このコミットが含まれているのは:
@@ -0,0 +1,57 @@
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe MaterialExportItem, type: :model do
|
||||
let(:user) { create(:user, :member) }
|
||||
let(:tag) { Tag.create!(tag_name: TagName.create!(name: 'export_item'), category: :material) }
|
||||
let(:material) do
|
||||
Material.create!(tag:, url: 'https://example.com/material',
|
||||
created_by_user: user, updated_by_user: user)
|
||||
end
|
||||
|
||||
it 'rejects blank export_path' do
|
||||
item = described_class.new(material:, profile: 'legacy_drive', export_path: '')
|
||||
|
||||
expect(item).not_to be_valid
|
||||
expect(item.errors[:export_path]).to be_present
|
||||
end
|
||||
|
||||
it 'rejects absolute export_path' do
|
||||
item = described_class.new(material:, profile: 'legacy_drive',
|
||||
export_path: '/素材/a.png')
|
||||
|
||||
expect(item).not_to be_valid
|
||||
expect(item.errors[:export_path]).to be_present
|
||||
end
|
||||
|
||||
it 'rejects parent traversal export_path' do
|
||||
item = described_class.new(material:, profile: 'legacy_drive',
|
||||
export_path: '素材/../a.png')
|
||||
|
||||
expect(item).not_to be_valid
|
||||
expect(item.errors[:export_path]).to be_present
|
||||
end
|
||||
|
||||
it 'rejects double slash export_path' do
|
||||
item = described_class.new(material:, profile: 'legacy_drive',
|
||||
export_path: '素材//a.png')
|
||||
|
||||
expect(item).not_to be_valid
|
||||
expect(item.errors[:export_path]).to be_present
|
||||
end
|
||||
|
||||
it 'rejects dot segment export_path' do
|
||||
item = described_class.new(material:, profile: 'legacy_drive',
|
||||
export_path: './素材/a.png')
|
||||
|
||||
expect(item).not_to be_valid
|
||||
expect(item.errors[:export_path]).to be_present
|
||||
end
|
||||
|
||||
it 'rejects trailing slash export_path' do
|
||||
item = described_class.new(material:, profile: 'legacy_drive',
|
||||
export_path: '素材/a/')
|
||||
|
||||
expect(item).not_to be_valid
|
||||
expect(item.errors[:export_path]).to be_present
|
||||
end
|
||||
end
|
||||
@@ -1,7 +1,10 @@
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe 'Materials API', type: :request do
|
||||
include ActiveJob::TestHelper
|
||||
|
||||
let!(:member_user) { create(:user, :member) }
|
||||
let!(:admin_user) { create(:user, :admin) }
|
||||
let!(:guest_user) { create(:user) }
|
||||
|
||||
def dummy_upload(filename: 'dummy.png', type: 'image/png', body: 'dummy')
|
||||
@@ -13,22 +16,29 @@ RSpec.describe 'Materials API', type: :request do
|
||||
end
|
||||
|
||||
def build_material(tag:, user:, parent: nil, file: dummy_upload, url: nil)
|
||||
Material.new(tag:, parent:, url:, created_by_user: user, updated_by_user: user).tap do |material|
|
||||
Material.new(tag:, parent:, url:,
|
||||
created_by_user: user,
|
||||
updated_by_user: user).tap do |material|
|
||||
material.file.attach(file) if file
|
||||
material.save!
