3 class Arvados::V1::GroupsControllerTest < ActionController::TestCase
5 test "attempt to delete group without read or write access" do
7 post :destroy, id: groups(:empty_lonely_group).uuid
11 test "attempt to delete group without write access" do
12 authorize_with :active
13 post :destroy, id: groups(:all_users).uuid
17 test "get list of projects" do
18 authorize_with :active
19 get :index, filters: [['group_class', '=', 'project']], format: :json
20 assert_response :success
22 json_response['items'].each do |group|
23 assert_equal 'project', group['group_class']
24 group_uuids << group['uuid']
26 assert_includes group_uuids, groups(:aproject).uuid
27 assert_includes group_uuids, groups(:asubproject).uuid
28 assert_not_includes group_uuids, groups(:system_group).uuid
29 assert_not_includes group_uuids, groups(:private).uuid
32 test "get list of groups that are not projects" do
33 authorize_with :active
34 get :index, filters: [['group_class', '!=', 'project']], format: :json
35 assert_response :success
37 json_response['items'].each do |group|
38 assert_not_equal 'project', group['group_class']
39 group_uuids << group['uuid']
41 assert_not_includes group_uuids, groups(:aproject).uuid
42 assert_not_includes group_uuids, groups(:asubproject).uuid
43 assert_includes group_uuids, groups(:private).uuid
44 assert_includes group_uuids, groups(:group_with_no_class).uuid
47 test "get list of groups with bogus group_class" do
48 authorize_with :active
50 filters: [['group_class', '=', 'nogrouphasthislittleclass']],
53 assert_response :success
54 assert_equal [], json_response['items']
55 assert_equal 0, json_response['items_available']
58 def check_project_contents_response
59 assert_response :success
60 assert_operator 2, :<=, json_response['items_available']
61 assert_operator 2, :<=, json_response['items'].count
62 kinds = json_response['items'].collect { |i| i['kind'] }.uniq
63 expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job'
64 assert_equal expect_kinds, (expect_kinds & kinds)
66 json_response['items'].each do |i|
67 if i['kind'] == 'arvados#group'
68 assert(i['group_class'] == 'project',
69 "group#contents returned a non-project group")
74 test 'get group-owned objects' do
75 authorize_with :active
77 id: groups(:aproject).uuid,
80 check_project_contents_response
83 test "user with project read permission can see project objects" do
84 authorize_with :project_viewer
86 id: groups(:aproject).uuid,
89 check_project_contents_response
92 test "list objects across projects" do
93 authorize_with :project_viewer
96 filters: [['uuid', 'is_a', 'arvados#specimen']]
98 assert_response :success
99 found_uuids = json_response['items'].collect { |i| i['uuid'] }
100 [[:in_aproject, true],
101 [:in_asubproject, true],
102 [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
104 assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
106 refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
111 test "list objects in home project" do
112 authorize_with :active
115 id: users(:active).uuid
117 assert_response :success
118 found_uuids = json_response['items'].collect { |i| i['uuid'] }
119 assert_includes found_uuids, specimens(:owned_by_active_user).uuid, "specimen did not appear in home project"
120 refute_includes found_uuids, specimens(:in_asubproject).uuid, "specimen appeared unexpectedly in home project"
123 test "user with project read permission can see project collections" do
124 authorize_with :project_viewer
126 id: groups(:asubproject).uuid,
129 ids = json_response['items'].map { |item| item["uuid"] }
130 assert_includes ids, collections(:baz_file_in_asubproject).uuid
134 ['desc', :>=]].each do |order, operator|
135 test "user with project read permission can sort project collections #{order}" do
136 authorize_with :project_viewer
138 id: groups(:asubproject).uuid,
140 filters: [['uuid', 'is_a', "arvados#collection"]],
141 order: "collections.name #{order}"
143 sorted_names = json_response['items'].collect { |item| item["name"] }
144 # Here we avoid assuming too much about the database
145 # collation. Both "alice"<"Bob" and "alice">"Bob" can be
146 # correct. Hopefully it _is_ safe to assume that if "a" comes
147 # before "b" in the ascii alphabet, "aX">"bY" is never true for
148 # any strings X and Y.
149 reliably_sortable_names = sorted_names.select do |name|
150 name[0] >= 'a' and name[0] <= 'z'
154 # Preserve order of sorted_names. But do not use &=. If
155 # sorted_names has out-of-order duplicates, we want to preserve
156 # them here, so we can detect them and fail the test below.
157 sorted_names.select! do |name|
158 reliably_sortable_names.include? name
160 actually_checked_anything = false
162 sorted_names.each do |entry|
164 assert_operator(previous, operator, entry,
165 "Entries sorted incorrectly.")
166 actually_checked_anything = true
170 assert actually_checked_anything, "Didn't even find two names to compare."
