image_vise 0.2.1 → 0.2.2

data/lib/image_vise/render_engine.rb

@@ -0,0 +1,298 @@
+  class ImageVise::RenderEngine
+  class UnsupportedInputFormat < StandardError; end
+  class EmptyRender < StandardError; end
+
+  DEFAULT_HEADERS = {
+    'Allow' => "GET"
+  }.freeze
+
+  # Headers for error responses that denote an invalid or
+  # an unsatisfiable request
+  JSON_ERROR_HEADERS_REQUEST = DEFAULT_HEADERS.merge({
+    'Content-Type' => 'application/json',
+    'Cache-Control' => 'public, max-age=600'
+  }).freeze
+
+  # Headers for error responses that denote
+  # an intermittent error (that permit retries)
+  JSON_ERROR_HEADERS_INTERMITTENT = DEFAULT_HEADERS.merge({
+    'Content-Type' => 'application/json',
+    'Cache-Control' => 'public, max-age=5'
+  }).freeze
+
+  # "public" of course. Add max-age so that there is _some_
+  # revalidation after a time (otherwise some proxies treat it
+  # as "must-revalidate" always), and "no-transform" so that
+  # various deflate schemes are not applied to it (does happen
+  # with Rack::Cache and leads Chrome to throw up on content
+  # decoding for example).
+  IMAGE_CACHE_CONTROL = 'public, no-transform, max-age=2592000'
+
+  # How long is a render (the ImageMagick/write part) is allowed to
+  # take before we kill it
+  RENDER_TIMEOUT_SECONDS = 10
+
+  # Which input files we permit (based on extensions stored in MagicBytes)
+  PERMITTED_SOURCE_FILE_EXTENSIONS = %w( gif png jpg psd tif)
+
+  # How long should we wait when fetching the image from the external host
+  EXTERNAL_IMAGE_FETCH_TIMEOUT_SECONDS = 4
+
+  def bail(status, *errors_array)
+    headers = if (300...500).cover?(status)
+      JSON_ERROR_HEADERS_REQUEST.dup
+    else
+      JSON_ERROR_HEADERS_INTERMITTENT.dup
+    end
+    response = [status.to_i, headers, [JSON.pretty_generate({errors: errors_array})]]
+    throw :__bail, response
+  end
+
+  # The main entry point for the Rack app. Wraps a call to {#handle_request} in a `catch{}` block
+  # so that any method can abort the request by calling {#bail}
+  #
+  # @param env[Hash] the Rack env
+  # @return [Array] the Rack response
+  def call(env)
+    catch(:__bail) { handle_request(env) }
+  end
+
+  # Hadles the Rack request. If one of the steps calls {#bail} the `:__bail` symbol will be
+  # thrown and the execution will abort. Any errors will cause either an error response in
+  # JSON format or an Exception will be raised (depending on the return value of `raise_exceptions?`)
+  #
+  # @param env[Hash] the Rack env
+  # @return [Array] the Rack response
+  def handle_request(env)
+    setup_error_handling(env)
+
+    # Assume that if _any_ ETag is given the image is being requested anew as a refetch,
+    # and the client already has it. Just respond with a 304.
+    return [304, DEFAULT_HEADERS.dup, []] if env['HTTP_IF_NONE_MATCH']
+
+    req = parse_env_into_request(env)
+    bail(405, 'Only GET supported') unless req.get?
+    params = extract_params_from_request(req)
+
+    image_request = ImageVise::ImageRequest.from_params(qs_params: params, secrets: ImageVise.secret_keys)
+    render_destination_file, render_file_type, etag = process_image_request(image_request)
+    image_rack_response(render_destination_file, render_file_type, etag)
+  rescue *permanent_failures => e
+    handle_request_error(e)
+    http_status_code = e.respond_to?(:http_status) ? e.http_status : 400
+    raise_exception_or_error_response(e, http_status_code)
+  rescue Exception => e
+    if http_status_code = (e.respond_to?(:http_status) && e.http_status)
+      handle_request_error(e)
+      raise_exception_or_error_response(e, http_status_code)
+    else
+      handle_generic_error(e)
+      raise_exception_or_error_response(e, 500)
+    end
+  end
+
+  # Parses the Rack environment into a Rack::Reqest. The following methods
+  # are going to be called on it: `#get?` and `#params`. You can use this
+  # method to override path-to-parameter translation for example.
+  #
+  # @param rack_env[Hash] the Rack environment
+  # @return [#get?, #params] the Rack request or a compatible object
+  def parse_env_into_request(rack_env)
