3 class Arvados::V1::UsersControllerTest < ActionController::TestCase
4 include CurrentApiClient
7 @all_links_at_start = Link.all
8 @vm_uuid = virtual_machines(:testvm).uuid
11 test "activate a user after signing UA" do
12 authorize_with :inactive_but_signed_user_agreement
13 post :activate, id: users(:inactive_but_signed_user_agreement).uuid
14 assert_response :success
15 assert_not_nil assigns(:object)
16 me = JSON.parse(@response.body)
17 assert_equal true, me['is_active']
20 test "refuse to activate a user before signing UA" do
22 required_uuids = Link.where("owner_uuid = ? and link_class = ? and name = ? and tail_uuid = ? and head_uuid like ?",
27 Collection.uuid_like_pattern).
30 assert required_uuids.length > 0
32 signed_uuids = Link.where(owner_uuid: system_user_uuid,
33 link_class: 'signature',
35 tail_uuid: users(:inactive).uuid,
36 head_uuid: required_uuids).
39 assert_equal 0, signed_uuids.length
42 authorize_with :inactive
44 post :activate, id: users(:inactive).uuid
47 response_body = JSON.parse(@response.body)
48 assert response_body['errors'].first.include? 'Cannot activate without user agreements'
51 test "activate an already-active user" do
52 authorize_with :active
53 post :activate, id: users(:active).uuid
54 assert_response :success
55 me = JSON.parse(@response.body)
56 assert_equal true, me['is_active']
59 test "respond 401 if given token exists but user record is missing" do
60 authorize_with :valid_token_deleted_user
61 get :current, {format: :json}
65 test "create new user with user as input" do
68 first_name: "test_first_name",
69 last_name: "test_last_name",
70 email: "foo@example.com"
72 assert_response :success
73 created = JSON.parse(@response.body)
74 assert_equal 'test_first_name', created['first_name']
75 assert_not_nil created['uuid'], 'expected uuid for the newly created user'
76 assert_not_nil created['email'], 'expected non-nil email'
77 assert_nil created['identity_url'], 'expected no identity_url'
80 test "create user with user, vm and repo as input" do
82 repo_name = 'test_repo'
86 openid_prefix: 'https://www.google.com/accounts/o8/id',
88 uuid: 'zzzzz-tpzed-abcdefghijklmno',
89 first_name: "in_create_test_first_name",
90 last_name: "test_last_name",
91 email: "foo@example.com"
94 assert_response :success
95 response_items = JSON.parse(@response.body)['items']
97 created = find_obj_in_resp response_items, 'User', nil
99 assert_equal 'in_create_test_first_name', created['first_name']
100 assert_not_nil created['uuid'], 'expected non-null uuid for the new user'
101 assert_equal 'zzzzz-tpzed-abcdefghijklmno', created['uuid']
102 assert_not_nil created['email'], 'expected non-nil email'
103 assert_nil created['identity_url'], 'expected no identity_url'
105 # arvados#user, repo link and link add user to 'All users' group
106 verify_num_links @all_links_at_start, 4
108 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
109 created['uuid'], created['email'], 'arvados#user', false, 'User'
111 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
112 repo_name, created['uuid'], 'arvados#repository', true, 'Repository'
114 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
115 'All users', created['uuid'], 'arvados#group', true, 'Group'
117 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
118 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
120 verify_system_group_permission_link_for created['uuid']
123 test "setup user with bogus uuid and expect error" do
124 authorize_with :admin
128 repo_name: 'test_repo',
131 response_body = JSON.parse(@response.body)
132 response_errors = response_body['errors']
133 assert_not_nil response_errors, 'Expected error in response'
134 assert (response_errors.first.include? 'Path not found'), 'Expected 404'
137 test "setup user with bogus uuid in user and expect error" do
138 authorize_with :admin
141 user: {uuid: 'bogus_uuid'},
142 repo_name: 'test_repo',
