fixes for api translation of attachment links

test plan:
* create an object with html user content (such as an
assignment description)
* include a file download link (e.g.
 "/courses/:id/files/:file_id/download")
* retrieve the object through the API
* confirm that the translated link (that includes
a verifier param), still has "/courses/:id"
rather than just "/files/:file_id/download"

* include a file preview link (e.g.
 "/courses/:id/files/:file_id/preview")
* retrieve the object through the API
* confirm that the translated link has
"/courses/:id" and still has "/preview"
 as well as a verifier param
* confirm that following the link in the browser
results in downloading the file

closes #CNVS-5213 #CNVS-5214 #CNVS-5215

Change-Id: Ib2bb6b1857055dbfe2d1b9e0873600beaa70bf75
Reviewed-on: https://gerrit.instructure.com/19512
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>

Author: maneframe

lib/api.rb

@@ -275,7 +275,17 @@ def api_user_content(html, context = @context, user = @current_user)
         end
       end
       next unless obj && rewriter.user_can_view_content?(obj)
-      file_download_url(obj.id, :verifier => obj.uuid, :download => '1', :host => host, :protocol => protocol)
+
+      if ["Course", "Group", "Account", "User"].include?(obj.context_type)
+        if match.rest.start_with?("/preview")
+          url = self.send("#{obj.context_type.downcase}_file_preview_url", obj.context_id, obj.id, :verifier => obj.uuid, :host => host, :protocol => protocol)
+        else
+          url = self.send("#{obj.context_type.downcase}_file_download_url", obj.context_id, obj.id, :verifier => obj.uuid, :download => '1', :host => host, :protocol => protocol)
+        end
+      else
+        url = file_download_url(obj.id, :verifier => obj.uuid, :download => '1', :host => host, :protocol => protocol)
+      end
+      url
     end
     html = rewriter.translate_content(html)
 

spec/apis/api_spec_helper.rb

@@ -127,16 +127,20 @@ def should_translate_user_content(course)
   content = %{
     <p>
       Hello, students.<br>
-      This will explain everything: <img src="/courses/#{course.id}/files/#{attachment.id}/preview" alt="important">
+      This will explain everything: <img id="1" src="/courses/#{course.id}/files/#{attachment.id}/preview" alt="important">
+      This won't explain anything:  <img id="2" src="/courses/#{course.id}/files/#{attachment.id}/download" alt="important">
       Also, watch this awesome video: <a href="/media_objects/qwerty" class="instructure_inline_media_comment video_comment" id="media_comment_qwerty"><img></a>
       And refer to this <a href="/courses/#{course.id}/wiki/awesome-page">awesome wiki page</a>.
     </p>
   }
   html = yield content
   doc = Nokogiri::HTML::DocumentFragment.parse(html)
-  img = doc.at_css('img')
-  img.should be_present
-  img['src'].should == "http://www.example.com/files/#{attachment.id}/download?verifier=#{attachment.uuid}"
+  img1 = doc.at_css('img#1')
+  img1.should be_present
+  img1['src'].should == "http://www.example.com/courses/#{course.id}/files/#{attachment.id}/preview?verifier=#{attachment.uuid}"
+  img2 = doc.at_css('img#2')
+  img2.should be_present
+  img2['src'].should == "http://www.example.com/courses/#{course.id}/files/#{attachment.id}/download?verifier=#{attachment.uuid}"
   video = doc.at_css('video')
   video.should be_present
   video['poster'].should match(%r{http://www.example.com/media_objects/qwerty/thumbnail})

spec/apis/user_content_spec.rb

@@ -19,32 +19,72 @@
 require File.expand_path(File.dirname(__FILE__) + '/api_spec_helper')
 
 describe UserContent, :type => :integration do
-  it "should translate file links to directly-downloadable urls" do
+  it "should translate course file download links to directly-downloadable urls" do
     course_with_teacher(:active_all => true)
     attachment_model
     @assignment = @course.assignments.create!(:title => "first assignment", :description => <<-HTML)
     <p>
       Hello, students.<br>
-      This will explain everything: <img src="/courses/#{@course.id}/files/#{@attachment.id}/preview" alt="important">
+      This will explain everything: <img src="/courses/#{@course.id}/files/#{@attachment.id}/download" alt="important">
     </p>
     HTML
 
