3 class Arvados::V1::UsersControllerTest < ActionController::TestCase
4 include CurrentApiClient
7 @all_links_at_start = Link.all
8 @vm_uuid = virtual_machines(:testvm).uuid
11 test "activate a user after signing UA" do
12 authorize_with :inactive_but_signed_user_agreement
14 assert_response :success
15 me = JSON.parse(@response.body)
16 post :activate, uuid: me['uuid']
17 assert_response :success
18 assert_not_nil assigns(:object)
19 me = JSON.parse(@response.body)
20 assert_equal true, me['is_active']
23 test "refuse to activate a user before signing UA" do
24 authorize_with :inactive
26 assert_response :success
27 me = JSON.parse(@response.body)
28 post :activate, uuid: me['uuid']
31 assert_response :success
32 me = JSON.parse(@response.body)
33 assert_equal false, me['is_active']
36 test "activate an already-active user" do
37 authorize_with :active
39 assert_response :success
40 me = JSON.parse(@response.body)
41 post :activate, uuid: me['uuid']
42 assert_response :success
43 me = JSON.parse(@response.body)
44 assert_equal true, me['is_active']
47 test "create new user with user as input" do
50 first_name: "test_first_name",
51 last_name: "test_last_name",
52 email: "foo@example.com"
54 assert_response :success
55 created = JSON.parse(@response.body)
56 assert_equal 'test_first_name', created['first_name']
57 assert_not_nil created['uuid'], 'expected uuid for the newly created user'
58 assert_not_nil created['email'], 'expected non-nil email'
59 assert_nil created['identity_url'], 'expected no identity_url'
62 test "create user with user, vm and repo as input" do
64 repo_name = 'test_repo'
68 openid_prefix: 'https://www.google.com/accounts/o8/id',
70 uuid: "this_is_agreeable",
71 first_name: "in_create_test_first_name",
72 last_name: "test_last_name",
73 email: "foo@example.com"
76 assert_response :success
77 response_items = JSON.parse(@response.body)['items']
79 created = find_obj_in_resp response_items, 'User', nil
80 assert_equal 'in_create_test_first_name', created['first_name']
81 assert_not_nil created['uuid'], 'expected non-null uuid for the new user'
82 assert_equal 'this_is_agreeable', created['uuid']
83 assert_not_nil created['email'], 'expected non-nil email'
84 assert_nil created['identity_url'], 'expected no identity_url'
86 # arvados#user, repo link and link add user to 'All users' group
87 verify_num_links @all_links_at_start, 4
89 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
90 created['uuid'], created['email'], 'arvados#user', false, 'User'
92 verify_link response_items, 'arvados#repository', true, 'permission', 'can_write',
93 repo_name, created['uuid'], 'arvados#repository', true, 'Repository'
95 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
96 'All users', created['uuid'], 'arvados#group', true, 'Group'
98 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
99 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
101 verify_system_group_permission_link_for created['uuid']
103 # invoke setup again with the same data
105 repo_name: repo_name,
107 openid_prefix: 'https://www.google.com/accounts/o8/id',
109 uuid: "this_is_agreeable",
110 first_name: "in_create_test_first_name",
111 last_name: "test_last_name",
112 email: "foo@example.com"
116 response_items = JSON.parse(@response.body)['items']
118 created = find_obj_in_resp response_items, 'User', nil
119 assert_equal 'in_create_test_first_name', created['first_name']
120 assert_not_nil created['uuid'], 'expected non-null uuid for the new user'
121 assert_equal 'this_is_agreeable', created['uuid']
122 assert_not_nil created['email'], 'expected non-nil email'
123 assert_nil created['identity_url'], 'expected no identity_url'
125 # arvados#user, repo link and link add user to 'All users' group
126 verify_num_links @all_links_at_start, 5
128 verify_link response_items, 'arvados#repository', true, 'permission', 'can_write',
129 repo_name, created['uuid'], 'arvados#repository', true, 'Repository'
131 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
132 'All users', created['uuid'], 'arvados#group', true, 'Group'
134 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
135 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
137 verify_system_group_permission_link_for created['uuid']
140 test "setup user with bogus uuid and expect error" do
141 authorize_with :admin
145 repo_name: 'test_repo',
148 response_body = JSON.parse(@response.body)
149 response_errors = response_body['errors']
150 assert_not_nil response_errors, 'Expected error in response'
151 assert (response_errors.first.include? 'Path not found'), 'Expected 404'
154 test "setup user with bogus uuid in user and expect error" do
155 authorize_with :admin
158 user: {uuid: 'bogus_uuid'},
159 repo_name: 'test_repo',
161 openid_prefix: 'https://www.google.com/accounts/o8/id'
163 response_body = JSON.parse(@response.body)
164 response_errors = response_body['errors']
165 assert_not_nil response_errors, 'Expected error in response'
166 assert (response_errors.first.include? 'ArgumentError: Require user email'),
167 'Expected RuntimeError'
170 test "setup user with no uuid and user, expect error" do
171 authorize_with :admin
174 repo_name: 'test_repo',
176 openid_prefix: 'https://www.google.com/accounts/o8/id'
178 response_body = JSON.parse(@response.body)
179 response_errors = response_body['errors']
180 assert_not_nil response_errors, 'Expected error in response'