+    Rack::Request.new(rack_env)
+  end
+
+  # Extracts the image params from the Rack::Request
+  #
+  # @param rack_request[#path_info] an object that has a path info
+  # @return [Hash] the params hash with `:q` and `:sig` keys
+  def extract_params_from_request(rack_request)
+    # Prevent cache bypass DOS attacks by only permitting :sig and :q
+    bail(400, 'Query strings are not supported') if rack_request.params.any?
+
+    # Extract the tail (signature) and the front (the Base64-encoded request).
+    # Slashes within :q are masked by ImageRequest already, so we don't have
+    # to worry about them.
+    *, q_from_path, sig_from_path = rack_request.path_info.split('/')
+
+    # Raise if any of them are empty or blank
+    nothing_recovered = [q_from_path, sig_from_path].all?{|v| v.nil? || v.empty? }
+    bail(400, 'Need 2 usable path components') if nothing_recovered
+
+    {q: q_from_path, sig: sig_from_path}
+  end
+
+  # Processes the ImageRequest object created from the request parameters,
+  # and returns a triplet of the File object containing the rendered image,
+  # the MagicBytes::FileType object of the render, and the cache ETag value
+  # representing the processing pipeline
+  #
+  # @param image_request[ImageVise::ImageRequest] the request for the image
+  # @return [Array<File, MagicBytes::FileType, String]
+  def process_image_request(image_request)
+    # Recover the source image URL and the pipeline instructions (all the image ops)
+    source_image_uri, pipeline = image_request.src_url, image_request.pipeline
+    raise 'Image pipeline has no operators' if pipeline.empty?
+
+    # Compute an ETag which describes this image transform + image source location.
+    # Assume the image URL contents does _never_ change.
+    etag = image_request.cache_etag
+
+    # Download/copy the original into a Tempfile
+    fetcher = ImageVise.fetcher_for(source_image_uri.scheme)
+    source_file = fetcher.fetch_uri_to_tempfile(source_image_uri)
+
+    # Make sure we do not try to process something...questionable
+    source_file_type = detect_file_type(source_file)
+    unless source_file_type_permitted?(source_file_type)
+      raise UnsupportedInputFormat.new("Unsupported/unknown input file format .%s" % source_file_type.ext)
+    end
+
+    render_destination_file = Tempfile.new('imagevise-render').tap{|f| f.binmode }
+
+    # Do the actual imaging stuff
+    apply_pipeline(source_file.path, pipeline, source_file_type, render_destination_file.path)
+
+    # Catch this one early
+    render_destination_file.rewind
+    raise EmptyRender, "The rendered image was empty" if render_destination_file.size.zero?
+
+    render_file_type = detect_file_type(render_destination_file)
+    [render_destination_file, render_file_type, etag]
+  ensure
+    ImageVise.close_and_unlink(source_file)
+  end
+
+  # Returns a Rack response triplet. Accepts the return value of
+  # `process_image_request` unsplatted, and returns a triplet that
+  # can be returned as a Rack response. The Rack response will contain
+  # an iterable body object that is designed to automatically delete
+  # the Tempfile it wraps on close.
+  #
+  # @param render_destination_file[File] the File handle to the rendered image
+  # @param render_file_type[MagicBytes::FileType] the rendered file type
+  # @param etag[String] the ETag for the response
+  def image_rack_response(render_destination_file, render_file_type, etag)
+    response_headers = DEFAULT_HEADERS.merge({
+      'Content-Type' => render_file_type.mime,
+      'Content-Length' => '%d' % render_destination_file.size,
+      'Cache-Control' => IMAGE_CACHE_CONTROL,
+      'ETag' => etag
+    })
+
+    # Wrap the body Tempfile with a self-closing response.
+    # Once the response is read in full, the tempfile is going to be closed and unlinked.
+    [200, response_headers, ImageVise::FileResponse.new(render_destination_file)]
+  end
+
+  # Depending on `raise_exceptions?` will either raise the passed Exception,
+  # or force the application to return the error in the Rack response.
+  #
+  # @param exception[Exception] the error that has to be captured
