3 class Arvados::V1::GroupsControllerTest < ActionController::TestCase
5 test "attempt to delete group without read or write access" do
7 post :destroy, id: groups(:empty_lonely_group).uuid
11 test "attempt to delete group without write access" do
12 authorize_with :active
13 post :destroy, id: groups(:all_users).uuid
17 test "get list of projects" do
18 authorize_with :active
19 get :index, filters: [['group_class', '=', 'project']], format: :json
20 assert_response :success
22 json_response['items'].each do |group|
23 assert_equal 'project', group['group_class']
24 group_uuids << group['uuid']
26 assert_includes group_uuids, groups(:aproject).uuid
27 assert_includes group_uuids, groups(:asubproject).uuid
28 assert_not_includes group_uuids, groups(:system_group).uuid
29 assert_not_includes group_uuids, groups(:private).uuid
32 test "get list of groups that are not projects" do
33 authorize_with :active
34 get :index, filters: [['group_class', '!=', 'project']], format: :json
35 assert_response :success
37 json_response['items'].each do |group|
38 assert_not_equal 'project', group['group_class']
39 group_uuids << group['uuid']
41 assert_not_includes group_uuids, groups(:aproject).uuid
42 assert_not_includes group_uuids, groups(:asubproject).uuid
43 assert_includes group_uuids, groups(:private).uuid
46 test "get list of groups with bogus group_class" do
47 authorize_with :active
49 filters: [['group_class', '=', 'nogrouphasthislittleclass']],
52 assert_response :success
53 assert_equal [], json_response['items']
54 assert_equal 0, json_response['items_available']
57 def check_project_contents_response
58 assert_response :success
59 assert_operator 2, :<=, json_response['items_available']
60 assert_operator 2, :<=, json_response['items'].count
61 kinds = json_response['items'].collect { |i| i['kind'] }.uniq
62 expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job'
63 assert_equal expect_kinds, (expect_kinds & kinds)
65 json_response['items'].each do |i|
66 if i['kind'] == 'arvados#group'
67 assert(i['group_class'] == 'project',
68 "group#contents returned a non-project group")
73 test 'get group-owned objects' do
74 authorize_with :active
76 id: groups(:aproject).uuid,
80 check_project_contents_response
83 test "user with project read permission can see project objects" do
84 authorize_with :project_viewer
86 id: groups(:aproject).uuid,
90 check_project_contents_response
93 test "list objects across projects" do
94 authorize_with :project_viewer
97 filters: [['uuid', 'is_a', 'arvados#specimen']]
99 assert_response :success
100 found_uuids = json_response['items'].collect { |i| i['uuid'] }
101 [[:in_aproject, true],
102 [:in_asubproject, true],
103 [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
105 assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
107 refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
112 test "list objects in home project" do
113 authorize_with :active
116 id: users(:active).uuid
118 assert_response :success
119 found_uuids = json_response['items'].collect { |i| i['uuid'] }
120 assert_includes found_uuids, specimens(:owned_by_active_user).uuid, "specimen did not appear in home project"
121 refute_includes found_uuids, specimens(:in_asubproject).uuid, "specimen appeared unexpectedly in home project"
124 test "user with project read permission can see project collections" do
125 authorize_with :project_viewer
127 id: groups(:asubproject).uuid,
130 ids = json_response['items'].map { |item| item["uuid"] }
131 assert_includes ids, collections(:baz_file_in_asubproject).uuid
134 test 'list objects across multiple projects' do
135 authorize_with :project_viewer
138 include_linked: false,
139 filters: [['uuid', 'is_a', 'arvados#specimen']]
141 assert_response :success
142 found_uuids = json_response['items'].collect { |i| i['uuid'] }
143 [[:in_aproject, true],
144 [:in_asubproject, true],
145 [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
147 assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
149 refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
154 # Even though the project_viewer tests go through other controllers,
155 # I'm putting them here so they're easy to find alongside the other
157 def check_new_project_link_fails(link_attrs)