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET /materials' do
|
||||
let!(:tag_a) { Tag.create!(tag_name: TagName.create!(name: 'material_index_a'), category: :material) }
|
||||
let!(:tag_b) { Tag.create!(tag_name: TagName.create!(name: 'material_index_b'), category: :material) }
|
||||
let!(:tag_a) do
|
||||
Tag.create!(tag_name: TagName.create!(name: 'material_index_a'), category: :material)
|
||||
end
|
||||
let!(:tag_b) do
|
||||
Tag.create!(tag_name: TagName.create!(name: 'material_index_b'), category: :material)
|
||||
end
|
||||
|
||||
let!(:material_a) do
|
||||
build_material(tag: tag_a, user: member_user, file: dummy_upload(filename: 'a.png'))
|
||||
end
|
||||
|
||||
let!(:material_b) do
|
||||
build_material(tag: tag_b, user: member_user, parent: material_a, file: dummy_upload(filename: 'b.png'))
|
||||
build_material(tag: tag_b, user: member_user, parent: material_a,
|
||||
file: dummy_upload(filename: 'b.png'))
|
||||
end
|
||||
|
||||
before do
|
||||
@@ -97,7 +107,9 @@ RSpec.describe 'Materials API', type: :request do
|
||||
end
|
||||
|
||||
describe 'GET /materials/:id' do
|
||||
let!(:tag) { Tag.create!(tag_name: TagName.create!(name: 'material_show'), category: :material) }
|
||||
let!(:tag) do
|
||||
Tag.create!(tag_name: TagName.create!(name: 'material_show'), category: :material)
|
||||
end
|
||||
let!(:material) do
|
||||
build_material(tag:, user: member_user, file: dummy_upload(filename: 'show.png'))
|
||||
end
|
||||
@@ -138,9 +150,22 @@ RSpec.describe 'Materials API', type: :request do
|
||||
end
|
||||
end
|
||||
|
||||
context 'when logged in' do
|
||||
context 'when logged in but not member' do
|
||||
before { sign_in_as(guest_user) }
|
||||
|
||||
it 'returns 403' do
|
||||
post '/materials', params: {
|
||||
tag: 'material_create_guest_forbidden',
|
||||
file: dummy_upload
|
||||
}
|
||||
|
||||
expect(response).to have_http_status(:forbidden)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when member' do
|
||||
before { sign_in_as(member_user) }
|
||||
|
||||
it 'returns 422 when tag is blank' do
|
||||
post '/materials', params: { tag: ' ', file: dummy_upload }
|
||||
|
||||
@@ -162,24 +187,49 @@ RSpec.describe 'Materials API', type: :request do
|
||||
expect do
|
||||
post '/materials', params: {
|
||||
tag: 'material_create_new',
|
||||
file: dummy_upload(filename: 'created.png')
|
||||
file: dummy_upload(filename: 'created.png'),
|
||||
export_paths: { legacy_drive: '伊地知ニジカ/created.png' }
|
||||
}
|
||||
end.to change(Material, :count).by(1)
|
||||
.and change(Tag, :count).by(1)
|
||||
.and change(TagName, :count).by(1)
|
||||
.and change(MaterialVersion, :count).by(1)
|
||||
|
||||
expect(response).to have_http_status(:created)
|
||||
|
||||
material = Material.order(:id).last
|
||||
expect(material.tag.name).to eq('material_create_new')
|
||||
expect(material.tag.category).to eq('material')
|
||||
expect(material.created_by_user).to eq(guest_user)
|
||||
expect(material.updated_by_user).to eq(guest_user)
|
||||
expect(material.created_by_user).to eq(member_user)
|
||||
expect(material.updated_by_user).to eq(member_user)
|
||||
expect(material.file.attached?).to be(true)
|
||||
expect(material.version_no).to eq(1)
|
||||
expect(material.material_versions.first.event_type).to eq('create')
|
||||
expect(material.material_export_items.first.export_path).to eq('伊地知ニジカ/created.png')
|
||||
expect(material.material_versions.first.export_paths_json).to eq(
|
||||
'legacy_drive' => '伊地知ニジカ/created.png'
|
||||
)
|
||||
|
||||
expect(json['id']).to eq(material.id)
|
||||
expect(json.dig('tag', 'name')).to eq('material_create_new')
|
||||
expect(json['content_type']).to eq('image/png')
|
||||
expect(json.dig('export_paths', 'legacy_drive')).to eq('伊地知ニジカ/created.png')
|
||||
end
|
||||
|
||||
it 'snapshots attached file metadata and sha256' do
|
||||
post '/materials', params: {
|
||||
tag: 'material_create_file_version',
|
||||
file: dummy_upload(filename: 'created.png', body: 'sha-body')
|
||||
}
|
||||
|
||||
expect(response).to have_http_status(:created)
|
||||
|
||||
version = Material.order(:id).last.material_versions.first
|
||||
expect(version.file_blob_id).to be_present
|
||||
expect(version.file_filename).to eq('created.png')
|
||||
expect(version.file_content_type).to eq('image/png')
|
||||
expect(version.file_byte_size).to eq('sha-body'.bytesize)
|
||||
expect(version.file_sha256).to eq(Digest::SHA256.hexdigest('sha-body'))