144 openid_prefix: 'https://www.google.com/accounts/o8/id'
146 response_body = JSON.parse(@response.body)
147 response_errors = response_body['errors']
148 assert_not_nil response_errors, 'Expected error in response'
149 assert (response_errors.first.include? 'ArgumentError: Require user email'),
150 'Expected RuntimeError'
153 test "setup user with no uuid and user, expect error" do
154 authorize_with :admin
157 repo_name: 'test_repo',
159 openid_prefix: 'https://www.google.com/accounts/o8/id'
161 response_body = JSON.parse(@response.body)
162 response_errors = response_body['errors']
163 assert_not_nil response_errors, 'Expected error in response'
164 assert (response_errors.first.include? 'Required uuid or user'),
165 'Expected ArgumentError'
168 test "setup user with no uuid and email, expect error" do
169 authorize_with :admin
173 repo_name: 'test_repo',
175 openid_prefix: 'https://www.google.com/accounts/o8/id'
177 response_body = JSON.parse(@response.body)
178 response_errors = response_body['errors']
179 assert_not_nil response_errors, 'Expected error in response'
180 assert (response_errors.first.include? '<ArgumentError: Require user email'),
181 'Expected ArgumentError'
184 test "invoke setup with existing uuid, vm and repo and verify links" do
185 authorize_with :admin
186 inactive_user = users(:inactive)
189 uuid: users(:inactive).uuid,
190 repo_name: 'test_repo',
194 assert_response :success
196 response_items = JSON.parse(@response.body)['items']
197 resp_obj = find_obj_in_resp response_items, 'User', nil
199 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
200 assert_equal inactive_user['uuid'], resp_obj['uuid']
201 assert_equal inactive_user['email'], resp_obj['email'],
202 'expecting inactive user email'
204 # expect repo and vm links
205 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
206 'test_repo', resp_obj['uuid'], 'arvados#repository', true, 'Repository'
208 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
209 @vm_uuid, resp_obj['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
212 test "invoke setup with existing uuid in user, verify response" do
213 authorize_with :admin
214 inactive_user = users(:inactive)
217 user: {uuid: inactive_user['uuid']},
218 openid_prefix: 'https://www.google.com/accounts/o8/id'
221 assert_response :success
223 response_items = JSON.parse(@response.body)['items']
224 resp_obj = find_obj_in_resp response_items, 'User', nil
226 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
227 assert_equal inactive_user['uuid'], resp_obj['uuid']
228 assert_equal inactive_user['email'], resp_obj['email'],
229 'expecting inactive user email'
232 test "invoke setup with existing uuid but different email, expect original email" do
233 authorize_with :admin
234 inactive_user = users(:inactive)
237 uuid: inactive_user['uuid'],
238 user: {email: 'junk_email'}
241 assert_response :success
243 response_items = JSON.parse(@response.body)['items']
244 resp_obj = find_obj_in_resp response_items, 'User', nil
246 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
247 assert_equal inactive_user['uuid'], resp_obj['uuid']
248 assert_equal inactive_user['email'], resp_obj['email'],
249 'expecting inactive user email'
252 test "setup user with valid email and repo as input" do
253 authorize_with :admin
256 repo_name: 'test_repo',
257 user: {email: 'foo@example.com'},
258 openid_prefix: 'https://www.google.com/accounts/o8/id'
261 assert_response :success
262 response_items = JSON.parse(@response.body)['items']
263 response_object = find_obj_in_resp response_items, 'User', nil
264 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
265 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
267 # four extra links; system_group, login, group and repo perms
268 verify_num_links @all_links_at_start, 4
271 test "setup user with fake vm and expect error" do
272 authorize_with :admin