     json = api_call(:get,
-                    "/api/v1/courses/#{@course.id}/assignments/#{@assignment.id}",
-    { :controller => 'assignments_api', :action => 'show',
-      :format => 'json', :course_id => @course.id.to_s, :id => @assignment.id.to_s })
+      "/api/v1/courses/#{@course.id}/assignments/#{@assignment.id}",
+      { :controller => 'assignments_api', :action => 'show',
+        :format => 'json', :course_id => @course.id.to_s, :id => @assignment.id.to_s })
 
     doc = Nokogiri::HTML::DocumentFragment.parse(json['description'])
-    doc.at_css('img')['src'].should == "http://www.example.com/files/#{@attachment.id}/download?verifier=#{@attachment.uuid}"
+    doc.at_css('img')['src'].should == "http://www.example.com/courses/#{@course.id}/files/#{@attachment.id}/download?verifier=#{@attachment.uuid}"
+  end
+
+  it "should translate group file download links to directly-downloadable urls" do
+    course_with_teacher(:active_all => true)
+    @group = @course.groups.create!(:name => "course group")
+    attachment_model(:context => @group)
+    @group.add_user(@teacher)
+    @group_topic = @group.discussion_topics.create!(:title => "group topic", :user => @teacher, :message =>  <<-HTML)
+    <p>
+      Hello, students.<br>
+      This will explain everything: <img src="/groups/#{@group.id}/files/#{@attachment.id}/download" alt="important">
+    </p>
+    HTML
+
+    json = api_call(:get,
+      "/api/v1/groups/#{@group.id}/discussion_topics/#{@group_topic.id}",
+      { :controller => 'discussion_topics_api', :action => 'show',
+        :format => 'json', :group_id => @group.id.to_s, :topic_id => @group_topic.id.to_s })
+
+    doc = Nokogiri::HTML::DocumentFragment.parse(json['message'])
+    doc.at_css('img')['src'].should == "http://www.example.com/groups/#{@group.id}/files/#{@attachment.id}/download?verifier=#{@attachment.uuid}"
   end
 
-  it "should translate file links to directly-downloadable urls for deleted and replaced files" do
+  it "should translate file download links to directly-downloadable urls for deleted and replaced files" do
     course_with_teacher(:active_all => true)
     attachment_model
     @attachment.destroy
     attachment2 = Attachment.create!(:folder => @attachment.folder, :context => @attachment.context, :filename => @attachment.filename, :uploaded_data => StringIO.new("first"))
     @context.attachments.find(@attachment.id).id.should == attachment2.id
 
+    @assignment = @course.assignments.create!(:title => "first assignment", :description => <<-HTML)
+    <p>
+      Hello, students.<br>
+      This will explain everything: <img src="/courses/#{@course.id}/files/#{@attachment.id}/download" alt="important">
+    </p>
+    HTML
+
+    json = api_call(:get,
+      "/api/v1/courses/#{@course.id}/assignments/#{@assignment.id}",
+      { :controller => 'assignments_api', :action => 'show',
+        :format => 'json', :course_id => @course.id.to_s, :id => @assignment.id.to_s })
+
+    doc = Nokogiri::HTML::DocumentFragment.parse(json['description'])
+    doc.at_css('img')['src'].should == "http://www.example.com/courses/#{@course.id}/files/#{attachment2.id}/download?verifier=#{attachment2.uuid}"
+  end
+
+  it "should translate file preview links to directly-downloadable preview urls" do
+    course_with_teacher(:active_all => true)
+    attachment_model
     @assignment = @course.assignments.create!(:title => "first assignment", :description => <<-HTML)
     <p>
       Hello, students.<br>
@@ -53,12 +93,12 @@
     HTML
 
     json = api_call(:get,
-                    "/api/v1/courses/#{@course.id}/assignments/#{@assignment.id}",
-                    { :controller => 'assignments_api', :action => 'show',
-                      :format => 'json', :course_id => @course.id.to_s, :id => @assignment.id.to_s })
+      "/api/v1/courses/#{@course.id}/assignments/#{@assignment.id}",
+      { :controller => 'assignments_api', :action => 'show',
+        :format => 'json', :course_id => @course.id.to_s, :id => @assignment.id.to_s })
 
