still add verifiers to public syllabus content for authed users

test plan: * create a course with a public syllabus and a link to an unlocked file in the syllabus content * should already be able to view the syllabus and download the file when not logged-in * should also be able to view the syllabus and download the files when logged-in (but not belonging to the course) closes #CNVS-19585 Change-Id: I69adc4a8758a7deb2562229e20b057bcd0ad1971 Reviewed-on: https://gerrit.instructure.com/51353 Tested-by: Jenkins Reviewed-by: Jeremy Stanley <jeremy@instructure.com> QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com> Product-Review: James Williams <jamesw@instructure.com>
2015-04-01 07:09:29 -06:00 · 2015-04-01 07:09:29 -06:00 · 22b2c7fa7f
parent 4ade4bc026
commit 22b2c7fa7f
2 changed files with 45 additions and 30 deletions
--- a/lib/api.rb
+++ b/lib/api.rb
@ -439,7 +439,7 @@ module Api

      if ["Course", "Group", "Account", "User"].include?(obj.context_type)
        opts = {:only_path => true}
-        opts.merge!(:verifier => obj.uuid) unless respond_to?(:in_app?, true) && in_app?
+        opts.merge!(:verifier => obj.uuid) unless respond_to?(:in_app?, true) && in_app? && !is_public
        if match.rest.start_with?("/preview")
          url = self.send("#{obj.context_type.downcase}_file_preview_url", obj.context_id, obj.id, opts)
        else
@ -449,7 +449,7 @@ module Api
        end
      else
        opts = {:download => '1', :only_path => true}
-        opts.merge!(:verifier => obj.uuid) unless respond_to?(:in_app?, true) && in_app?
+        opts.merge!(:verifier => obj.uuid) unless respond_to?(:in_app?, true) && in_app? && !is_public
        url = file_download_url(obj.id, opts)
      end
      url
--- a/spec/integration/syllabus_spec.rb
+++ b/spec/integration/syllabus_spec.rb
@ -40,39 +40,54 @@ describe "syllabus" do
    anonymous_syllabus_access_allowed :public_syllabus
  end

-  it "should allow viewing available files in a public syllabus" do
-    course(:active_all => true)
-    attachment_model
-    @course.syllabus_body = "<a href=\"/courses/#{@course.id}/files/#{@attachment.id}/download\">linky</a>"
-    @course.public_syllabus = true
-    @course.save!
+  shared_examples_for "public syllabus file verifiers" do
+    it "should allow viewing available files in a public syllabus" do
+      course(:active_all => true)
+      attachment_model
+      @course.syllabus_body = "<a href=\"/courses/#{@course.id}/files/#{@attachment.id}/download\">linky</a>"
+      @course.public_syllabus = true
+      @course.save!

-    get "/courses/#{@course.id}/assignments/syllabus"
+      get "/courses/#{@course.id}/assignments/syllabus"

-    expect(response).to be_success
-    page = Nokogiri::HTML(response.body)
-    expect(page.css('#identity a[href="/login"]')).not_to be_nil
-    link = page.at_css('#course_syllabus a')
-    expect(link.attributes['href'].value).to include("verifier=#{@attachment.uuid}")
+      expect(response).to be_success
+      page = Nokogiri::HTML(response.body)
+      expect(page.css('#identity a[href="/login"]')).not_to be_nil
+      link = page.at_css('#course_syllabus a')
+      expect(link.attributes['href'].value).to include("verifier=#{@attachment.uuid}")
+    end
+
+    it "should not allow viewing locked files in a public syllabus" do
+      course(:active_all => true)
+      attachment_model
+      @attachment.locked = true
+      @attachment.save!
+
+      @course.syllabus_body = "<a href=\"/courses/#{@course.id}/files/#{@attachment.id}/download\">linky</a>"
+      @course.public_syllabus = true
+      @course.save!
+
+      get "/courses/#{@course.id}/assignments/syllabus"
+
+      expect(response).to be_success
+      page = Nokogiri::HTML(response.body)
+      expect(page.css('#identity a[href="/login"]')).not_to be_nil
+      link = page.at_css('#course_syllabus a')
+      expect(link.attributes['href'].value).to_not include("verifier=#{@attachment.uuid}")
+    end
+  end
+  
+  context "as an anonymous user" do
+    include_examples "public syllabus file verifiers"
  end

-  it "should not allow viewing locked files in a public syllabus" do
-    course(:active_all => true)
-    attachment_model
-    @attachment.locked = true
-    @attachment.save!
+  context "as an authenticated non-course user" do
+    before :each do
+      user(:active_all => true)
+      user_session(@user)
+    end

-    @course.syllabus_body = "<a href=\"/courses/#{@course.id}/files/#{@attachment.id}/download\">linky</a>"
-    @course.public_syllabus = true
-    @course.save!
-
-    get "/courses/#{@course.id}/assignments/syllabus"
-
-    expect(response).to be_success
-    page = Nokogiri::HTML(response.body)
-    expect(page.css('#identity a[href="/login"]')).not_to be_nil
-    link = page.at_css('#course_syllabus a')
-    expect(link.attributes['href'].value).to_not include("verifier=#{@attachment.uuid}")
+    include_examples "public syllabus file verifiers"
  end

  it "should display syllabus description on syllabus course home pages" do