3 class Arvados::V1::GroupsControllerTest < ActionController::TestCase
5 test "attempt to delete group without read or write access" do
7 post :destroy, id: groups(:empty_lonely_group).uuid
11 test "attempt to delete group without write access" do
12 authorize_with :active
13 post :destroy, id: groups(:all_users).uuid
17 test "get list of projects" do
18 authorize_with :active
19 get :index, filters: [['group_class', 'in', ['project', 'folder']]], format: :json
20 assert_response :success
22 json_response['items'].each do |group|
23 assert_includes ['folder', 'project'], group['group_class']
24 group_uuids << group['uuid']
26 assert_includes group_uuids, groups(:aproject).uuid
27 assert_includes group_uuids, groups(:asubproject).uuid
28 assert_not_includes group_uuids, groups(:system_group).uuid
29 assert_not_includes group_uuids, groups(:private).uuid
32 test "get list of groups that are not projects" do
33 authorize_with :active
34 get :index, filters: [['group_class', '=', nil]], format: :json
35 assert_response :success
37 json_response['items'].each do |group|
38 assert_equal nil, group['group_class']
39 group_uuids << group['uuid']
41 assert_not_includes group_uuids, groups(:aproject).uuid
42 assert_not_includes group_uuids, groups(:asubproject).uuid
43 assert_includes group_uuids, groups(:private).uuid
46 test "get list of groups with bogus group_class" do
47 authorize_with :active
49 filters: [['group_class', '=', 'nogrouphasthislittleclass']],
52 assert_response :success
53 assert_equal [], json_response['items']
54 assert_equal 0, json_response['items_available']
57 def check_project_contents_response
58 assert_response :success
59 assert_operator 2, :<=, json_response['items_available']
60 assert_operator 2, :<=, json_response['items'].count
61 kinds = json_response['items'].collect { |i| i['kind'] }.uniq
62 expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job'
63 assert_equal expect_kinds, (expect_kinds & kinds)
66 test 'get group-owned objects' do
67 authorize_with :active
69 id: groups(:aproject).uuid,
73 check_project_contents_response
76 test "user with project read permission can see project objects" do
77 authorize_with :project_viewer
79 id: groups(:aproject).uuid,
83 check_project_contents_response
86 # Even though the project_viewer tests go through other controllers,
87 # I'm putting them here so they're easy to find alongside the other
89 def check_new_project_link_fails(link_attrs)
90 @controller = Arvados::V1::LinksController.new
92 link_class: "permission",
94 head_uuid: groups(:aproject).uuid,
96 assert_includes(403..422, response.status)
99 test "user with project read permission can't add users to it" do
100 authorize_with :project_viewer
101 check_new_project_link_fails(tail_uuid: users(:spectator).uuid)
104 test "user with project read permission can't add items to it" do
105 authorize_with :project_viewer
106 check_new_project_link_fails(tail_uuid: collections(:baz_file).uuid)
109 test "user with project read permission can't rename items in it" do
110 authorize_with :project_viewer
111 @controller = Arvados::V1::LinksController.new
113 id: links(:job_name_in_aproject).uuid,
114 link: {name: "Denied test name"},
116 assert_includes(403..404, response.status)
119 test "user with project read permission can't remove items from it" do
120 @controller = Arvados::V1::PipelineTemplatesController.new
121 authorize_with :project_viewer
123 id: links(:template_name_in_aproject).head_uuid,
125 owner_uuid: users(:project_viewer).uuid,
131 test "user with project read permission can't delete it" do
132 authorize_with :project_viewer
133 post :destroy, {id: groups(:aproject).uuid}
137 test 'get group-owned objects with limit' do
138 authorize_with :active
140 id: groups(:aproject).uuid,
144 assert_response :success
145 assert_operator 1, :<, json_response['items_available']
146 assert_equal 1, json_response['items'].count
149 test 'get group-owned objects with limit and offset' do
150 authorize_with :active
152 id: groups(:aproject).uuid,