275 repo_name: 'test_repo',
276 vm_uuid: 'no_such_vm',
277 user: {email: 'foo@example.com'},
278 openid_prefix: 'https://www.google.com/accounts/o8/id'
281 response_body = JSON.parse(@response.body)
282 response_errors = response_body['errors']
283 assert_not_nil response_errors, 'Expected error in response'
284 assert (response_errors.first.include? "No vm found for no_such_vm"),
285 'Expected RuntimeError: No vm found for no_such_vm'
288 test "setup user with valid email, repo and real vm as input" do
289 authorize_with :admin
292 repo_name: 'test_repo',
293 openid_prefix: 'https://www.google.com/accounts/o8/id',
295 user: {email: 'foo@example.com'}
298 assert_response :success
299 response_items = JSON.parse(@response.body)['items']
300 response_object = find_obj_in_resp response_items, 'User', nil
301 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
302 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
304 # five extra links; system_group, login, group, vm, repo
305 verify_num_links @all_links_at_start, 5
308 test "setup user with valid email, no vm and repo as input" do
309 authorize_with :admin
312 user: {email: 'foo@example.com'},
313 openid_prefix: 'https://www.google.com/accounts/o8/id'
316 assert_response :success
317 response_items = JSON.parse(@response.body)['items']
318 response_object = find_obj_in_resp response_items, 'User', nil
319 assert_not_nil response_object['uuid'], 'expected uuid for new user'
320 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
322 # three extra links; system_group, login, and group
323 verify_num_links @all_links_at_start, 3
326 test "setup user with email, first name, repo name and vm uuid" do
327 authorize_with :admin
330 openid_prefix: 'https://www.google.com/accounts/o8/id',
331 repo_name: 'test_repo',
334 first_name: 'test_first_name',
335 email: 'foo@example.com'
339 assert_response :success
340 response_items = JSON.parse(@response.body)['items']
341 response_object = find_obj_in_resp response_items, 'User', nil
342 assert_not_nil response_object['uuid'], 'expected uuid for new user'
343 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
344 assert_equal 'test_first_name', response_object['first_name'],
345 'expecting first name'
347 # five extra links; system_group, login, group, repo and vm
348 verify_num_links @all_links_at_start, 5
351 test "setup user with an exising user email and check different object is created" do
352 authorize_with :admin
353 inactive_user = users(:inactive)
356 openid_prefix: 'https://www.google.com/accounts/o8/id',
357 repo_name: 'test_repo',
359 email: inactive_user['email']
363 assert_response :success
364 response_items = JSON.parse(@response.body)['items']
365 response_object = find_obj_in_resp response_items, 'User', nil
366 assert_not_nil response_object['uuid'], 'expected uuid for new user'
367 assert_not_equal response_object['uuid'], inactive_user['uuid'],
368 'expected different uuid after create operation'
369 assert_equal inactive_user['email'], response_object['email'], 'expected given email'
370 # system_group, openid, group, and repo. No vm link.
371 verify_num_links @all_links_at_start, 4
374 test "setup user with openid prefix" do
375 authorize_with :admin
378 repo_name: 'test_repo',
379 openid_prefix: 'http://www.example.com/account',
381 first_name: "in_create_test_first_name",
382 last_name: "test_last_name",
383 email: "foo@example.com"
387 assert_response :success
389 response_items = JSON.parse(@response.body)['items']
390 created = find_obj_in_resp response_items, 'User', nil
392 assert_equal 'in_create_test_first_name', created['first_name']
393 assert_not_nil created['uuid'], 'expected uuid for new user'
394 assert_not_nil created['email'], 'expected non-nil email'
395 assert_nil created['identity_url'], 'expected no identity_url'
398 # four new links: system_group, arvados#user, repo, and 'All users' group.
