add context route to files api show

and use it when possible for data-api-endpoints this will work around API authentication problems caused by incorrect file namespacing test plan: * should be able to see file information by visiting /api/v1/courses/X/files/Y closes #CNVS-19150 Change-Id: I4291b1101303f76bb3512dddbf2ddcf16073ae10 Reviewed-on: https://gerrit.instructure.com/51300 Reviewed-by: Jeremy Stanley <jeremy@instructure.com> Product-Review: Jeremy Stanley <jeremy@instructure.com> Tested-by: Jenkins QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
2015-03-31 13:17:17 -06:00 · 2015-03-31 13:17:17 -06:00 · e031b5b53b
parent 0f53b9f7a7
commit e031b5b53b
8 changed files with 29 additions and 10 deletions
--- a/app/controllers/files_controller.rb
+++ b/app/controllers/files_controller.rb
@ -457,9 +457,13 @@ class FilesController < ApplicationController
  #   curl 'https://<canvas>/api/v1/files/<file_id>' \
  #         -H 'Authorization: Bearer <token>'
  #
+  #   curl 'https://<canvas>/api/v1/courses/<course_id>/files/<file_id>' \
+  #         -H 'Authorization: Bearer <token>'
+  #
  # @returns File
  def api_show
-    @attachment = Attachment.find(params[:id])
+    get_context
+    @attachment = @context ? @context.attachments.find(params[:id]) : Attachment.find(params[:id])
    raise ActiveRecord::RecordNotFound if @attachment.deleted?
    params[:include] = Array(params[:include])
    if authorized_action(@attachment,@current_user,:read)
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1247,6 +1247,7 @@ CanvasRails::Application.routes.draw do
      get 'files/:id/public_url', action: :public_url
      %w(course group user).each do |context|
        get "#{context}s/:#{context}_id/files/quota", action: :api_quota
+        get "#{context}s/:#{context}_id/files/:id", action: :api_show, as: "#{context}_attachment"
      end
    end

--- a/lib/api/html/url_proxy.rb
+++ b/lib/api/html/url_proxy.rb
@ -53,9 +53,9 @@ module Api
        %r{^/users/(#{ID})/files$} => ['Folder', :api_v1_user_folder_url, :user_id, {:id => 'root'}],

        # Get file
-        %r{^/courses/#{ID}/files/(#{ID})/} => ['File', :api_v1_attachment_url, :id],
-        %r{^/groups/#{ID}/files/(#{ID})/} => ['File', :api_v1_attachment_url, :id],
-        %r{^/users/#{ID}/files/(#{ID})/} => ['File', :api_v1_attachment_url, :id],
+        %r{^/courses/(#{ID})/files/(#{ID})/} => ['File', :api_v1_course_attachment_url, :course_id, :id],
+        %r{^/groups/(#{ID})/files/(#{ID})/} => ['File', :api_v1_group_attachment_url, :group_id, :id],
+        %r{^/users/(#{ID})/files/(#{ID})/} => ['File', :api_v1_user_attachment_url, :user_id, :id],
        %r{^/files/(#{ID})/} => ['File', :api_v1_attachment_url, :id],