157 assert_response :success
158 assert_operator 1, :<, json_response['items_available']
159 assert_equal 0, json_response['items'].count
162 test 'get group-owned objects with additional filter matching nothing' do
163 authorize_with :active
165 id: groups(:aproject).uuid,
166 filters: [['uuid', 'in', ['foo_not_a_uuid','bar_not_a_uuid']]],
169 assert_response :success
170 assert_equal [], json_response['items']
171 assert_equal 0, json_response['items_available']
174 test 'get group-owned objects without include_linked' do
175 unexpected_uuid = specimens(:in_aproject_linked_from_asubproject).uuid
176 authorize_with :active
178 id: groups(:asubproject).uuid,
181 assert_response :success
182 uuids = json_response['items'].collect { |i| i['uuid'] }
183 assert_equal nil, uuids.index(unexpected_uuid)
186 test 'get group-owned objects with include_linked' do
187 expected_uuid = specimens(:in_aproject_linked_from_asubproject).uuid
188 authorize_with :active
190 id: groups(:asubproject).uuid,
191 include_linked: true,
194 assert_response :success
195 uuids = json_response['items'].collect { |i| i['uuid'] }
196 assert_includes uuids, expected_uuid, "Did not get #{expected_uuid}"
198 expected_name = links(:specimen_is_in_two_projects).name
199 found_specimen_name = false
200 assert(json_response['links'].any?,
201 "Expected a non-empty array of links in response")
202 json_response['links'].each do |link|
203 if link['head_uuid'] == expected_uuid
204 if link['name'] == expected_name
205 found_specimen_name = true
209 assert(found_specimen_name,
210 "Expected to find name '#{expected_name}' in response")
213 [false, true].each do |inc_ind|
214 test "get all pages of group-owned #{'and -linked ' if inc_ind}objects" do
215 authorize_with :active
218 items_available = nil
222 # Behaving badly here, using the same controller multiple
223 # times within a test.
226 id: groups(:aproject).uuid,
227 include_linked: inc_ind,
232 assert_response :success
233 assert_operator(0, :<, json_response['items'].count,
234 "items_available=#{items_available} but received 0 "\
235 "items with offset=#{offset}")
236 items_available ||= json_response['items_available']
237 assert_equal(items_available, json_response['items_available'],
238 "items_available changed between page #{offset/limit} "\
239 "and page #{1+offset/limit}")
240 json_response['items'].each do |item|
242 assert_equal(nil, uuid_received[uuid],
243 "Received '#{uuid}' again on page #{1+offset/limit}")
244 uuid_received[uuid] = true
245 owner_received[item['owner_uuid']] = true
248 assert_equal groups(:aproject).uuid, item['owner_uuid']
251 break if offset >= items_available
254 assert_operator 0, :<, (json_response.keys - [users(:active).uuid]).count,
255 "Set include_linked=true but did not receive any non-owned items"
260 %w(offset limit).each do |arg|
261 ['foo', '', '1234five', '0x10', '-8'].each do |val|
262 test "Raise error on bogus #{arg} parameter #{val.inspect}" do
263 authorize_with :active
265 :id => groups(:aproject).uuid,
274 test 'get writable_by list for owned group' do
275 authorize_with :active
277 id: groups(:aproject).uuid,
280 assert_response :success
281 assert_not_nil(json_response['writable_by'],
282 "Should receive uuid list in 'writable_by' field")
283 assert_includes(json_response['writable_by'], users(:active).uuid,
284 "owner should be included in writable_by list")
287 test 'no writable_by list for group with read-only access' do
288 authorize_with :rominiadmin
290 id: groups(:testusergroup_admins).uuid,
293 assert_response :success
294 assert_nil(json_response['writable_by'],
295 "Should not receive uuid list in 'writable_by' field")
298 test 'get writable_by list by admin user' do
299 authorize_with :admin
301 id: groups(:testusergroup_admins).uuid,
304 assert_response :success
305 assert_not_nil(json_response['writable_by'],
306 "Should receive uuid list in 'writable_by' field")
307 assert_includes(json_response['writable_by'],
309 "Current user should be included in 'writable_by' field")