+  # @param status_code[Fixnum] the HTTP status code
+  def raise_exception_or_error_response(exception, status_code)
+    if raise_exceptions?
+      raise exception
+    else
+      bail status_code, exception.message
+    end
+  end
+
+  # Detects the file type of the given File and returns
+  # a MagicBytes::FileType object that contains the extension and
+  # the MIME type.
+  #
+  # @param tempfile[File] the file to perform detection on
+  # @return [MagicBytes::FileType] the detected file type
+  def detect_file_type(tempfile)
+    tempfile.rewind
+    MagicBytes.read_and_detect(tempfile).tap { tempfile.rewind }
+  end
+
+  # Tells whether the given file type may be loaded into the image processor.
+  #
+  # @param magic_bytes_file_info[MagicBytes::FileType] the filetype
+  # @return [Boolean]
+  def source_file_type_permitted?(magic_bytes_file_info)
+    PERMITTED_SOURCE_FILE_EXTENSIONS.include?(magic_bytes_file_info.ext)
+  end
+
+  # Lists exceptions that should lead to the request being flagged
+  # as invalid (4xx as opposed to 5xx for a generic server error).
+  # Decent clients should _not_ retry those requests.
+  def permanent_failures
+    [
+      Magick::ImageMagickError,
+      UnsupportedInputFormat,
+      ImageVise::ImageRequest::InvalidRequest
+    ]
+  end
+
+  # Is meant to be overridden by subclasses,
+  # will be called at the start of each request to set up the error handling
+  # library (Appsignal, Honeybadger, Sentry...)
+  #
+  # @param rack_env[Hash] the Rack env
+  # @return [void]
+  def setup_error_handling(rack_env)
+  end
+
+  # Is meant to be overridden by subclasses,
+  # will be called when a request fails due to a malformed query string,
+  # unrecognized signature or other client-induced problems. The method
+  # should _not_ re-raise the exception.
+  #
+  # @param exception[Exception] the exception to be handled
+  # @return [void]
+  def handle_request_error(exception)
+  end
+
+  # Is meant to be overridden by subclasses,
+  # will be called when a request fails due to an error on the server
+  # (like an unexpected error in an image operator). The method
+  # should _not_ re-raise the exception.
+  #
+  # @param exception[Exception] the exception to be handled
+  # @return [void]
+  def handle_generic_error(exception)
+  end
+
+  # Tells whether the engine must raise the exceptions further up the Rack stack,
+  # or they should be suppressed and a JSON response must be returned.
+  #
+  # @return [Boolean]
+  def raise_exceptions?
+    false
+  end
+
+  # Applies the given {ImageVise::Pipeline} to the image, and writes the render to
+  # the given path.
+  #
+  # @param source_file_path[String] the path to the file containing the source image
+  # @param pipeline[#apply!(Magick::Image)] the processing pipeline
+  # @param render_to_path[String] the path to write the rendered image to
+  # @return [void]
+  def apply_pipeline(source_file_path, pipeline, source_file_type, render_to_path)
+    render_file_type = source_file_type
+
+    # Load the first frame of the animated GIF _or_ the blended compatibility layer from Photoshop
+    image_list = Magick::Image.read(source_file_path)
+    magick_image = image_list.first # Picks up the "precomp" PSD layer in compatibility mode, or the first frame of a GIF
+
+    # If any operators want to stash some data for downstream use we use this Hash
+    metadata = {}
+
+    # Apply the pipeline (all the image operators)
+    pipeline.apply!(magick_image, metadata)
+
+    # Write out the file honoring the possible injected metadata. One of the metadata
+    # elements (that an operator might want to alter) is the :writer, we forcibly #fetch
+    # it so that we get a KeyError if some operator has deleted it without providing a replacement.
+    # If no operators touched the writer we are going to use the automatic format selection
+    writer = metadata.fetch(:writer, ImageVise::AutoWriter.new)
+    writer.write_image!(magick_image, metadata, render_to_path)
+  ensure
+    # destroy all the loaded images explicitly
+    (image_list || []).map {|img| ImageVise.destroy(img) }
+  end
+
+end