399 verify_num_links @all_links_at_start, 4
401 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
402 created['uuid'], created['email'], 'arvados#user', false, 'User'
404 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
405 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
407 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
408 'All users', created['uuid'], 'arvados#group', true, 'Group'
410 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
411 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
414 test "invoke setup with no openid prefix, expect error" do
415 authorize_with :admin
418 repo_name: 'test_repo',
420 first_name: "in_create_test_first_name",
421 last_name: "test_last_name",
422 email: "foo@example.com"
426 response_body = JSON.parse(@response.body)
427 response_errors = response_body['errors']
428 assert_not_nil response_errors, 'Expected error in response'
429 assert (response_errors.first.include? 'openid_prefix parameter is missing'),
430 'Expected ArgumentError'
433 test "setup user with user, vm and repo and verify links" do
434 authorize_with :admin
438 first_name: "in_create_test_first_name",
439 last_name: "test_last_name",
440 email: "foo@example.com"
443 repo_name: 'test_repo',
444 openid_prefix: 'https://www.google.com/accounts/o8/id'
447 assert_response :success
449 response_items = JSON.parse(@response.body)['items']
450 created = find_obj_in_resp response_items, 'User', nil
452 assert_equal 'in_create_test_first_name', created['first_name']
453 assert_not_nil created['uuid'], 'expected uuid for new user'
454 assert_not_nil created['email'], 'expected non-nil email'
455 assert_nil created['identity_url'], 'expected no identity_url'
457 # five new links: system_group, arvados#user, repo, vm and 'All
459 verify_num_links @all_links_at_start, 5
461 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
462 created['uuid'], created['email'], 'arvados#user', false, 'User'
464 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
465 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
467 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
468 'All users', created['uuid'], 'arvados#group', true, 'Group'
470 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
471 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
474 test "create user as non admin user and expect error" do
475 authorize_with :active
478 user: {email: 'foo@example.com'}
481 response_body = JSON.parse(@response.body)
482 response_errors = response_body['errors']
483 assert_not_nil response_errors, 'Expected error in response'
484 assert (response_errors.first.include? 'PermissionDenied'),
485 'Expected PermissionDeniedError'
488 test "setup user as non admin user and expect error" do
489 authorize_with :active
492 openid_prefix: 'https://www.google.com/accounts/o8/id',
493 user: {email: 'foo@example.com'}
496 response_body = JSON.parse(@response.body)
497 response_errors = response_body['errors']
498 assert_not_nil response_errors, 'Expected error in response'
499 assert (response_errors.first.include? 'Forbidden'),
500 'Expected Forbidden error'
503 test "setup user in multiple steps and verify response" do
504 authorize_with :admin
507 openid_prefix: 'http://www.example.com/account',
509 email: "foo@example.com"
513 assert_response :success
514 response_items = JSON.parse(@response.body)['items']
515 created = find_obj_in_resp response_items, 'User', nil
517 assert_not_nil created['uuid'], 'expected uuid for new user'
518 assert_not_nil created['email'], 'expected non-nil email'
519 assert_equal created['email'], 'foo@example.com', 'expected input email'
521 # three new links: system_group, arvados#user, and 'All users' group.
522 verify_num_links @all_links_at_start, 3
524 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
525 created['uuid'], created['email'], 'arvados#user', false, 'User'
527 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
528 'All users', created['uuid'], 'arvados#group', true, 'Group'
530 verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
531 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
533 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
534 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
536 # invoke setup with a repository
538 openid_prefix: 'http://www.example.com/account',
539 repo_name: 'new_repo',
540 uuid: created['uuid']
543 assert_response :success
545 response_items = JSON.parse(@response.body)['items']
546 created = find_obj_in_resp response_items, 'User', nil
548 assert_equal 'foo@example.com', created['email'], 'expected input email'
551 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
552 'All users', created['uuid'], 'arvados#group', true, 'Group'
554 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
555 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository'
557 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
558 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