     doc = Nokogiri::HTML::DocumentFragment.parse(json['description'])
-    doc.at_css('img')['src'].should == "http://www.example.com/files/#{attachment2.id}/download?verifier=#{attachment2.uuid}"
+    doc.at_css('img')['src'].should == "http://www.example.com/courses/#{@course.id}/files/#{@attachment.id}/preview?verifier=#{@attachment.uuid}"
   end
 
   it "should translate media comment links to embedded video tags" do

spec/apis/v1/discussion_topics_api_spec.rb

@@ -1357,7 +1357,7 @@ def call_mark_entry_unread(course, topic, entry)
       v0_r1 = v0['replies'][1]
       v0_r1['id'].should         == @reply2.id
       v0_r1['user_id'].should    == @teacher.id
-      v0_r1['message'].should    == "<p><a href=\"http://#{Account.default.domain}/files/#{@reply2_attachment.id}/download?verifier=#{@reply2_attachment.uuid}\">This is a file link</a></p>\n    <p>This is a video:\n      <video poster=\"http://#{Account.default.domain}/media_objects/0_abcde/thumbnail?height=448&amp;type=3&amp;width=550\" data-media_comment_type=\"video\" preload=\"none\" class=\"instructure_inline_media_comment\" data-media_comment_id=\"0_abcde\" controls=\"controls\" src=\"http://#{Account.default.domain}/courses/#{@course.id}/media_download?entryId=0_abcde&amp;redirect=1&amp;type=mp4\">link</video>\n    </p>"
+      v0_r1['message'].should    == "<p><a href=\"http://#{Account.default.domain}/courses/#{@course.id}/files/#{@reply2_attachment.id}/download?verifier=#{@reply2_attachment.uuid}\">This is a file link</a></p>\n    <p>This is a video:\n      <video poster=\"http://#{Account.default.domain}/media_objects/0_abcde/thumbnail?height=448&amp;type=3&amp;width=550\" data-media_comment_type=\"video\" preload=\"none\" class=\"instructure_inline_media_comment\" data-media_comment_id=\"0_abcde\" controls=\"controls\" src=\"http://#{Account.default.domain}/courses/#{@course.id}/media_download?entryId=0_abcde&amp;redirect=1&amp;type=mp4\">link</video>\n    </p>"
       v0_r1['parent_id'].should  == @root1.id
       v0_r1['created_at'].should == @reply2.created_at.as_json
       v0_r1['updated_at'].should == @reply2.updated_at.as_json

spec/apis/v1/submissions_api_spec.rb

@@ -551,7 +551,7 @@ def submit_homework(assignment, student, opts = {:body => "test!"})
     submit_homework(a1, student1, :media_comment_id => "54321", :media_comment_type => "video")
     sub1 = submit_homework(a1, student1) { |s| s.attachments = [attachment_model(:context => student1, :folder => nil)] }
 
-    sub2 = submit_homework(a1, student2, :url => "http://www.instructure.com") { |s| s.attachment = attachment_model(:context => s, :filename => 'snapshot.png', :content_type => 'image/png'); s.attachments = [attachment_model(:context => a1, :filename => 'ss2.png', :content_type => 'image/png')] }
+    sub2 = submit_homework(a1, student2, :url => "http://www.instructure.com") { |s| s.attachment = attachment_model(:context => student2, :filename => 'snapshot.png', :content_type => 'image/png'); s.attachments = [attachment_model(:context => student2, :filename => 'ss2.png', :content_type => 'image/png')] }
 