174 test 'list objects across multiple projects' do
175 authorize_with :project_viewer
178 filters: [['uuid', 'is_a', 'arvados#specimen']]
180 assert_response :success
181 found_uuids = json_response['items'].collect { |i| i['uuid'] }
182 [[:in_aproject, true],
183 [:in_asubproject, true],
184 [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
186 assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
188 refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
193 # Even though the project_viewer tests go through other controllers,
194 # I'm putting them here so they're easy to find alongside the other
196 def check_new_project_link_fails(link_attrs)
197 @controller = Arvados::V1::LinksController.new
198 post :create, link: {
199 link_class: "permission",
201 head_uuid: groups(:aproject).uuid,
203 assert_includes(403..422, response.status)
206 test "user with project read permission can't add users to it" do
207 authorize_with :project_viewer
208 check_new_project_link_fails(tail_uuid: users(:spectator).uuid)
211 test "user with project read permission can't add items to it" do
212 authorize_with :project_viewer
213 check_new_project_link_fails(tail_uuid: collections(:baz_file).uuid)
216 test "user with project read permission can't rename items in it" do
217 authorize_with :project_viewer
218 @controller = Arvados::V1::LinksController.new
220 id: jobs(:running).uuid,
221 name: "Denied test name",
223 assert_includes(403..404, response.status)
226 test "user with project read permission can't remove items from it" do
227 @controller = Arvados::V1::PipelineTemplatesController.new
228 authorize_with :project_viewer
230 id: pipeline_templates(:two_part).uuid,
232 owner_uuid: users(:project_viewer).uuid,
238 test "user with project read permission can't delete it" do
239 authorize_with :project_viewer
240 post :destroy, {id: groups(:aproject).uuid}
244 test 'get group-owned objects with limit' do
245 authorize_with :active
247 id: groups(:aproject).uuid,
251 assert_response :success
252 assert_operator 1, :<, json_response['items_available']
253 assert_equal 1, json_response['items'].count
256 test 'get group-owned objects with limit and offset' do
257 authorize_with :active
259 id: groups(:aproject).uuid,
264 assert_response :success
265 assert_operator 1, :<, json_response['items_available']
266 assert_equal 0, json_response['items'].count
269 test 'get group-owned objects with additional filter matching nothing' do
270 authorize_with :active
272 id: groups(:aproject).uuid,
273 filters: [['uuid', 'in', ['foo_not_a_uuid','bar_not_a_uuid']]],
276 assert_response :success
277 assert_equal [], json_response['items']
278 assert_equal 0, json_response['items_available']
281 %w(offset limit).each do |arg|
282 ['foo', '', '1234five', '0x10', '-8'].each do |val|
283 test "Raise error on bogus #{arg} parameter #{val.inspect}" do
284 authorize_with :active
286 :id => groups(:aproject).uuid,
295 test "Collection contents don't include manifest_text" do
296 authorize_with :active
298 id: groups(:aproject).uuid,
299 filters: [["uuid", "is_a", "arvados#collection"]],
302 assert_response :success
303 refute(json_response["items"].any? { |c| not c["portable_data_hash"] },
304 "response included an item without a portable data hash")
305 refute(json_response["items"].any? { |c| c.include?("manifest_text") },
306 "response included an item with a manifest text")
309 test 'get writable_by list for owned group' do
310 authorize_with :active
312 id: groups(:aproject).uuid,
315 assert_response :success
316 assert_not_nil(json_response['writable_by'],
317 "Should receive uuid list in 'writable_by' field")
318 assert_includes(json_response['writable_by'], users(:active).uuid,
319 "owner should be included in writable_by list")
322 test 'no writable_by list for group with read-only access' do
323 authorize_with :rominiadmin
325 id: groups(:testusergroup_admins).uuid,
328 assert_response :success
329 assert_equal([json_response['owner_uuid']],
330 json_response['writable_by'],
331 "Should only see owner_uuid in 'writable_by' field")
334 test 'get writable_by list by admin user' do
335 authorize_with :admin
337 id: groups(:testusergroup_admins).uuid,
340 assert_response :success
341 assert_not_nil(json_response['writable_by'],
342 "Should receive uuid list in 'writable_by' field")
343 assert_includes(json_response['writable_by'],
345 "Current user should be included in 'writable_by' field")
348 test 'creating subproject with duplicate name fails' do
349 authorize_with :active
353 owner_uuid: users(:active).uuid,
354 group_class: 'project',
358 response_errors = json_response['errors']
359 assert_not_nil response_errors, 'Expected error in response'
360 assert(response_errors.first.include?('duplicate key'),
361 "Expected 'duplicate key' error in #{response_errors.first}")
364 test 'creating duplicate named subproject succeeds with ensure_unique_name' do
365 authorize_with :active
369 owner_uuid: users(:active).uuid,
370 group_class: 'project',
372 ensure_unique_name: true
374 assert_response :success
375 new_project = json_response
376 assert_not_equal(new_project['uuid'],
377 groups(:aproject).uuid,
378 "create returned same uuid as existing project")
379 assert_equal(new_project['name'],
381 "new project name '#{new_project['name']}' was expected to be 'A Project (2)'")