560 # invoke setup with a vm_uuid
563 openid_prefix: 'http://www.example.com/account',
567 uuid: created['uuid']
570 assert_response :success
572 response_items = JSON.parse(@response.body)['items']
573 created = find_obj_in_resp response_items, 'User', nil
575 assert_equal created['email'], 'foo@example.com', 'expected original email'
578 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
579 'All users', created['uuid'], 'arvados#group', true, 'Group'
581 # since no repo name in input, we won't get any; even though user has one
582 verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
583 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository'
585 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
586 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
589 test "setup and unsetup user" do
590 authorize_with :admin
593 repo_name: 'test_repo',
595 user: {email: 'foo@example.com'},
596 openid_prefix: 'https://www.google.com/accounts/o8/id'
599 assert_response :success
600 response_items = JSON.parse(@response.body)['items']
601 created = find_obj_in_resp response_items, 'User', nil
602 assert_not_nil created['uuid'], 'expected uuid for the new user'
603 assert_equal created['email'], 'foo@example.com', 'expected given email'
605 # five extra links: system_group, login, group, repo and vm
606 verify_num_links @all_links_at_start, 5
608 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
609 created['uuid'], created['email'], 'arvados#user', false, 'User'
611 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
612 'All users', created['uuid'], 'arvados#group', true, 'Group'
614 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
615 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
617 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
618 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
620 verify_link_existence created['uuid'], created['email'], true, true, true, true, false
622 # now unsetup this user
623 post :unsetup, id: created['uuid']
624 assert_response :success
626 created2 = JSON.parse(@response.body)
627 assert_not_nil created2['uuid'], 'expected uuid for the newly created user'
628 assert_equal created['uuid'], created2['uuid'], 'expected uuid not found'
630 verify_link_existence created['uuid'], created['email'], false, false, false, false, false
633 test "unsetup active user" do
634 active_user = users(:active)
635 assert_not_nil active_user['uuid'], 'expected uuid for the active user'
636 assert active_user['is_active'], 'expected is_active for active user'
638 verify_link_existence active_user['uuid'], active_user['email'],
639 false, true, false, true, true
641 authorize_with :admin
643 # now unsetup this user
644 post :unsetup, id: active_user['uuid']
645 assert_response :success
647 response_user = JSON.parse(@response.body)
648 assert_not_nil response_user['uuid'], 'expected uuid for the upsetup user'
649 assert_equal active_user['uuid'], response_user['uuid'], 'expected uuid not found'
650 assert !response_user['is_active'], 'expected user to be inactive'
651 assert !response_user['is_invited'], 'expected user to be uninvited'
653 verify_link_existence response_user['uuid'], response_user['email'],
654 false, false, false, false, false
656 active_user = User.find_by_uuid(users(:active).uuid)
657 readable_groups = active_user.groups_i_can(:read)
658 all_users_group = Group.all.collect(&:uuid).select { |g| g.match /-f+$/ }
659 refute_includes(readable_groups, all_users_group,
660 "active user can read All Users group after being deactivated")
661 assert_equal(false, active_user.is_invited,
662 "active user is_invited after being deactivated & reloaded")
665 test "setup user with send notification param false and verify no email" do
666 authorize_with :admin
669 openid_prefix: 'http://www.example.com/account',
670 send_notification_email: 'false',
672 email: "foo@example.com"
676 assert_response :success
677 response_items = JSON.parse(@response.body)['items']
678 created = find_obj_in_resp response_items, 'User', nil
679 assert_not_nil created['uuid'], 'expected uuid for the new user'
680 assert_equal created['email'], 'foo@example.com', 'expected given email'
682 setup_email = ActionMailer::Base.deliveries.last
683 assert_nil setup_email, 'expected no setup email'
686 test "setup user with send notification param true and verify email" do
687 authorize_with :admin
690 openid_prefix: 'http://www.example.com/account',
691 send_notification_email: 'true',
693 email: "foo@example.com"
697 assert_response :success
698 response_items = JSON.parse(@response.body)['items']
699 created = find_obj_in_resp response_items, 'User', nil
700 assert_not_nil created['uuid'], 'expected uuid for the new user'
701 assert_equal created['email'], 'foo@example.com', 'expected given email'
703 setup_email = ActionMailer::Base.deliveries.last
704 assert_not_nil setup_email, 'Expected email after setup'