data/lib/image_vise/version.rb

@@ -0,0 +1,3 @@
+class ImageVise
+  VERSION = '0.2.2'
+end

data/lib/image_vise/writers/auto_writer.rb

@@ -0,0 +1,23 @@
+# Picks the most reasonable "default" output format for web resources. In practice, if the
+# image contains transparency (an alpha channel) PNG will be chosen, and if not - JPEG will
+# be chosen. Since ImageVise URLs do not contain a file extension we are free to pick
+# the suitable format at render time
+class ImageVise::AutoWriter
+  # The default file type for images with alpha
+  PNG_FILE_TYPE = MagicBytes::FileType.new('png','image/png').freeze
+
+  # Renders the file as a jpg if the custom output filetype operator is used
+  JPG_FILE_TYPE = MagicBytes::FileType.new('jpg','image/jpeg').freeze
+  
+  def write_image!(magick_image, _, render_to_path)
+    # If processing the image has created an alpha channel, use PNG always.
+    # Otherwise, keep the original format for as far as the supported formats list goes.
+    render_file_type = if magick_image.alpha?
+      PNG_FILE_TYPE
+    else
+      JPG_FILE_TYPE
+    end
+    magick_image.format = render_file_type.ext
+    magick_image.write(render_to_path)
+  end
+end

data/lib/image_vise/writers/jpeg_writer.rb

@@ -0,0 +1,9 @@
+class ImageVise::JPGWriter < Ks.strict(:quality)
+  JPG_FILE_TYPE = MagicBytes::FileType.new('jpg','image/jpeg').freeze
+
+  def write_image!(magick_image, _, render_to_path)
+    q = self.quality  # to avoid the changing "self" context
+    magick_image.format = JPG_FILE_TYPE.ext
+    magick_image.write(render_to_path) { self.quality = q }
+  end
+end

