diff --git a/lib/api.rb b/lib/api.rb
index 881a0cae15c..69c563d50ed 100644
--- a/lib/api.rb
+++ b/lib/api.rb
@@ -439,7 +439,7 @@ module Api
if ["Course", "Group", "Account", "User"].include?(obj.context_type)
opts = {:only_path => true}
- opts.merge!(:verifier => obj.uuid) unless respond_to?(:in_app?, true) && in_app?
+ opts.merge!(:verifier => obj.uuid) unless respond_to?(:in_app?, true) && in_app? && !is_public
if match.rest.start_with?("/preview")
url = self.send("#{obj.context_type.downcase}_file_preview_url", obj.context_id, obj.id, opts)
else
@@ -449,7 +449,7 @@ module Api
end
else
opts = {:download => '1', :only_path => true}
- opts.merge!(:verifier => obj.uuid) unless respond_to?(:in_app?, true) && in_app?
+ opts.merge!(:verifier => obj.uuid) unless respond_to?(:in_app?, true) && in_app? && !is_public
url = file_download_url(obj.id, opts)
end
url
diff --git a/spec/integration/syllabus_spec.rb b/spec/integration/syllabus_spec.rb
index d65e1bb7c63..b61c4563db6 100644
--- a/spec/integration/syllabus_spec.rb
+++ b/spec/integration/syllabus_spec.rb
@@ -40,39 +40,54 @@ describe "syllabus" do
anonymous_syllabus_access_allowed :public_syllabus
end
- it "should allow viewing available files in a public syllabus" do
- course(:active_all => true)
- attachment_model
- @course.syllabus_body = "linky"
- @course.public_syllabus = true
- @course.save!
+ shared_examples_for "public syllabus file verifiers" do
+ it "should allow viewing available files in a public syllabus" do
+ course(:active_all => true)
+ attachment_model
+ @course.syllabus_body = "linky"
+ @course.public_syllabus = true
+ @course.save!
- get "/courses/#{@course.id}/assignments/syllabus"
+ get "/courses/#{@course.id}/assignments/syllabus"
- expect(response).to be_success
- page = Nokogiri::HTML(response.body)
- expect(page.css('#identity a[href="/login"]')).not_to be_nil
- link = page.at_css('#course_syllabus a')
- expect(link.attributes['href'].value).to include("verifier=#{@attachment.uuid}")
+ expect(response).to be_success
+ page = Nokogiri::HTML(response.body)
+ expect(page.css('#identity a[href="/login"]')).not_to be_nil
+ link = page.at_css('#course_syllabus a')
+ expect(link.attributes['href'].value).to include("verifier=#{@attachment.uuid}")
+ end
+
+ it "should not allow viewing locked files in a public syllabus" do
+ course(:active_all => true)
+ attachment_model
+ @attachment.locked = true
+ @attachment.save!
+
+ @course.syllabus_body = "linky"
+ @course.public_syllabus = true
+ @course.save!
+
+ get "/courses/#{@course.id}/assignments/syllabus"
+
+ expect(response).to be_success
+ page = Nokogiri::HTML(response.body)
+ expect(page.css('#identity a[href="/login"]')).not_to be_nil
+ link = page.at_css('#course_syllabus a')
+ expect(link.attributes['href'].value).to_not include("verifier=#{@attachment.uuid}")
+ end
+ end
+
+ context "as an anonymous user" do
+ include_examples "public syllabus file verifiers"
end
- it "should not allow viewing locked files in a public syllabus" do
- course(:active_all => true)
- attachment_model
- @attachment.locked = true
- @attachment.save!
+ context "as an authenticated non-course user" do
+ before :each do
+ user(:active_all => true)
+ user_session(@user)
+ end
- @course.syllabus_body = "linky"
- @course.public_syllabus = true
- @course.save!
-
- get "/courses/#{@course.id}/assignments/syllabus"
-
- expect(response).to be_success
- page = Nokogiri::HTML(response.body)
- expect(page.css('#identity a[href="/login"]')).not_to be_nil
- link = page.at_css('#course_syllabus a')
- expect(link.attributes['href'].value).to_not include("verifier=#{@attachment.uuid}")
+ include_examples "public syllabus file verifiers"
end
it "should display syllabus description on syllabus course home pages" do