|
||||
end
|
||||
|
||||
it 'returns 422 when the existing tag is not material/character' do
|
||||
@@ -219,11 +269,33 @@ RSpec.describe 'Materials API', type: :request do
|
||||
expect(response).to have_http_status(:created)
|
||||
expect(json['url']).to eq('https://example.com/material-source')
|
||||
end
|
||||
|
||||
it 'rejects sha256-blocked file upload' do
|
||||
sha256 = Digest::SHA256.hexdigest('blocked-body')
|
||||
MaterialImportBlock.create!(match_kind: 'sha256',
|
||||
sha256:,
|
||||
reason: 'copyright_high_risk',
|
||||
created_by_user: admin_user)
|
||||
|
||||
expect do
|
||||
post '/materials', params: {
|
||||
tag: 'material_blocked_create',
|
||||
file: dummy_upload(filename: 'blocked.png', body: 'blocked-body')
|
||||
}
|
||||
end.not_to change(Material, :count)
|
||||
|
||||
expect(response).to have_http_status(:unprocessable_entity)
|
||||
expect(json.fetch('errors')).to include(
|
||||
'file' => ['抑止された素材です: copyright_high_risk']
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'PUT /materials/:id' do
|
||||
let!(:tag) { Tag.create!(tag_name: TagName.create!(name: 'material_update_old'), category: :material) }
|
||||
let!(:tag) do
|
||||
Tag.create!(tag_name: TagName.create!(name: 'material_update_old'), category: :material)
|
||||
end
|
||||
let!(:material) do
|
||||
build_material(tag:, user: member_user, file: dummy_upload(filename: 'old.png'))
|
||||
end
|
||||
@@ -277,25 +349,26 @@ RSpec.describe 'Materials API', type: :request do
|
||||
'tag' => ['タグは必須です.'])
|
||||
end
|
||||
|
||||
it 'returns 422 when both file and url are blank' do
|
||||
it 'keeps the existing file when file and url are omitted' do
|
||||
put "/materials/#{ material.id }", params: {
|
||||
tag: 'material_update_no_payload'
|
||||
}
|
||||
|
||||
expect(response).to have_http_status(:unprocessable_entity)
|
||||
expect(json.fetch('errors')).to include(
|
||||
'file' => ['ファイルまたは URL は必須です.'],
|
||||
'url' => ['ファイルまたは URL は必須です.'])
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(material.reload.file.attached?).to be(true)
|
||||
end
|
||||
|
||||
it 'updates tag, url, file, and updated_by_user' do
|
||||
old_blob_id = material.file.blob.id
|
||||
|
||||
put "/materials/#{ material.id }", params: {
|
||||
tag: 'material_update_new',
|
||||
url: 'https://example.com/updated-source',
|
||||
file: dummy_upload(filename: 'updated.jpg', type: 'image/jpeg')
|
||||
}
|
||||
expect do
|
||||
put "/materials/#{ material.id }", params: {
|
||||
tag: 'material_update_new',
|
||||
url: 'https://example.com/updated-source',
|
||||
file: dummy_upload(filename: 'updated.jpg', type: 'image/jpeg'),
|
||||
export_paths: { legacy_drive: '伊地知ニジカ/updated.jpg' }
|
||||
}
|
||||
end.to change(MaterialVersion, :count).by(2)
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
|
||||
@@ -306,8 +379,15 @@ RSpec.describe 'Materials API', type: :request do
|
||||
expect(material.updated_by_user).to eq(member_user)
|
||||
expect(material.file.attached?).to be(true)
|
||||
expect(material.file.blob.id).not_to eq(old_blob_id)
|
||||
expect(ActiveStorage::Blob.where(id: old_blob_id).exists?).to be(true)
|
||||
expect(material.file.blob.filename.to_s).to eq('updated.jpg')
|
||||
expect(material.file.blob.content_type).to eq('image/jpeg')
|
||||
expect(material.version_no).to eq(2)
|
||||
expect(material.material_versions.order(:version_no).last.event_type).to eq('update')
|
||||
expect(material.material_export_items.first.export_path).to eq('伊地知ニジカ/updated.jpg')
|
||||
expect(material.material_versions.order(:version_no).last.export_paths_json).to eq(
|
||||
'legacy_drive' => '伊地知ニジカ/updated.jpg'
|
||||
)
|
||||
|
||||
expect(json['id']).to eq(material.id)
|
||||
expect(json['file']).to be_present
|
||||
@@ -315,7 +395,7 @@ RSpec.describe 'Materials API', type: :request do
|
||||
expect(json.dig('tag', 'name')).to eq('material_update_new')
|
||||
end
|
||||
|
||||
it 'purges the existing file when file is omitted and url is provided' do
|
||||
it 'detaches the existing file without purging blob when url replaces file' do
|
||||
old_blob_id = material.file.blob.id
|
||||
|
||||
put "/materials/#{ material.id }", params: {
|
||||
@@ -331,9 +411,7 @@ RSpec.describe 'Materials API', type: :request do
|
||||
expect(material.updated_by_user).to eq(member_user)
|
||||
expect(material.file.attached?).to be(false)
|
||||
|
||||
expect(
|
||||
ActiveStorage::Blob.where(id: old_blob_id).exists?
