From e966de69222abe650ec5e62fc0ebeb84270b24f5 Mon Sep 17 00:00:00 2001
From: Bart Kamphorst <bart@kamphorst.com>
Date: Fri, 28 Dec 2018 22:57:13 +0100
Subject: [PATCH] Added tests for mathjax.config.js permissions. Fixed typo in
 permission regex.

---
 lib/gollum/app.rb | 4 ++--
 test/test_app.rb  | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/gollum/app.rb b/lib/gollum/app.rb
index 88bc9ce2..e2caa6ec 100644
--- a/lib/gollum/app.rb
+++ b/lib/gollum/app.rb
@@ -152,11 +152,11 @@ module Precious
         end
       end
 
-      get %r{/(edit|create)/(custom|mathjax\.config\.)\.(js|css)} do
+      get %r{/(edit|create)/(custom|mathjax\.config)\.(js|css)} do
         forbid('Changing this resource is not allowed.')
       end
 
-      post %r{/(delete|rename|edit|create)/(custom|mathjax\.config\.)\.(js|css)} do
+      post %r{/(delete|rename|edit|create)/(custom|mathjax\.config)\.(js|css)} do
         forbid('Changing this resource is not allowed.')
       end
 
diff --git a/test/test_app.rb b/test/test_app.rb
index 6c89c485..e4832283 100644
--- a/test/test_app.rb
+++ b/test/test_app.rb
@@ -524,6 +524,8 @@ context "Frontend" do
         get "/gollum/#{route}/custom#{ext}"
         assert_equal 403, last_response.status, "get /gollum/#{route}/custom#{ext} -- #{last_response.inspect}"
       end
+      get "/gollum/#{route}/mathjax.config.js"
+      assert_equal 403, last_response.status, "get /gollum/#{route}/mathjax.config.js -- #{last_response.inspect}"
     end
 
     ['delete', 'rename', 'edit', 'create'].each do |route|
@@ -531,6 +533,8 @@ context "Frontend" do
         post "/gollum/#{route}/custom#{ext}"
         assert_equal 403, last_response.status, "post /gollum/#{route}/custom#{ext} -- #{last_response.inspect}"
       end
+      post "/gollum/#{route}/mathjax.config.js"
+      assert_equal 403, last_response.status, "post /gollum/#{route}/mathjax.config.js -- #{last_response.inspect}"
     end
 
     ['.css', '.js'].each do |ext|