Merge branch '10816-postgres-permissions'
[arvados.git] / services / api / test / unit / link_test.rb
1 require 'test_helper'
2
3 class LinkTest < ActiveSupport::TestCase
4   fixtures :all
5
6   setup do
7     set_user_from_auth :admin_trustedclient
8   end
9
10   test "cannot delete an object referenced by links" do
11     ob = Specimen.create
12     link = Link.create(tail_uuid: users(:active).uuid,
13                        head_uuid: ob.uuid,
14                        link_class: 'test',
15                        name: 'test')
16     assert_equal users(:admin).uuid, link.owner_uuid
17     assert_raises(ActiveRecord::DeleteRestrictionError,
18                   "should not delete #{ob.uuid} with link #{link.uuid}") do
19       ob.destroy
20     end
21   end
22
23   def new_active_link_valid?(link_attrs)
24     set_user_from_auth :active
25     begin
26       Link.
27         create({link_class: "permission",
28                  name: "can_read",
29                  head_uuid: groups(:aproject).uuid,
30                }.merge(link_attrs)).
31         valid?
32     rescue ArvadosModel::PermissionDeniedError
33       false
34     end
35   end
36
37   test "non-admin project owner can make it public" do
38     assert(new_active_link_valid?(tail_uuid: groups(:anonymous_group).uuid),
39            "non-admin project owner can't make their project public")
40   end
41
42   test "link granting permission to nonexistent user is invalid" do
43     refute new_active_link_valid?(tail_uuid:
44                                   users(:active).uuid.sub(/-\w+$/, "-#{'z' * 15}"))
45   end
46
47   test "link granting non-project permission to unreadable user is invalid" do
48     refute new_active_link_valid?(tail_uuid: users(:admin).uuid,
49                                   head_uuid: collections(:bar_file).uuid)
50   end
51
52   test "user can't add a Collection to a Project without permission" do
53     refute new_active_link_valid?(link_class: "name",
54                                   name: "Permission denied test name",
55                                   tail_uuid: collections(:bar_file).uuid)
56   end
57
58   test "user can't add a User to a Project" do
59     # Users *can* give other users permissions to projects.
60     # This test helps ensure that that exception is specific to permissions.
61     refute new_active_link_valid?(link_class: "name",
62                                   name: "Permission denied test name",
63                                   tail_uuid: users(:admin).uuid)
64   end
65
66   test "link granting project permissions to unreadable user is invalid" do
67     refute new_active_link_valid?(tail_uuid: users(:admin).uuid)
68   end
69 end