1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
7 class GroupsTest < ActionDispatch::IntegrationTest
8 [[], ['replication_confirmed']].each do |orders|
9 test "results are consistent when provided orders #{orders} is incomplete" do
12 get '/arvados/v1/groups/contents',
14 id: groups(:aproject).uuid,
15 filters: [["uuid", "is_a", "arvados#collection"]].to_json,
16 orders: orders.to_json,
19 headers: auth(:active)
20 assert_response :success
22 last = json_response['items']
24 assert_equal last, json_response['items']
30 test "get all pages of group-owned objects" do
37 get "/arvados/v1/groups/contents",
39 id: groups(:aproject).uuid,
44 headers: auth(:active)
46 assert_response :success
47 assert_operator(0, :<, json_response['items'].count,
48 "items_available=#{items_available} but received 0 "\
49 "items with offset=#{offset}")
50 items_available ||= json_response['items_available']
51 assert_equal(items_available, json_response['items_available'],
52 "items_available changed between page #{offset/limit} "\
53 "and page #{1+offset/limit}")
54 json_response['items'].each do |item|
56 assert_equal(nil, uuid_received[uuid],
57 "Received '#{uuid}' again on page #{1+offset/limit}")
58 uuid_received[uuid] = true
59 owner_received[item['owner_uuid']] = true
61 assert_equal groups(:aproject).uuid, item['owner_uuid']
63 break if offset >= items_available
68 ['Collection_', true], # collections and pipelines templates
69 ['hash', true], # pipeline templates
70 ['fa7aeb5140e2848d39b', false], # script_parameter of pipeline instances
71 ['fa7aeb5140e2848d39b:*', true], # script_parameter of pipeline instances
72 ['project pipeline', true], # finds "Completed pipeline in A Project"
73 ['project pipeli:*', true], # finds "Completed pipeline in A Project"
74 ['proje pipeli:*', false], # first word is incomplete, so no prefix match
75 ['no-such-thing', false], # script_parameter of pipeline instances
76 ].each do |search_filter, expect_results|
77 test "full text search of group-owned objects for #{search_filter}" do
78 get "/arvados/v1/groups/contents",
80 id: groups(:aproject).uuid,
82 :filters => [['any', '@@', search_filter]].to_json
84 headers: auth(:active)
85 assert_response :success
87 refute_empty json_response['items']
88 json_response['items'].each do |item|
90 assert_equal groups(:aproject).uuid, item['owner_uuid']
93 assert_empty json_response['items']
98 test "full text search is not supported for individual columns" do
99 get "/arvados/v1/groups/contents",
101 :filters => [['name', '@@', 'Private']].to_json
103 headers: auth(:active)
107 test "group contents with include trash collections" do
108 get "/arvados/v1/groups/contents",
110 include_trash: "true",
111 filters: [["uuid", "is_a", "arvados#collection"]].to_json,
114 headers: auth(:active)
118 json_response['items'].each { |c| coll_uuids << c['uuid'] }
119 assert_includes coll_uuids, collections(:foo_collection_in_aproject).uuid
120 assert_includes coll_uuids, collections(:expired_collection).uuid
123 test "group contents without trash collections" do
124 get "/arvados/v1/groups/contents",
126 filters: [["uuid", "is_a", "arvados#collection"]].to_json,
129 headers: auth(:active)
133 json_response['items'].each { |c| coll_uuids << c['uuid'] }
134 assert_includes coll_uuids, collections(:foo_collection_in_aproject).uuid
135 assert_not_includes coll_uuids, collections(:expired_collection).uuid
138 test "unsharing a project results in hiding it from previously shared user" do
139 # remove sharing link for project
140 delete "/arvados/v1/links/#{links(:share_starred_project_with_project_viewer).uuid}", headers: auth(:admin)
143 # verify that the user can no longer see the project
144 get "/arvados/v1/groups",
146 filters: [['group_class', '=', 'project']].to_json,
148 }, headers: auth(:project_viewer)
151 json_response['items'].each do |g|
152 found_projects[g['uuid']] = g
154 assert_equal false, found_projects.include?(groups(:starred_and_shared_active_user_project).uuid)
157 post "/arvados/v1/links", params: {
159 link_class: "permission",
161 head_uuid: groups(:starred_and_shared_active_user_project).uuid,
162 tail_uuid: users(:project_viewer).uuid,
164 }, headers: auth(:system_user)
166 assert_equal 'permission', json_response['link_class']
168 # verify that project_viewer user can now see shared project again
169 get "/arvados/v1/groups", params: {
170 filters: [['group_class', '=', 'project']].to_json,
172 }, headers: auth(:project_viewer)
175 json_response['items'].each do |g|
176 found_projects[g['uuid']] = g
178 assert_equal true, found_projects.include?(groups(:starred_and_shared_active_user_project).uuid)
182 class NonTransactionalGroupsTest < ActionDispatch::IntegrationTest
183 # Transactional tests are disabled to be able to test the concurrent
184 # asynchronous permissions update feature.
185 # This is needed because nested transactions share the connection pool, so
186 # one thread is locked while trying to talk to the database, until the other
188 self.use_transactional_tests = false
191 # Explicitly reset the database after each test.
192 post '/database/reset', params: {}, headers: auth(:admin)
193 assert_response :success
196 test "create request with async=true defers permissions update" do
197 Rails.configuration.API.AsyncPermissionsUpdateInterval = 1 # second
198 name = "Random group #{rand(1000)}"
199 assert_equal nil, Group.find_by_name(name)
201 # Trigger the asynchronous permission update by using async=true parameter.
202 post "/arvados/v1/groups",
209 headers: auth(:active)
212 # The group exists on the database, but it's not accessible yet.
213 assert_not_nil Group.find_by_name(name)
214 get "/arvados/v1/groups",
216 filters: [["name", "=", name]].to_json,
219 headers: auth(:active)
221 assert_equal 0, json_response['items_available']
223 # Wait a bit and try again.
225 get "/arvados/v1/groups",
227 filters: [["name", "=", name]].to_json,
230 headers: auth(:active)
232 assert_equal 1, json_response['items_available']