     media_object(:media_id => "3232", :context => student1, :user => student1, :media_type => "audio")
     a1.grade_student(student1, {:grade => '90%', :comment => "Well here's the thing...", :media_comment_id => "3232", :media_comment_type => "audio", :grader => @teacher})
@@ -728,6 +728,22 @@ def submit_homework(assignment, student, opts = {:body => "test!"})
            "grade_matches_current_submission"=>true,
            "attachments" =>
             [
+              {"content-type" => "image/png",
+               "display_name" => "snapshot.png",
+               "filename" => "snapshot.png",
+               "url" => "http://www.example.com/files/#{sub2.attachment.id}/download?download_frd=1&verifier=#{sub2.attachment.uuid}",
+               "id" => sub2.attachment.id,
+               "size" => sub2.attachment.size,
+               'unlock_at' => nil,
+               'locked' => false,
+               'hidden' => false,
+               'lock_at' => nil,
+               'locked_for_user' => false,
+               'hidden_for_user' => false,
+               'created_at' => sub2.attachment.created_at.as_json,
+               'updated_at' => sub2.attachment.updated_at.as_json,
+               'thumbnail_url' => sub2.attachment.thumbnail_url
+              },
              {"content-type" => "image/png",
               "display_name" => "ss2.png",
               "filename" => "ss2.png",
@@ -743,23 +759,7 @@ def submit_homework(assignment, student, opts = {:body => "test!"})
               'created_at' => sub2.attachments.first.reload.created_at.as_json,
               'updated_at' => sub2.attachments.first.updated_at.as_json,
               'thumbnail_url' => sub2.attachments.first.thumbnail_url,
-            },
-             {"content-type" => "image/png",
-              "display_name" => "snapshot.png",
-              "filename" => "snapshot.png",
-              "url" => "http://www.example.com/files/#{sub2.attachment.id}/download?download_frd=1&verifier=#{sub2.attachment.uuid}",
-              "id" => sub2.attachment.id,
-              "size" => sub2.attachment.size,
-              'unlock_at' => nil,
-              'locked' => false,
-              'hidden' => false,
-              'lock_at' => nil,
-              'locked_for_user' => false,
-              'hidden_for_user' => false,
-              'created_at' => sub2.attachment.created_at.as_json,
-              'updated_at' => sub2.attachment.updated_at.as_json,
-              'thumbnail_url' => sub2.attachment.thumbnail_url,
-              },
+            }
             ],
            "score"=>9,
            "workflow_state" => "graded",
@@ -769,7 +769,22 @@ def submit_homework(assignment, student, opts = {:body => "test!"})
         "submission_type"=>"online_url",
         "user_id"=>student2.id,
         "attachments" =>
-         [
+         [{"content-type" => "image/png",
+           "display_name" => "snapshot.png",
+           "filename" => "snapshot.png",
+           "url" => "http://www.example.com/files/#{sub2.attachment.id}/download?download_frd=1&verifier=#{sub2.attachment.uuid}",
+           "id" => sub2.attachment.id,
+           "size" => sub2.attachment.size,
+           'unlock_at' => nil,
+           'locked' => false,
+           'hidden' => false,
+           'lock_at' => nil,
+           'locked_for_user' => false,
+           'hidden_for_user' => false,
+           'created_at' => sub2.attachment.created_at.as_json,
+           'updated_at' => sub2.attachment.updated_at.as_json,
+           'thumbnail_url' => sub2.attachment.thumbnail_url,
+          },
           {"content-type" => "image/png",
            "display_name" => "ss2.png",
            "filename" => "ss2.png",
@@ -785,23 +800,7 @@ def submit_homework(assignment, student, opts = {:body => "test!"})
              'created_at' => sub2.attachments.first.created_at.as_json,
              'updated_at' => sub2.attachments.first.updated_at.as_json,
              'thumbnail_url' => sub2.attachments.first.thumbnail_url,
-         },
-          {"content-type" => "image/png",
-           "display_name" => "snapshot.png",
-           "filename" => "snapshot.png",
-           "url" => "http://www.example.com/files/#{sub2.attachment.id}/download?download_frd=1&verifier=#{sub2.attachment.uuid}",
-           "id" => sub2.attachment.id,
-           "size" => sub2.attachment.size,
-           'unlock_at' => nil,
-           'locked' => false,
-           'hidden' => false,
-           'lock_at' => nil,
-           'locked_for_user' => false,
-           'hidden_for_user' => false,
-           'created_at' => sub2.attachment.created_at.as_json,
-           'updated_at' => sub2.attachment.updated_at.as_json,
-           'thumbnail_url' => sub2.attachment.thumbnail_url,
-           },
+          }
          ],
         "submission_comments"=>[],
         "score"=>9,

