diff options
| -rw-r--r-- | app/controllers/media_controller.rb | 13 | ||||
| -rw-r--r-- | app/models/media_attachment.rb | 1 | ||||
| -rw-r--r-- | spec/controllers/media_controller_spec.rb | 37 |
3 files changed, 46 insertions, 5 deletions
diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb index 488c4f944..fa1daf012 100644 --- a/app/controllers/media_controller.rb +++ b/app/controllers/media_controller.rb @@ -1,16 +1,19 @@ # frozen_string_literal: true class MediaController < ApplicationController - before_action :set_media_attachment + before_action :verify_permitted_status def show - redirect_to @media_attachment.file.url(:original) + redirect_to media_attachment.file.url(:original) end private - def set_media_attachment - @media_attachment = MediaAttachment.where.not(status_id: nil).find_by!(shortcode: params[:id]) - raise ActiveRecord::RecordNotFound unless @media_attachment.status.permitted?(current_account) + def media_attachment + MediaAttachment.attached.find_by!(shortcode: params[:id]) + end + + def verify_permitted_status + raise ActiveRecord::RecordNotFound unless media_attachment.status.permitted?(current_account) end end diff --git a/app/models/media_attachment.rb b/app/models/media_attachment.rb index 818190214..85e82e12b 100644 --- a/app/models/media_attachment.rb +++ b/app/models/media_attachment.rb @@ -33,6 +33,7 @@ class MediaAttachment < ApplicationRecord validates :account, presence: true + scope :attached, -> { where.not(status_id: nil) } scope :local, -> { where(remote_url: '') } default_scope { order('id asc') } diff --git a/spec/controllers/media_controller_spec.rb b/spec/controllers/media_controller_spec.rb new file mode 100644 index 000000000..ebf6aa006 --- /dev/null +++ b/spec/controllers/media_controller_spec.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe MediaController do + describe '#show' do + it 'redirects to the file url when attached to a status' do + status = Fabricate(:status) + media_attachment = Fabricate(:media_attachment, status: status) + get :show, params: { id: media_attachment.to_param } + + expect(response).to redirect_to(media_attachment.file.url(:original)) + end + + it 'responds with missing when there is not an attached status' do + media_attachment = Fabricate(:media_attachment, status: nil) + get :show, params: { id: media_attachment.to_param } + + expect(response).to have_http_status(:missing) + end + + it 'raises when shortcode cant be found' do + get :show, params: { id: 'missing' } + + expect(response).to have_http_status(:missing) + end + + it 'raises when not permitted to view' do + status = Fabricate(:status) + media_attachment = Fabricate(:media_attachment, status: status) + allow_any_instance_of(Status).to receive(:permitted?).and_return(false) + get :show, params: { id: media_attachment.to_param } + + expect(response).to have_http_status(:missing) + end + end +end |