display inline files in user context

fixes #6034

Change-Id: I6e48d0979b3082019528b6a3deadf9565d28027e
Reviewed-on: https://gerrit.instructure.com/6345
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>

Author: codekitchen

app/controllers/files_controller.rb

@@ -103,7 +103,6 @@ def full_index
       return
     end
     return unless tab_enabled?(@context.class::TAB_FILES)
-    @context = UserProfile.new(@context) if @context == @current_user
     log_asset_access("files:#{@context.asset_string}", "files", 'other') if @context
     respond_to do |format|
       if @contexts.empty?
@@ -162,15 +161,18 @@ def show
     original_params = params.dup
     params[:id] ||= params[:file_id]
     get_context
+    # note that the /files/XXX URL implicitly uses the current user as the
+    # context, even though it doesn't search for the file using
+    # @current_user.attachments.find , since it might not actually be a user
+    # attachment.
+    # this implicit context magic happens in ApplicationController#get_context
     if @context && !@context.is_a?(User)
       @attachment = @context.attachments.find(params[:id])
     else
       @attachment = Attachment.find(params[:id])
-      @context = nil
-      @skip_crumb = true
+      @skip_crumb = true unless @context
     end
     params[:download] ||= params[:preview]
-    @context = UserProfile.new(@context) if (@context == @current_user) && @current_user
     add_crumb(t('#crumbs.files', "Files"), named_context_url(@context, :context_files_url)) unless @skip_crumb
     if @attachment.deleted?
       flash[:notice] = t 'notices.deleted', "The file %{display_name} has been deleted", :display_name => @attachment.display_name

spec/factories/attachment_factory.rb

@@ -37,11 +37,15 @@ def valid_attachment_attributes(opts={})
   }
 end
 
-def stub_png_data(filename = 'test my file? hai!&.png', data = nil)
+def stub_file_data(filename, data, content_type)
   $stub_file_counter ||= 0
   data ||= "ohai#{$stub_file_counter += 1}"
   sio = StringIO.new(data)
   sio.stub!(:original_filename).and_return(filename)
-  sio.stub!(:content_type).and_return('image/png')
+  sio.stub!(:content_type).and_return(content_type)
   sio
 end
+
+def stub_png_data(filename = 'test my file? hai!&.png', data = nil)
+  stub_file_data(filename, data, 'image/png')
+end

spec/integration/files_spec.rb

@@ -41,6 +41,81 @@
     end
   end
 
+  context "should support User as a context" do
+    before(:each) do
+      user_with_pseudonym
+      login_as
+      @me = @user
+      @att = @me.attachments.create(:uploaded_data => stub_png_data('my-pic.png'))
+    end
+
+    it "with safefiles" do
+      HostUrl.stub!(:file_host).and_return('files-test.host')
+      get "http://test.host/users/#{@me.id}/files/#{@att.id}/download"
+      response.should be_redirect
+      uri = URI.parse response['Location']
+      qs = Rack::Utils.parse_nested_query(uri.query)
+      uri.host.should == 'files-test.host'
+      # redirects to a relative url, since relative files are available in user context
+      uri.path.should == "/users/#{@me.id}/files/#{@att.id}/my%20files/unfiled/my-pic.png"
+      @me.valid_access_verifier?(qs['ts'], qs['sf_verifier']).should be_true
+      location = response['Location']
+      reset!
+
+      get location
+      response.should be_success
+      response.content_type.should == 'image/png'
+      # ensure that the user wasn't logged in by the normal means
+      controller.instance_variable_get(:@current_user).should be_nil
+    end
+
+    it "without safefiles" do
+      HostUrl.stub!(:file_host).and_return('test.host')
+      get "http://test.host/users/#{@me.id}/files/#{@att.id}/download"
+      response.should be_success
+      response.content_type.should == 'image/png'
+      response['Pragma'].should be_nil
+      response['Cache-Control'].should_not match(/no-cache/)
+    end
+
+    context "with inlineable html files" do
+      before do
+        @att = @me.attachments.create(:uploaded_data => stub_file_data("ohai.html", "<html><body>ohai</body></html>", "text/html"))
+      end
+
+      it "with safefiles" do
+        HostUrl.stub!(:file_host).and_return('files-test.host')
+        get "http://test.host/users/#{@me.id}/files/#{@att.id}/download", :wrap => '1'
+        response.should be_redirect
+        uri = URI.parse response['Location']
+        qs = Rack::Utils.parse_nested_query(uri.query)
+        uri.host.should == 'test.host'
+        uri.path.should == "/users/#{@me.id}/files/#{@att.id}"
+        location = response['Location']
+
+        get location
+        # the response will be on the main domain, with an iframe pointing to the files domain and the actual uploaded html file
+        response.should be_success
+        response.content_type.should == 'text/html'
+        doc = Nokogiri::HTML::DocumentFragment.parse(response.body)
+        doc.at_css('iframe#file_content')['src'].should =~ %r{^http://files-test.host/users/#{@me.id}/files/#{@att.id}/my%20files/unfiled/ohai.html}
+      end
+
+      it "without safefiles" do
+        HostUrl.stub!(:file_host).and_return('test.host')
+        get "http://test.host/users/#{@me.id}/files/#{@att.id}/download", :wrap => '1'
+        response.should be_redirect
+        location = response['Location']
+        URI.parse(location).path.should == "/users/#{@me.id}/files/#{@att.id}"
+        get location
+        response.content_type.should == 'text/html'
+        doc = Nokogiri::HTML::DocumentFragment.parse(response.body)
+        doc.at_css('iframe#file_content')['src'].should =~ %r{^http://test.host/users/#{@me.id}/files/#{@att.id}/my%20files/unfiled/ohai.html}
+      end
+
+    end
+  end
+
   it "should use relative urls for safefiles in course context" do
     course_with_teacher(:active_all => true, :user => user_with_pseudonym)
     login_as