1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
7 class GroupTest < ActiveSupport::TestCase
9 test "cannot set owner_uuid to object with existing ownership cycle" do
10 set_user_from_auth :active_trustedclient
12 # First make sure we have lots of permission on the bad group by
13 # renaming it to "{current name} is mine all mine"
14 g = groups(:bad_group_has_ownership_cycle_b)
15 g.name += " is mine all mine"
16 assert g.save, "active user should be able to modify group #{g.uuid}"
18 # Use the group as the owner of a new object
20 create(owner_uuid: groups(:bad_group_has_ownership_cycle_b).uuid)
21 assert s.valid?, "ownership should pass validation #{s.errors.messages}"
22 assert_equal false, s.save, "should not save object with #{g.uuid} as owner"
24 # Use the group as the new owner of an existing object
25 s = specimens(:in_aproject)
26 s.owner_uuid = groups(:bad_group_has_ownership_cycle_b).uuid
27 assert s.valid?, "ownership should pass validation"
28 assert_equal false, s.save, "should not save object with #{g.uuid} as owner"
31 test "cannot create a new ownership cycle" do
32 set_user_from_auth :active_trustedclient
34 g_foo = Group.create!(name: "foo")
35 g_bar = Group.create!(name: "bar")
37 g_foo.owner_uuid = g_bar.uuid
38 assert g_foo.save, lambda { g_foo.errors.messages }
39 g_bar.owner_uuid = g_foo.uuid
40 assert g_bar.valid?, "ownership cycle should not prevent validation"
41 assert_equal false, g_bar.save, "should not create an ownership loop"
42 assert g_bar.errors.messages[:owner_uuid].join(" ").match(/ownership cycle/)
45 test "cannot create a single-object ownership cycle" do
46 set_user_from_auth :active_trustedclient
48 g_foo = Group.create!(name: "foo")
51 # Ensure I have permission to manage this group even when its owner changes
52 perm_link = Link.create!(tail_uuid: users(:active).uuid,
53 head_uuid: g_foo.uuid,
54 link_class: 'permission',
58 g_foo.owner_uuid = g_foo.uuid
59 assert_equal false, g_foo.save, "should not create an ownership loop"
60 assert g_foo.errors.messages[:owner_uuid].join(" ").match(/ownership cycle/)
63 test "delete group hides contents" do
64 set_user_from_auth :active_trustedclient
66 g_foo = Group.create!(name: "foo")
67 col = Collection.create!(owner_uuid: g_foo.uuid)
69 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?
70 g_foo.update! is_trashed: true
71 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).empty?
72 g_foo.update! is_trashed: false
73 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?
77 test "delete group propagates to subgroups" do
78 set_user_from_auth :active_trustedclient
80 g_foo = Group.create!(name: "foo")
81 g_bar = Group.create!(name: "bar", owner_uuid: g_foo.uuid)
82 col = Collection.create!(owner_uuid: g_bar.uuid)
84 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
85 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
86 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?
88 g_foo.update! is_trashed: true
89 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).empty?
90 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).empty?
91 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).empty?
93 set_user_from_auth :admin
94 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).empty?
95 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).empty?
96 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).empty?
98 set_user_from_auth :active_trustedclient
99 g_foo.update! is_trashed: false
100 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
101 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
102 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?