706 assert_equal Rails.configuration.user_notifier_email_from, setup_email.from[0]
707 assert_equal 'foo@example.com', setup_email.to[0]
708 assert_equal 'Welcome to Curoverse', setup_email.subject
709 assert (setup_email.body.to_s.include? 'Your Arvados account has been set up'),
710 'Expected Your Arvados account has been set up in email body'
711 assert (setup_email.body.to_s.include? 'foo@example.com'),
712 'Expected user email in email body'
713 assert (setup_email.body.to_s.include? Rails.configuration.workbench_address),
714 'Expected workbench url in email body'
717 test "non-admin user can get basic information about readable users" do
718 authorize_with :spectator
720 check_non_admin_index
721 check_readable_users_index [:spectator], [:inactive, :active]
724 test "non-admin user gets only safe attributes from users#show" do
725 g = act_as_system_user do
728 users = create_list :active_user, 2, join_groups: [g]
729 token = create :token, user: users[0]
730 authorize_with_token token
731 get :show, id: users[1].uuid
735 test "non-admin user can limit index" do
736 g = act_as_system_user do
739 users = create_list :active_user, 4, join_groups: [g]
740 token = create :token, user: users[0]
742 [2, 4].each do |limit|
743 authorize_with_token token
744 get(:index, limit: limit)
745 check_non_admin_index
746 assert_equal(limit, json_response["items"].size,
747 "non-admin index limit was ineffective")
751 test "admin has full index powers" do
752 authorize_with :admin
753 check_inactive_user_findable
756 test "reader token can grant admin index powers" do
757 authorize_with :spectator
758 check_inactive_user_findable(reader_tokens: [api_token(:admin)])
761 test "admin can filter on user.is_active" do
762 authorize_with :admin
763 get(:index, filters: [["is_active", "=", "true"]])
764 assert_response :success
765 check_readable_users_index [:active, :spectator], [:inactive]
768 test "admin can search where user.is_active" do
769 authorize_with :admin
770 get(:index, where: {is_active: true})
771 assert_response :success
772 check_readable_users_index [:active, :spectator], [:inactive]
775 test "update active_no_prefs user profile and expect notification email" do
776 authorize_with :admin
779 id: users(:active_no_prefs).uuid,
781 prefs: {:profile => {'organization' => 'example.com'}}
784 assert_response :success
787 ActionMailer::Base.deliveries.andand.each do |email|
788 if email.subject == "Profile created by #{users(:active_no_prefs).email}"
793 assert_equal true, found_email, 'Expected email after creating profile'
796 test "update active_no_prefs_profile user profile and expect notification email" do
797 authorize_with :admin
800 user[:prefs] = users(:active_no_prefs_profile).prefs
801 user[:prefs][:profile] = {:profile => {'organization' => 'example.com'}}
803 id: users(:active_no_prefs_profile).uuid,
806 assert_response :success
809 ActionMailer::Base.deliveries.andand.each do |email|
810 if email.subject == "Profile created by #{users(:active_no_prefs_profile).email}"
815 assert_equal true, found_email, 'Expected email after creating profile'
818 test "update active user profile and expect no notification email" do
819 authorize_with :admin
822 id: users(:active).uuid,
824 prefs: {:profile => {'organization' => 'anotherexample.com'}}
827 assert_response :success
830 ActionMailer::Base.deliveries.andand.each do |email|
831 if email.subject == "Profile created by #{users(:active).email}"
836 assert_equal false, found_email, 'Expected no email after updating profile'
840 NON_ADMIN_USER_DATA = ["uuid", "kind", "is_active", "email", "first_name",
843 def check_non_admin_index
844 assert_response :success
845 response_items = json_response["items"]
846 assert_not_nil response_items
847 response_items.each do |user_data|
848 check_non_admin_item user_data
849 assert(user_data["is_active"], "non-admin index returned inactive user")
853 def check_non_admin_show
854 assert_response :success
855 check_non_admin_item json_response
858 def check_non_admin_item user_data
859 assert_equal(NON_ADMIN_USER_DATA, user_data.keys.sort,
860 "data in response had missing or extra attributes")
861 assert_equal("arvados#user", user_data["kind"])
865 def check_readable_users_index expect_present, expect_missing
866 response_uuids = json_response["items"].map { |u| u["uuid"] }
867 expect_present.each do |user_key|
868 assert_includes(response_uuids, users(user_key).uuid,
869 "#{user_key} missing from index")
871 expect_missing.each do |user_key|
872 refute_includes(response_uuids, users(user_key).uuid,
873 "#{user_key} included in index")
877 def check_inactive_user_findable(params={})
878 inactive_user = users(:inactive)
879 get(:index, params.merge(filters: [["email", "=", inactive_user.email]]))
880 assert_response :success
881 user_list = json_response["items"]
882 assert_equal(1, user_list.andand.count)
883 # This test needs to check a column non-admins have no access to,
884 # to ensure that admins see all user information.
