file_manipulation
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @jsmith
assert_response 404 #Without folder_view permission, he will not even be aware of its existence
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
assert !file.nil?, 'File test.txt is expected to exist'
project.disable_module! :dmsf
end
test "DELETE fails on folder without folder_manipulation permission" do
project = Project.find(2)
role = Role.find(2)
folder = DmsfFolder.find(3) #project 2/folder1
project.enable_module! :dmsf #Flag module enabled
role.add_permission! :view_dmsf_folders
assert_no_difference('folder.subfolders.length') do
delete "dmsf/webdav/#{project.identifier}/folder1/folder2", nil, @jsmith
assert_response 403 #Without manipulation permission, action is forbidden
end
project.disable_module! :dmsf
end
test "DELETE folder is successful by administrator" do
project = Project.find(2)
folder = DmsfFolder.find(3) #project 2/folder1
project.enable_module! :dmsf #Flag module enabled
assert_difference('folder.subfolders.length', -1) do
delete "dmsf/webdav/#{project.identifier}/folder1/folder2", nil, @admin
assert_response :success
folder.reload #We know there is a change, but does the object?
end
project.disable_module! :dmsf
end
test "DELETE folder is successful by user with roles" do
project = Project.find(2)
folder = DmsfFolder.find(3) #project 2/folder1
role = Role.find(2)
role.add_permission! :view_dmsf_folders
role.add_permission! :folder_manipulation
project.enable_module! :dmsf #Flag module enabled
assert_difference('folder.subfolders.length', -1) do
delete "dmsf/webdav/#{project.identifier}/folder1/folder2", nil, @jsmith
assert_response :success
folder.reload #We know there is a change, but does the object?
end
project.disable_module! :dmsf
end
test "DELETE file is successful by administrator" do
project = Project.find(2)
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
assert !file.nil?, 'File test.txt is expected to exist'
project.enable_module! :dmsf
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @admin
assert_response :success
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
assert file.nil?, 'File test.txt is expected to not exist'
project.disable_module! :dmsf
end
test "DELETE file is successful by user with correct permissions" do
project = Project.find(2)
role = Role.find(2)
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
project.enable_module! :dmsf
role.add_permission! :view_dmsf_folders
role.add_permission! :file_manipulation
assert !file.nil?, 'File test.txt is expected to exist'
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @jsmith
assert_response :success
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
assert file.nil?, 'File test.txt is expected to not exist'
project.disable_module! :dmsf
role.remove_permission! :view_dmsf_folders
role.remove_permission! :file_manipulation
end
test "DELETE fails when file is locked" do
role = Role.find(2)
project = Project.find(2)
project.enable_module! :dmsf #Flag module enabled
role.add_permission! :view_dmsf_folders
role.add_permission! :file_manipulation
log_user "admin", "admin" #login as admin
assert !User.current.anonymous?, "Current user is not anonymous"
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
assert file.lock!, "File failed to be locked by #{User.current.name}"
delete "dmsf/webdav/#{project.identifier}/test.txt", nil, @jsmith
assert_response 423 #Locked
file = DmsfFile.find_file_by_name(project, nil, "test.txt")
assert !file.nil?, 'File test.txt is expected to exist'
User.current = User.find(1) #For some reason the above delete request changes User.current
file.unlock!
assert !file.locked?, "File failed to unlock by #{User.current.name}"
project.disable_module! :dmsf
role.add_permission! :view_dmsf_folders
role.add_permission! :file_manipulation
end
end
Reference in New Issue View Git Blame Copy Permalink