|
||||
).to be(false)
|
||||
expect(ActiveStorage::Blob.where(id: old_blob_id).exists?).to be(true)
|
||||
|
||||
expect(json['id']).to eq(material.id)
|
||||
expect(json['file']).to be_nil
|
||||
@@ -341,11 +419,190 @@ RSpec.describe 'Materials API', type: :request do
|
||||
expect(json.dig('tag', 'name')).to eq('material_update_remove_file')
|
||||
expect(json['url']).to eq('https://example.com/updated-source')
|
||||
end
|
||||
|
||||
it 'does not increase version for the same snapshot update' do
|
||||
MaterialVersionRecorder.record!(material:, event_type: :create,
|
||||
created_by_user: member_user)
|
||||
|
||||
expect do
|
||||
put "/materials/#{ material.id }", params: {
|
||||
tag: 'material_update_old'
|
||||
}
|
||||
end.not_to change(MaterialVersion, :count)
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(material.reload.version_no).to eq(1)
|
||||
end
|
||||
|
||||
it 'records update version when only export_path changes' do
|
||||
MaterialVersionRecorder.record!(material:, event_type: :create,
|
||||
created_by_user: member_user)
|
||||
|
||||
expect do
|
||||
put "/materials/#{ material.id }", params: {
|
||||
tag: 'material_update_old',
|
||||
export_paths: { legacy_drive: '素材/only-path.png' }
|
||||
}
|
||||
end.to change(MaterialVersion, :count).by(1)
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(material.reload.material_export_items.first.export_path).to eq('素材/only-path.png')
|
||||
expect(material.material_versions.order(:version_no).last.export_paths_json).to eq(
|
||||
'legacy_drive' => '素材/only-path.png'
|
||||
)
|
||||
end
|
||||
|
||||
it 'removes export_path item when blank is submitted' do
|
||||
MaterialExportItem.create!(material:, profile: 'legacy_drive',
|
||||
export_path: '素材/remove.png',
|
||||
created_by_user: member_user)
|
||||
MaterialVersionRecorder.record!(material:, event_type: :create,
|
||||
created_by_user: member_user)
|
||||
|
||||
expect do
|
||||
put "/materials/#{ material.id }", params: {
|
||||
tag: 'material_update_old',
|
||||
export_paths: { legacy_drive: '' }
|
||||
}
|
||||
end.to change(MaterialExportItem, :count).by(-1)
|
||||
.and change(MaterialVersion, :count).by(1)
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(material.reload.material_export_items).to be_empty
|
||||
expect(material.material_versions.order(:version_no).last.export_paths_json).to eq({})
|
||||
end
|
||||
|
||||
it 'rejects sha256-blocked replacement file' do
|
||||
sha256 = Digest::SHA256.hexdigest('blocked-update')
|
||||
MaterialImportBlock.create!(match_kind: 'sha256',
|
||||
sha256:,
|
||||
reason: 'source_owner_request',
|
||||
created_by_user: admin_user)
|
||||
|
||||
put "/materials/#{ material.id }", params: {
|
||||
tag: 'material_update_old',
|
||||
file: dummy_upload(filename: 'blocked.png', body: 'blocked-update')
|
||||
}
|
||||
|
||||
expect(response).to have_http_status(:unprocessable_entity)
|
||||
expect(material.reload.file.blob.filename.to_s).to eq('old.png')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET /materials/download.zip' do
|
||||
let!(:tag_a) { Tag.create!(tag_name: TagName.create!(name: 'zip_a'), category: :material) }
|
||||
let!(:tag_b) { Tag.create!(tag_name: TagName.create!(name: 'zip_b'), category: :material) }
|
||||
let!(:material_a) do
|
||||
build_material(tag: tag_a, user: member_user,
|
||||
file: dummy_upload(filename: 'a.png', body: 'zip-a'))
|
||||
end
|
||||
let!(:material_b) do
|
||||
build_material(tag: tag_b, user: member_user,
|
||||
file: dummy_upload(filename: 'b.png', body: 'zip-b'))
|
||||
end
|
||||
|
||||
before do
|
||||
MaterialExportItem.create!(material: material_a, profile: 'legacy_drive',
|
||||
export_path: '素材/a.png',
|
||||
created_by_user: member_user)
|
||||
MaterialExportItem.create!(material: material_b, profile: 'legacy_drive',
|
||||
export_path: '素材/b.png',
|
||||