        # List quizzes
--- a/lib/api/v1/context_module.rb
+++ b/lib/api/v1/context_module.rb
@ -101,7 +101,7 @@ module Api::V1::ContextModule
        api_url = polymorphic_url([:api_v1, context_module.context, content_tag.content])
      # no context
      when 'Attachment'
-        api_url = polymorphic_url([:api_v1, content_tag.content])
+        api_url = polymorphic_url([:api_v1, context_module.context, content_tag.content])
      when 'ContextExternalTool'
        if content_tag.content && content_tag.content.tool_id
          api_url = sessionless_launch_url(context_module.context, :id => content_tag.content.id, :url => content_tag.content.url)
--- a/spec/apis/user_content_spec.rb
+++ b/spec/apis/user_content_spec.rb
@ -287,7 +287,7 @@ describe UserContent, type: :request do
          "http://www.example.com/api/v1/courses/#{@course.id}/discussion_topics",
          "http://www.example.com/api/v1/courses/#{@course.id}/discussion_topics/456",
          "http://www.example.com/api/v1/courses/#{@course.id}/folders/root",
-          "http://www.example.com/api/v1/files/789",
+          "http://www.example.com/api/v1/courses/#{@course.id}/files/789",
          "http://www.example.com/api/v1/files/789",
          "http://www.example.com/api/v1/courses/#{@course.id}/quizzes",
          "http://www.example.com/api/v1/courses/#{@course.id}/quizzes/999",
@ -330,7 +330,7 @@ describe UserContent, type: :request do
            "http://www.example.com/api/v1/groups/#{@group.id}/discussion_topics",
            "http://www.example.com/api/v1/groups/#{@group.id}/discussion_topics/1~123",
            "http://www.example.com/api/v1/groups/#{@group.id}/folders/root",
-            "http://www.example.com/api/v1/files/789"
+            "http://www.example.com/api/v1/groups/#{@group.id}/files/789"
        ]
        expect(doc.css('a').collect{ |att| att['data-api-returntype'] }).to eq(
            %w([Page] Page [Page] Page [Discussion] Discussion Folder File)
@ -351,7 +351,7 @@ describe UserContent, type: :request do
        doc = Nokogiri::HTML::DocumentFragment.parse(json['message'])
        expect(doc.css('a').collect { |att| att['data-api-endpoint'] }).to eq [
          "http://www.example.com/api/v1/users/#{@teacher.id}/folders/root",
-          "http://www.example.com/api/v1/files/789"
+          "http://www.example.com/api/v1/users/#{@teacher.id}/files/789"
        ]
        expect(doc.css('a').collect { |att| att['data-api-returntype'] }).to eq(
            %w(Folder File)
--- a/spec/apis/v1/context_module_items_api_spec.rb
+++ b/spec/apis/v1/context_module_items_api_spec.rb
@ -246,7 +246,7 @@ describe "Module Items API", type: :request do
          "position" => 2,
          "title" => @attachment_tag.title,
          "indent" => 0,
-          "url" => "http://www.example.com/api/v1/files/#{@attachment.id}",
+          "url" => "http://www.example.com/api/v1/courses/#{@course.id}/files/#{@attachment.id}",
          "published" => false,
          "module_id" => @module2.id
      })
--- a/spec/apis/v1/discussion_topics_api_spec.rb
+++ b/spec/apis/v1/discussion_topics_api_spec.rb
@ -2185,7 +2185,7 @@ describe DiscussionTopicsController, type: :request do

        a_tag = message.css("p a").first
        expect(a_tag["href"]).to eq "http://www.example.com/courses/#{@course.id}/files/#{@reply2_attachment.id}/download"
-        expect(a_tag["data-api-endpoint"]).to eq "http://www.example.com/api/v1/files/#{@reply2_attachment.id}"
+        expect(a_tag["data-api-endpoint"]).to eq "http://www.example.com/api/v1/courses/#{@course.id}/files/#{@reply2_attachment.id}"
        expect(a_tag["data-api-returntype"]).to eq "File"
        expect(a_tag.inner_text).to eq "This is a file link"

--- a/spec/apis/v1/files_controller_api_spec.rb
+++ b/spec/apis/v1/files_controller_api_spec.rb
@ -548,6 +548,20 @@ describe "Files API", type: :request do
      })
    end

+    it "should work with a context path" do
+      user_session(@user)
+      opts = @file_path_options.merge(:course_id => @course.id.to_param)
+      json = api_call(:get, "/api/v1/courses/#{@course.id}/files/#{@att.id}", opts, {})
+      expect(json['id']).to eq @att.id
+    end
+
+    it "should 404 with wrong context" do
+      course
+      user_session(@user)
+      opts = @file_path_options.merge(:course_id => @course.id.to_param)
+      api_call(:get, "/api/v1/courses/#{@course.id}/files/#{@att.id}", opts, {}, {}, :expected_status => 404)
+    end
+
    it "should omit verifiers when using session auth" do
      user_session(@user)
      get @file_path