spec/factories/attachment_factory.rb

@@ -26,7 +26,8 @@ def attachment_model(opts={})
 end
 
 def valid_attachment_attributes(opts={})
-  @context ||= opts[:context] || Course.first || course_model(:reusable => true)
+  @context = opts[:context] || @context
+  @context ||= Course.first || course_model(:reusable => true)
   @folder = Folder.root_folders(@context).find{|f| f.name == 'unfiled'} || Folder.root_folders(@context).first || folder_model
   @attributes_res = {
     :context => @context,

spec/integration/files_spec.rb

@@ -146,6 +146,50 @@
     # ensure that the user wasn't logged in by the normal means
     controller.instance_variable_get(:@current_user).should be_nil
   end
+  
+  it "should be able to use verifier in course context" do
+    course_with_teacher(:active_all => true, :user => user_with_pseudonym)
+    a1 = attachment_model(:uploaded_data => stub_png_data, :content_type => 'image/png', :context => @course)
+    HostUrl.stubs(:file_host_with_shard).returns(['files-test.host', Shard.default])
+    get "http://test.host/courses/#{@course.id}/files/#{a1.id}/download?verifier=#{a1.uuid}"
+    response.should be_redirect
+
+    uri = URI.parse response['Location']
+    qs = Rack::Utils.parse_nested_query(uri.query)
+    uri.host.should == 'files-test.host'
+    uri.path.should == "/courses/#{@course.id}/files/#{a1.id}/course%20files/test%20my%20file%3F%20hai!%26.png"
+    qs['verifier'].should == a1.uuid
+    location = response['Location']
+    reset!
+
+    get location
+    response.should be_success
+    response.content_type.should == 'image/png'
+    # ensure that the user wasn't logged in by the normal means
+    controller.instance_variable_get(:@current_user).should be_nil
+  end
+
+  it "should be able to directly download in course context preview links with verifier" do
+    course_with_teacher(:active_all => true, :user => user_with_pseudonym)
+    a1 = attachment_model(:uploaded_data => stub_png_data, :content_type => 'image/png', :context => @course)
+    HostUrl.stubs(:file_host_with_shard).returns(['files-test.host', Shard.default])
+    get "http://test.host/courses/#{@course.id}/files/#{a1.id}/preview?verifier=#{a1.uuid}"
+    response.should be_redirect
+
+    uri = URI.parse response['Location']
+    qs = Rack::Utils.parse_nested_query(uri.query)
+    uri.host.should == 'files-test.host'
+    uri.path.should == "/courses/#{@course.id}/files/#{a1.id}/course%20files/test%20my%20file%3F%20hai!%26.png"
+    qs['verifier'].should == a1.uuid
+    location = response['Location']
+    reset!
+
+    get location
+    response.should be_success
+    response.content_type.should == 'image/png'
+    # ensure that the user wasn't logged in by the normal means
+    controller.instance_variable_get(:@current_user).should be_nil
+  end
 
   it "should update module progressions for html safefiles iframe" do
     HostUrl.stubs(:file_host_with_shard).returns(['files-test.host', Shard.default])

spec/models/discussion_topic/materialized_view_spec.rb

@@ -76,7 +76,7 @@ def map_to_ids_and_replies(list)
     # verify the api_user_content functionality in a non-request context
     html_message = json[0]['replies'][1]['message']
     html = Nokogiri::HTML::DocumentFragment.parse(html_message)
-    html.at_css('a')['href'].should == "http://localhost/files/#{@reply2_attachment.id}/download?verifier=#{@reply2_attachment.uuid}"
+    html.at_css('a')['href'].should == "http://localhost/courses/#{@course.id}/files/#{@reply2_attachment.id}/download?verifier=#{@reply2_attachment.uuid}"
     html.at_css('video')['src'].should == "http://localhost/courses/#{@course.id}/media_download?entryId=0_abcde&redirect=1&type=mp4"
 
     # the deleted entry will be marked deleted and have no summary