diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2019-05-09 09:44:08 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2019-05-09 09:44:08 +0100 |
| commit | c25332f3c0a6201726882c9d5b69bf314b5d061d (patch) | |
| tree | 71a047bf42a22fab0ea3dd076490ef45510605c3 /t/app/controller | |
| parent | 47b754d7a8dd1114eb745efcaf1495fb27f0c1d8 (diff) | |
| parent | 332c92ead825503c0540f805a0fdb39c64212c15 (diff) | |
Merge branch 'photo-caching'
Diffstat (limited to 't/app/controller')
| -rw-r--r-- | t/app/controller/photo.t | 71 | ||||
| -rw-r--r-- | t/app/controller/token.t | 4 |
2 files changed, 71 insertions, 4 deletions
diff --git a/t/app/controller/photo.t b/t/app/controller/photo.t index 842daa0dc..e1bf35fcf 100644 --- a/t/app/controller/photo.t +++ b/t/app/controller/photo.t @@ -13,7 +13,7 @@ my $mech = FixMyStreet::TestMech->new; my $sample_file = path(__FILE__)->parent->child("sample.jpg"); ok $sample_file->exists, "sample file $sample_file exists"; -my $westminster = $mech->create_body_ok(2527, 'Liverpool City Council'); +my $body = $mech->create_body_ok(2527, 'Liverpool City Council'); subtest "Check multiple upload worked" => sub { $mech->get_ok('/around'); @@ -112,4 +112,73 @@ subtest "Check photo uploading URL and endpoints work" => sub { }; }; +subtest "Check no access to update photos on hidden reports" => sub { + my $UPLOAD_DIR = tempdir( CLEANUP => 1 ); + + my ($report) = $mech->create_problems_for_body(1, $body->id, 'Title'); + my $update = $mech->create_comment_for_problem($report, $report->user, $report->name, 'Text', $report->anonymous, 'confirmed', 'confirmed', { photo => $report->photo }); + + FixMyStreet::override_config { + PHOTO_STORAGE_BACKEND => 'FileSystem', + PHOTO_STORAGE_OPTIONS => { + UPLOAD_DIR => $UPLOAD_DIR, + }, + }, sub { + my $image_path = path('t/app/controller/sample.jpg'); + $image_path->copy( path($UPLOAD_DIR, '74e3362283b6ef0c48686fb0e161da4043bbcc97.jpeg') ); + + $mech->get_ok('/photo/c/' . $update->id . '.0.jpeg'); + + $report->update({ state => 'hidden' }); + $report->get_photoset->delete_cached(plus_updates => 1); + + my $res = $mech->get('/photo/c/' . $update->id . '.0.jpeg'); + is $res->code, 404, 'got 404'; + }; +}; + +subtest 'non_public photos only viewable by correct people' => sub { + my $UPLOAD_DIR = tempdir( CLEANUP => 1 ); + path(FixMyStreet->path_to('web/photo'))->remove_tree({ keep_root => 1 }); + + my ($report) = $mech->create_problems_for_body(1, $body->id, 'Title', { + non_public => 1, + }); + + FixMyStreet::override_config { + PHOTO_STORAGE_BACKEND => 'FileSystem', + PHOTO_STORAGE_OPTIONS => { + UPLOAD_DIR => $UPLOAD_DIR, + }, + }, sub { + my $image_path = path('t/app/controller/sample.jpg'); + $image_path->copy( path($UPLOAD_DIR, '74e3362283b6ef0c48686fb0e161da4043bbcc97.jpeg') ); + + $mech->log_out_ok; + my $i = '/photo/' . $report->id . '.0.jpeg'; + my $res = $mech->get($i); + is $res->code, 404, 'got 404'; + + $mech->log_in_ok('test@example.com'); + $i = '/photo/' . $report->id . '.0.jpeg'; + $mech->get_ok($i); + my $image_file = FixMyStreet->path_to("web$i"); + ok !-e $image_file, 'File not cached out'; + + my $user = $mech->log_in_ok('someoneelse@example.com'); + $i = '/photo/' . $report->id . '.0.jpeg'; + $res = $mech->get($i); + is $res->code, 404, 'got 404'; + + $user->update({ from_body => $body }); + $user->user_body_permissions->create({ body => $body, permission_type => 'report_inspect' }); + $i = '/photo/' . $report->id . '.0.jpeg'; + $mech->get_ok($i); + + $user->update({ from_body => undef, is_superuser => 1 }); + $i = '/photo/' . $report->id . '.0.jpeg'; + $mech->get_ok($i); + }; +}; + done_testing(); diff --git a/t/app/controller/token.t b/t/app/controller/token.t index 858838865..f7dec1a31 100644 --- a/t/app/controller/token.t +++ b/t/app/controller/token.t @@ -1,5 +1,4 @@ use FixMyStreet::TestMech; -use FixMyStreet::App; my $mech = FixMyStreet::TestMech->new; my $user = $mech->create_user_ok('bob@example.com', name => 'Bob'); @@ -8,7 +7,6 @@ subtest 'Zurich special case for C::Tokens->problem_confirm' => sub { FixMyStreet::override_config { ALLOWED_COBRANDS => ['zurich'], }, sub { - my $c = FixMyStreet::App->new; my $zurich = $mech->create_body_ok( 1, 'Zurich' ); my ($report) = $mech->create_problems_for_body( 1, $zurich->id, @@ -19,7 +17,7 @@ subtest 'Zurich special case for C::Tokens->problem_confirm' => sub { }); is $report->get_extra_metadata('email_confirmed'), undef, 'email_confirmed not yet set (sanity)'; - my $token = $c->model('DB::Token')->create({ scope => 'problem', data => $report->id }); + my $token = FixMyStreet::DB->resultset('Token')->create({ scope => 'problem', data => $report->id }); $mech->get_ok('/P/' . $token->token); $report->discard_changes; |