data/lib/image_vise.rb

@@ -0,0 +1,177 @@
+require 'ks'
+require 'json'
+require 'patron'
+require 'rmagick'
+require 'magic_bytes'
+require 'thread'
+require 'base64'
+require 'rack'
+
+class ImageVise
+  require_relative 'image_vise/version'
+  S_MUTEX = Mutex.new
+  private_constant :S_MUTEX
+
+  @allowed_hosts = Set.new
+  @keys = Set.new
+  @operators = {}
+  @allowed_glob_patterns = Set.new
+  @fetchers = {}
+
+  class << self
+    # Resets all allowed hosts
+    def reset_allowed_hosts!
+      S_MUTEX.synchronize { @allowed_hosts.clear }
+    end
+
+    # Add an allowed host
+    def add_allowed_host!(hostname)
+      S_MUTEX.synchronize { @allowed_hosts << hostname }
+    end
+
+    # Returns both the allowed hosts added at runtime and the ones set in the constant
+    def allowed_hosts
+      S_MUTEX.synchronize { @allowed_hosts.to_a }
+    end
+
+    # Removes all set keys
+    def reset_secret_keys!
+      S_MUTEX.synchronize { @keys.clear }
+    end
+
+    def allow_filesystem_source!(glob_pattern)
+      S_MUTEX.synchronize { @allowed_glob_patterns << glob_pattern }
+    end
+
+    def allowed_filesystem_sources
+      S_MUTEX.synchronize { @allowed_glob_patterns.to_a }
+    end
+
+    def deny_filesystem_sources!
+      S_MUTEX.synchronize { @allowed_glob_patterns.clear }
+    end
+
+    # Adds a key against which the parameters are going to be verified.
+    # Multiple applications may have their own different keys,
+    # so we need to have multiple keys.
+    def add_secret_key!(key)
+      S_MUTEX.synchronize { @keys << key }
+      self
+    end
+
+    # Returns the array of defined keys or raises an exception if no keys have been set yet
+    def secret_keys
+      keys = S_MUTEX.synchronize { @keys.any? && @keys.to_a }
+      keys or raise "No keys set, add a key using `ImageVise.add_secret_key!(key)'"
+    end
+
+    # Generate a set of querystring params for a resized image. Yields a Pipeline object that
+    # will receive method calls for adding image operations to a stack.
+    #
+    #   ImageVise.image_params(src_url: image_url_on_s3, secret: '...') do |p|
+    #      p.center_fit width: 128, height: 128
+    #      p.elliptic_stencil
+    #   end #=> {q: '...', sig: '...'}
+    #
+    # The query string elements can be then passed on to RenderEngine for validation and execution.
+    #
+    # @yield {ImageVise::Pipeline}
+    # @return [Hash]
+    def image_params(src_url:, secret:)
+      p = Pipeline.new
+      yield(p)
+      raise ArgumentError, "Image pipeline has no steps defined" if p.empty?
+      ImageRequest.new(src_url: URI(src_url), pipeline: p).to_query_string_params(secret)
+    end
+
+    # Generate a path for a resized image. Yields a Pipeline object that
+    # will receive method calls for adding image operations to a stack.
+    #
+    #   ImageVise.image_path(src_url: image_url_on_s3, secret: '...') do |p|
+    #      p.center_fit width: 128, height: 128
+    #      p.elliptic_stencil
+    #   end #=> "/abcdef/xyz123"
+    #
+    # The query string elements can be then passed on to RenderEngine for validation and execution.
+    #
+    # @yield {ImageVise::Pipeline}
+    # @return [String]
+    def image_path(src_url:, secret:)
+      p = Pipeline.new
+      yield(p)
+      raise ArgumentError, "Image pipeline has no steps defined" if p.empty?
+      ImageRequest.new(src_url: URI(src_url), pipeline: p).to_path_params(secret)
+    end
+
+    # Adds an operator
+    def add_operator(operator_name, object_responding_to_new)
+      @operators[operator_name.to_s] = object_responding_to_new
+    end
+
+    # Gets an operator by name
+    def operator_from(operator_name)
+      @operators.fetch(operator_name.to_s)
+    end
+
+    def defined_operator_names
+      @operators.keys
+    end
+
+    def register_fetcher(scheme, fetcher)
+      S_MUTEX.synchronize { @fetchers[scheme.to_s] = fetcher }
+    end
+
+    def fetcher_for(scheme)
+      S_MUTEX.synchronize { @fetchers[scheme.to_s] or raise "No fetcher registered for #{scheme}" }
+    end
+
+    def operator_name_for(operator)
+      S_MUTEX.synchronize do
+        @operators.key(operator.class) or raise "Operator #{operator.inspect} not registered using ImageVise.add_operator"
+      end
+    end
+  end
+
+  # Made available since the object that is used with `mount()` in Rails
+  # has to, by itself, to respond to `call`.
+  #
+  # Thanks to this method you can do this:
+  #
+  #   mount ImageVise => '/thumbnails'
+  #
+  # instead of having to do
+  #
+  #   mount ImageVise.new => '/thumbnails'
+  #
+  def self.call(rack_env)
+    ImageVise::RenderEngine.new.call(rack_env)
+  end
+
+  def call(rack_env)
+    ImageVise::RenderEngine.new.call(rack_env)
+  end
+
+  # Used as a shorthand to force-destroy Magick images in ensure() blocks. Since
+  # ensure blocks sometimes deal with variables in inconsistent states (variable
+  # in scope but not yet set to an image) we take the possibility of nils into account.
+  # We also deal with Magick::Image objects that already have been destroyed in a clean manner.
+  def self.destroy(maybe_image)
+    return unless maybe_image
+    return unless maybe_image.respond_to?(:destroy!)
+    return if maybe_image.destroyed?
+    maybe_image.destroy!
+  end
+
+  # Used as a shorthand to force-dealloc Tempfiles in an ensure() blocks. Since
+  # ensure blocks sometimes deal with variables in inconsistent states (variable
+  # in scope but not yet set to an image) we take the possibility of nils into account.
+  def self.close_and_unlink(maybe_tempfile)
+    return unless maybe_tempfile
+    maybe_tempfile.close unless maybe_tempfile.closed?
+    maybe_tempfile.unlink
+  end
+end
+
+Dir.glob(__dir__ + '/**/*.rb').sort.each do |f|
+  require f unless f == File.expand_path(__FILE__)
+end

data/spec/image_vise/auto_orient_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+describe ImageVise::AutoOrient do
+  it 'applies auto orient to the image' do
+    image = Magick::Image.read(test_image_path)[0]
+    orient = described_class.new
+    expect(image).to receive(:auto_orient!).and_call_original
+    orient.apply!(image)
+  end
+end