created_by_user: member_user)
|
||||
end
|
||||
|
||||
it 'uses material_export_items.export_path as ZIP entry paths' do
|
||||
get '/materials/download.zip', params: { profile: 'legacy_drive' }
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(response.media_type).to eq('application/zip')
|
||||
expect(response.body.b).to include('素材/a.png'.b)
|
||||
expect(response.body.b).to include('素材/b.png'.b)
|
||||
end
|
||||
|
||||
it 'filters by tag_id' do
|
||||
get '/materials/download.zip', params: { profile: 'legacy_drive', tag_id: tag_a.id }
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(response.body.b).to include('素材/a.png'.b)
|
||||
expect(response.body.b).not_to include('素材/b.png'.b)
|
||||
end
|
||||
|
||||
it 'does not include suppressed materials' do
|
||||
material_b.update!(file_suppressed_at: Time.current,
|
||||
file_suppression_reason: 'copyright_high_risk')
|
||||
|
||||
get '/materials/download.zip', params: { profile: 'legacy_drive' }
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(response.body.b).to include('素材/a.png'.b)
|
||||
expect(response.body.b).not_to include('素材/b.png'.b)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'PATCH /materials/:id/suppress_file' do
|
||||
let!(:tag) do
|
||||
Tag.create!(tag_name: TagName.create!(name: 'material_suppress'), category: :material)
|
||||
end
|
||||
let!(:material) do
|
||||
build_material(tag:, user: member_user, file: dummy_upload(filename: 'suppress.png'))
|
||||
end
|
||||
|
||||
it 'allows admin to suppress a file and records a suppress version' do
|
||||
sign_in_as(admin_user)
|
||||
MaterialVersionRecorder.record!(material:, event_type: :create,
|
||||
created_by_user: member_user)
|
||||
|
||||
expect do
|
||||
patch "/materials/#{ material.id }/suppress_file",
|
||||
params: { reason: 'copyright_high_risk' }
|
||||
end.to change(MaterialVersion, :count).by(1)
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
|
||||
material.reload
|
||||
expect(material.file_suppressed_at).to be_present
|
||||
expect(material.file_suppressed_by_user).to eq(admin_user)
|
||||
expect(material.file_suppression_reason).to eq('copyright_high_risk')
|
||||
expect(material.material_versions.order(:version_no).last.event_type).to eq('suppress')
|
||||
expect(json['file']).to be_nil
|
||||
expect(json['file_suppressed_at']).to be_present
|
||||
end
|
||||
|
||||
it 'purges blob when purge=true is requested' do
|
||||
sign_in_as(admin_user)
|
||||
old_blob_id = material.file.blob.id
|
||||
MaterialVersionRecorder.record!(material:, event_type: :create,
|
||||
created_by_user: member_user)
|
||||
|
||||
expect do
|
||||
patch "/materials/#{ material.id }/suppress_file",
|
||||
params: { reason: 'copyright_takedown', purge: '1' }
|
||||
end.to have_enqueued_job(ActiveStorage::PurgeJob)
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
|
||||
version = material.material_versions.order(:version_no).last
|
||||
expect(version.event_type).to eq('suppress')
|
||||
expect(version.file_blob_id).to eq(old_blob_id)
|
||||
expect(version.file_filename).to eq('suppress.png')
|
||||
expect(version.file_sha256).to be_present
|
||||
end
|
||||
|
||||
it 'rejects member suppression' do
|
||||
sign_in_as(member_user)
|
||||
|
||||
patch "/materials/#{ material.id }/suppress_file",
|
||||
params: { reason: 'copyright_high_risk' }
|
||||
|
||||
expect(response).to have_http_status(:forbidden)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'DELETE /materials/:id' do
|
||||
let!(:tag) { Tag.create!(tag_name: TagName.create!(name: 'material_destroy'), category: :material) }
|
||||
let!(:tag) do
|
||||
Tag.create!(tag_name: TagName.create!(name: 'material_destroy'), category: :material)
|
||||
end
|
||||
let!(:material) do
|
||||
build_material(tag:, user: member_user, file: dummy_upload(filename: 'destroy.png'))
|
||||
end
|
||||
|
||||
新しい課題から参照
ユーザをブロックする