Tests for private file transfers

Broadening the scope.

I'll try to take on this one.
I'll give you status in a few hours.

Edit: i need to enable upload module too :)
Edit2: i now saw that is is already enabled ('parent::setUp('upload');')

I'm working on the test but i have a problem at "determine the download URL of the uploaded file". In our case the download URL of the uploaded file should be in the form of 'system/files/FILENAME' right ? Not something like file_directory_path() . '/FILENAME'.

@andreiashu: you can probably directly use file_create_url().

It needs some little more work. I'll review it in a couple of hours.
@Damien Tournoud: thanks, it your suggestion came at the right time.

Quick review:

+    $edit = array();
+    $edit['file_directory_path'] = variable_get('file_directory_path', 'sites/default/files');
+    $edit['file_directory_temp'] = variable_get('file_directory_temp', '/tmp');
+    $edit['file_downloads'] = 2;
+    $this->drupalPost('admin/settings/file-system', $edit, t('Save configuration'));
+    $this->assertText('The configuration options have been saved.', 'Download method saved.');

You don't need to specify items that you don't want to change (here you can drop 'file_directory_path' and 'file_downloads'). Also, please use the FILE_DOWNLOADS_PRIVATE constant instead of the '2').

+      $this->assertResponse(array(200), 'Uploaded ' . $file_url . ' is accessible for users with \'view uploaded files\' permission.');
+      $this->assertResponse(array(403), 'Uploaded ' . basename($files[0]) . ' is not accessible for users without \'view uploaded files\' permission.');

The assert messages have to go thru t() (even if they are not translated, yet). That will allow you to write them in the form t("Uploaded @file is accessible for user with the 'view uploaded files' permission.", array('@file' => $file_url)). Also, please use " when you need to have single-quotes in your strings. That's cleaner.

Finally, you should extend UploadTestCase or integrate your test in that class. This way, you wouldn't have to redefine uploadFile() and checkUploadedFile().

Refactored.
Edit: reattached the correct patch this time.

As there is ongoing work already why did you move this to the testing party?