fix file preview for hidden and nonexistent files

jstanley0 · jstanley0 · commit f80696b451fb · 2014-10-23T19:00:59.000Z
test plan: 1. enable "better file browsing" 2. go to the files page 3. click the cloud icon next to a file, select "Restricted Access", and then "Only available to students with link". 4. as a teacher, attempt to preview the file. you should see the file, not a not-found error. 5. attempt to preview a nonexistent file by going to the URL /courses/X/files/Y/file_preview (where X is a *valid* course ID and Y is an *invalid* file id). you should see an error message without Canvas chrome (no header or left-side menu) fixes CNVS-16394 Change-Id: I9c632d664e9fd8758dc63b21e6751a914f4a4ceb Reviewed-on: https://gerrit.instructure.com/43175 Reviewed-by: Ryan Shaw <ryan@instructure.com> Product-Review: Ryan Shaw <ryan@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
diff --git a/app/controllers/file_previews_controller.rb b/app/controllers/file_previews_controller.rb
@@ -49,7 +49,12 @@ class FilePreviewsController < ApplicationController
   # renders (or redirects to) appropriate content for the file, such as
   # canvadocs, crocodoc, inline image, etc.
   def show
-    @file = @context.attachments.active.find(params[:file_id])
+    @file = @context.attachments.not_deleted.find_by_id(params[:file_id])
+    unless @file
+      @headers = false
+      @show_left_side = false
+      return render template: 'shared/errors/404_message', status: :not_found
+    end
     if authorized_action(@file, @current_user, :download)
       # mark item seen for module progression purposes
       @file.context_module_action(@current_user, :read) if @current_user
diff --git a/spec/controllers/file_previews_controller_spec.rb b/spec/controllers/file_previews_controller_spec.rb
@@ -35,12 +35,14 @@
     expect(response.status).to eq 401
   end
 
-  it "should 404 if the file doesn't exist" do
+  it "should 404 (w/o canvas chrome) if the file doesn't exist" do
     attachment_model
     file_id = @attachment.id
     @attachment.destroy!
     get :show, course_id: @course.id, file_id: file_id
     expect(response.status).to eq 404
+    expect(assigns['headers']).to eq false
+    expect(assigns['show_left_side']).to eq false
   end
 
   it "should redirect to crododoc_url if available and params[:annotate] is given" do
@@ -104,4 +106,11 @@
     get :show, course_id: @course.id, file_id: @attachment.id
     expect(mod.evaluate_for(@user).workflow_state).to eq "completed"
   end
+
+  it "should work with hidden files" do
+    attachment_model content_type: 'image/png'
+    @attachment.update_attribute(:file_state, 'hidden')
+    get :show, course_id: @course.id, file_id: @attachment.id
+    expect(response).to be_success
+  end
 end