885 assert_equal(inactive_user.identity_url, user_list.first["identity_url"],
886 "admin's filtered index did not return inactive user")
889 def verify_num_links (original_links, expected_additional_links)
891 assert_equal expected_additional_links, Link.all.size-original_links.size,
892 "Expected #{expected_additional_links.inspect} more links"
895 def find_obj_in_resp (response_items, object_type, head_kind=nil)
898 response_items.each { |x|
903 if object_type == 'User'
904 if ArvadosModel::resource_class_for_uuid(x['uuid']) == User
908 else # looking for a link
909 if x['head_uuid'] and ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind
918 def verify_link(response_items, link_object_name, expect_link, link_class,
919 link_name, head_uuid, tail_uuid, head_kind, fetch_object, class_name)
921 link = find_obj_in_resp response_items, 'Link', link_object_name
924 assert_nil link, "Expected no link for #{link_object_name}"
928 assert_not_nil link, "Expected link for #{link_object_name}"
931 object = Object.const_get(class_name).where(name: head_uuid)
932 assert [] != object, "expected #{class_name} with name #{head_uuid}"
933 head_uuid = object.first[:uuid]
935 assert_equal link_class, link['link_class'],
936 "did not find expected link_class for #{link_object_name}"
938 assert_equal link_name, link['name'],
939 "did not find expected link_name for #{link_object_name}"
941 assert_equal tail_uuid, link['tail_uuid'],
942 "did not find expected tail_uuid for #{link_object_name}"
944 assert_equal head_kind, link['head_kind'],
945 "did not find expected head_kind for #{link_object_name}"
947 assert_equal head_uuid, link['head_uuid'],
948 "did not find expected head_uuid for #{link_object_name}"
951 def verify_link_existence uuid, email, expect_oid_login_perms,
952 expect_repo_perms, expect_vm_perms, expect_group_perms, expect_signatures
953 # verify that all links are deleted for the user
954 oid_login_perms = Link.where(tail_uuid: email,
955 link_class: 'permission',
956 name: 'can_login').where("head_uuid like ?", User.uuid_like_pattern)
957 if expect_oid_login_perms
958 assert oid_login_perms.any?, "expected oid_login_perms"
960 assert !oid_login_perms.any?, "expected all oid_login_perms deleted"
963 repo_perms = Link.where(tail_uuid: uuid,
964 link_class: 'permission',
965 name: 'can_manage').where("head_uuid like ?", Repository.uuid_like_pattern)
967 assert repo_perms.any?, "expected repo_perms"
969 assert !repo_perms.any?, "expected all repo_perms deleted"
972 vm_login_perms = Link.
973 where(tail_uuid: uuid,
974 link_class: 'permission',
976 where("head_uuid like ?",
977 VirtualMachine.uuid_like_pattern).
979 links(:auto_setup_vm_login_username_can_login_to_test_vm).uuid)
981 assert vm_login_perms.any?, "expected vm_login_perms"
983 assert !vm_login_perms.any?, "expected all vm_login_perms deleted"
986 group = Group.where(name: 'All users').select do |g|
987 g[:uuid].match /-f+$/
989 group_read_perms = Link.where(tail_uuid: uuid,
990 head_uuid: group[:uuid],
991 link_class: 'permission',
993 if expect_group_perms
994 assert group_read_perms.any?, "expected all users group read perms"
996 assert !group_read_perms.any?, "expected all users group perm deleted"
999 signed_uuids = Link.where(link_class: 'signature',
1002 if expect_signatures
1003 assert signed_uuids.any?, "expected signatures"
1005 assert !signed_uuids.any?, "expected all signatures deleted"
1010 def verify_system_group_permission_link_for user_uuid
1011 assert_equal 1, Link.where(link_class: 'permission',
1013 tail_uuid: system_group_uuid,
1014 head_uuid: user_uuid).count