data/spec/image_vise/background_fill_spec.rb

@@ -0,0 +1,39 @@
+require_relative '../spec_helper'
+
+describe ImageVise::BackgroundFill do
+
+  it 'refuses empty parameters' do
+    expect { described_class.new(color:"") }.to raise_error(ArgumentError)
+  end
+
+  it 'successfully exports a png with a fill' do
+    image = Magick::Image.read(test_image_png_transparency)[0]
+    expect(image).to be_alpha
+    background_fill = described_class.new(color: 'white')
+    background_fill.apply!(image)
+
+    expect(image).to_not be_alpha
+    examine_image(image, "set-color-to-white")
+  end
+
+  it 'can be passed CSS word colors and process them consistently' do
+    image = Magick::Image.read(test_image_png_transparency)[0]
+
+    background_fill = described_class.new(color: 'green')
+    background_fill.apply!(image)
+    hex_color = image.pixel_color(720,248).to_color(Magick::AllCompliance,matte=false, 8, hex=true)
+
+    expect(hex_color).to eq("#008000")
+    examine_image(image, "set-color-to-green")
+  end
+
+  it 'can be passed hex colors and process them consistently' do
+    image = Magick::Image.read(test_image_png_transparency)[0]
+    background_fill = described_class.new(color: '#ffebcd')
+    background_fill.apply!(image)
+    hex_color = image.pixel_color(720,248).to_color(Magick::AllCompliance,matte=false, 8, hex=true)
+
+    expect(hex_color).to eq("#FFEBCD")
+    examine_image(image, "set-color-to-blanched-almond")
+  end
+end

data/spec/image_vise/crop_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe ImageVise::Crop do
+  it 'refuses invalid parameters' do
+    expect { described_class.new(width: 0, height: -1, gravity: '') }.to raise_error(ArgumentError)
+  end
+  
+  it 'applies the crop with different gravities' do
+    %w( s sw se n ne nw c).each do |gravity|
+      image = Magick::Image.read(test_image_path)[0]
+      crop = described_class.new(width: 120, height: 220, gravity: gravity)
+
+      crop.apply!(image)
+
+      expect(image.columns).to eq(120)
+      expect(image.rows).to eq(220)
+      examine_image(image, "gravity-%s-" % gravity)
+    end
+  end
+end

data/spec/image_vise/ellipse_stencil_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+describe ImageVise::EllipseStencil do
+  it 'applies the circle stencil' do
+    image = Magick::Image.read(test_image_path)[0]
+    stencil = described_class.new
+    stencil.apply!(image)
+    examine_image(image, "circle-stencil")
+  end
+
+  it 'applies the circle stencil to a png with transparency' do
+    png_transparent_path = File.expand_path(__dir__ + '/../waterside_magic_hour_transp.png')
+    image = Magick::Image.read(png_transparent_path)[0]
+    stencil = described_class.new
+    stencil.apply!(image)
+    examine_image(image, "circle-stencil-transparent-bg")
+  end
+end

data/spec/image_vise/fetcher_file_spec.rb

@@ -0,0 +1,48 @@
+require_relative '../spec_helper'
+
+describe ImageVise::FetcherFile do
+  it 'is a class (can be inherited from)' do
+    expect(ImageVise::FetcherFile).to be_kind_of(Class)
+  end
+
+  it 'is registered as a fetcher for file://' do
+    expect(ImageVise.fetcher_for('file')).to eq(ImageVise::FetcherFile)
+  end
+  
+  it 'returns a Tempfile containing this test suite' do
+    path = File.expand_path(__FILE__)
+    ruby_files_in_this_directory = __dir__ + '/*.rb'
+    ImageVise.allow_filesystem_source! ruby_files_in_this_directory
+    
+    uri = URI('file://' + URI.encode(path))
+    fetched = ImageVise::FetcherFile.fetch_uri_to_tempfile(uri)
+
+    expect(fetched).to be_kind_of(Tempfile)
+    expect(fetched.size).to eq(File.size(__FILE__))
+    expect(fetched.pos).to be_zero
+  end
+
+  it 'raises a meaningful exception if no file sources are permitted' do
+    path = File.expand_path(__FILE__)
+
+    ImageVise.deny_filesystem_sources!
+
+    uri = URI('file://' + URI.encode(path))
+    expect {
+      ImageVise::FetcherFile.fetch_uri_to_tempfile(uri)
+    }.to raise_error(ImageVise::FetcherFile::AccessError)
+  end
+  
+  it 'raises a meaningful exception if this file is not permitted as source' do
+    path = File.expand_path(__FILE__)
+
+    text_files_in_this_directory = __dir__ + '/*.txt'
+    ImageVise.deny_filesystem_sources!
+    ImageVise.allow_filesystem_source! text_files_in_this_directory
+
+    uri = URI('file://' + URI.encode(path))
+    expect {
+      ImageVise::FetcherFile.fetch_uri_to_tempfile(uri)
+    }.to raise_error(ImageVise::FetcherFile::AccessError)
+  end
+end