158 @controller = Arvados::V1::LinksController.new
159 post :create, link: {
160 link_class: "permission",
162 head_uuid: groups(:aproject).uuid,
164 assert_includes(403..422, response.status)
167 test "user with project read permission can't add users to it" do
168 authorize_with :project_viewer
169 check_new_project_link_fails(tail_uuid: users(:spectator).uuid)
172 test "user with project read permission can't add items to it" do
173 authorize_with :project_viewer
174 check_new_project_link_fails(tail_uuid: collections(:baz_file).uuid)
177 test "user with project read permission can't rename items in it" do
178 authorize_with :project_viewer
179 @controller = Arvados::V1::LinksController.new
181 id: jobs(:running).uuid,
182 name: "Denied test name",
184 assert_includes(403..404, response.status)
187 test "user with project read permission can't remove items from it" do
188 @controller = Arvados::V1::PipelineTemplatesController.new
189 authorize_with :project_viewer
191 id: pipeline_templates(:two_part).uuid,
193 owner_uuid: users(:project_viewer).uuid,
199 test "user with project read permission can't delete it" do
200 authorize_with :project_viewer
201 post :destroy, {id: groups(:aproject).uuid}
205 test 'get group-owned objects with limit' do
206 authorize_with :active
208 id: groups(:aproject).uuid,
212 assert_response :success
213 assert_operator 1, :<, json_response['items_available']
214 assert_equal 1, json_response['items'].count
217 test 'get group-owned objects with limit and offset' do
218 authorize_with :active
220 id: groups(:aproject).uuid,
225 assert_response :success
226 assert_operator 1, :<, json_response['items_available']
227 assert_equal 0, json_response['items'].count
230 test 'get group-owned objects with additional filter matching nothing' do
231 authorize_with :active
233 id: groups(:aproject).uuid,
234 filters: [['uuid', 'in', ['foo_not_a_uuid','bar_not_a_uuid']]],
237 assert_response :success
238 assert_equal [], json_response['items']
239 assert_equal 0, json_response['items_available']
242 test "get all pages of group-owned objects" do
243 authorize_with :active
246 items_available = nil
250 # Behaving badly here, using the same controller multiple
251 # times within a test.
254 id: groups(:aproject).uuid,
259 assert_response :success
260 assert_operator(0, :<, json_response['items'].count,
261 "items_available=#{items_available} but received 0 "\
262 "items with offset=#{offset}")
263 items_available ||= json_response['items_available']
264 assert_equal(items_available, json_response['items_available'],
265 "items_available changed between page #{offset/limit} "\
266 "and page #{1+offset/limit}")
267 json_response['items'].each do |item|
269 assert_equal(nil, uuid_received[uuid],
270 "Received '#{uuid}' again on page #{1+offset/limit}")
271 uuid_received[uuid] = true
272 owner_received[item['owner_uuid']] = true
274 assert_equal groups(:aproject).uuid, item['owner_uuid']
276 break if offset >= items_available
280 %w(offset limit).each do |arg|
281 ['foo', '', '1234five', '0x10', '-8'].each do |val|
282 test "Raise error on bogus #{arg} parameter #{val.inspect}" do
283 authorize_with :active
285 :id => groups(:aproject).uuid,
294 test 'get writable_by list for owned group' do
295 authorize_with :active
297 id: groups(:aproject).uuid,
300 assert_response :success
301 assert_not_nil(json_response['writable_by'],
302 "Should receive uuid list in 'writable_by' field")
303 assert_includes(json_response['writable_by'], users(:active).uuid,
304 "owner should be included in writable_by list")
307 test 'no writable_by list for group with read-only access' do
308 authorize_with :rominiadmin
310 id: groups(:testusergroup_admins).uuid,
313 assert_response :success
314 assert_equal([json_response['owner_uuid']],
315 json_response['writable_by'],
316 "Should only see owner_uuid in 'writable_by' field")
319 test 'get writable_by list by admin user' do
320 authorize_with :admin
322 id: groups(:testusergroup_admins).uuid,
325 assert_response :success
326 assert_not_nil(json_response['writable_by'],
327 "Should receive uuid list in 'writable_by' field")
328 assert_includes(json_response['writable_by'],
330 "Current user should be included in 'writable_by' field")