181 assert (response_errors.first.include? 'Required uuid or user'),
182 'Expected ArgumentError'
185 test "setup user with no uuid and email, expect error" do
186 authorize_with :admin
190 repo_name: 'test_repo',
192 openid_prefix: 'https://www.google.com/accounts/o8/id'
194 response_body = JSON.parse(@response.body)
195 response_errors = response_body['errors']
196 assert_not_nil response_errors, 'Expected error in response'
197 assert (response_errors.first.include? '<ArgumentError: Require user email'),
198 'Expected ArgumentError'
201 test "invoke setup with existing uuid, vm and repo and verify links" do
202 authorize_with :inactive
204 assert_response :success
205 inactive_user = JSON.parse(@response.body)
207 authorize_with :admin
210 uuid: inactive_user['uuid'],
211 repo_name: 'test_repo',
215 assert_response :success
217 response_items = JSON.parse(@response.body)['items']
218 resp_obj = find_obj_in_resp response_items, 'User', nil
220 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
221 assert_equal inactive_user['uuid'], resp_obj['uuid']
222 assert_equal inactive_user['email'], resp_obj['email'],
223 'expecting inactive user email'
225 # expect repo and vm links
226 verify_link response_items, 'arvados#repository', true, 'permission', 'can_write',
227 'test_repo', resp_obj['uuid'], 'arvados#repository', true, 'Repository'
229 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
230 @vm_uuid, resp_obj['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
233 test "invoke setup with existing uuid in user, verify response" do
234 authorize_with :inactive
236 assert_response :success
237 inactive_user = JSON.parse(@response.body)
239 authorize_with :admin
242 user: {uuid: inactive_user['uuid']},
243 openid_prefix: 'https://www.google.com/accounts/o8/id'
246 assert_response :success
248 response_items = JSON.parse(@response.body)['items']
249 resp_obj = find_obj_in_resp response_items, 'User', nil
251 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
252 assert_equal inactive_user['uuid'], resp_obj['uuid']
253 assert_equal inactive_user['email'], resp_obj['email'],
254 'expecting inactive user email'
257 test "invoke setup with existing uuid but different email, expect original email" do
258 authorize_with :inactive
260 assert_response :success
261 inactive_user = JSON.parse(@response.body)
263 authorize_with :admin
266 uuid: inactive_user['uuid'],
267 user: {email: 'junk_email'}
270 assert_response :success
272 response_items = JSON.parse(@response.body)['items']
273 resp_obj = find_obj_in_resp response_items, 'User', nil
275 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
276 assert_equal inactive_user['uuid'], resp_obj['uuid']
277 assert_equal inactive_user['email'], resp_obj['email'],
278 'expecting inactive user email'
281 test "setup user with valid email and repo as input" do
282 authorize_with :admin
285 repo_name: 'test_repo',
286 user: {email: 'foo@example.com'},
287 openid_prefix: 'https://www.google.com/accounts/o8/id'
290 assert_response :success
291 response_items = JSON.parse(@response.body)['items']
292 response_object = find_obj_in_resp response_items, 'User', nil
293 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
294 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
296 # four extra links; system_group, login, group and repo perms
297 verify_num_links @all_links_at_start, 4
300 test "setup user with fake vm and expect error" do
301 authorize_with :admin
304 repo_name: 'test_repo',
305 vm_uuid: 'no_such_vm',
306 user: {email: 'foo@example.com'},
307 openid_prefix: 'https://www.google.com/accounts/o8/id'
310 response_body = JSON.parse(@response.body)
311 response_errors = response_body['errors']
312 assert_not_nil response_errors, 'Expected error in response'
313 assert (response_errors.first.include? "No vm found for no_such_vm"),
314 'Expected RuntimeError: No vm found for no_such_vm'
317 test "setup user with valid email, repo and real vm as input" do
318 authorize_with :admin
321 repo_name: 'test_repo',
322 openid_prefix: 'https://www.google.com/accounts/o8/id',
324 user: {email: 'foo@example.com'}
327 assert_response :success
328 response_items = JSON.parse(@response.body)['items']
329 response_object = find_obj_in_resp response_items, 'User', nil
330 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
331 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
333 # five extra links; system_group, login, group, vm, repo
334 verify_num_links @all_links_at_start, 5
337 test "setup user with valid email, no vm and repo as input" do
338 authorize_with :admin
341 user: {email: 'foo@example.com'},
342 openid_prefix: 'https://www.google.com/accounts/o8/id'
345 assert_response :success
346 response_items = JSON.parse(@response.body)['items']
347 response_object = find_obj_in_resp response_items, 'User', nil
348 assert_not_nil response_object['uuid'], 'expected uuid for new user'
349 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
351 # three extra links; system_group, login, and group
352 verify_num_links @all_links_at_start, 3
355 test "setup user with email, first name, repo name and vm uuid" do
356 authorize_with :admin
359 openid_prefix: 'https://www.google.com/accounts/o8/id',
360 repo_name: 'test_repo',
363 first_name: 'test_first_name',
364 email: 'foo@example.com'
368 assert_response :success
369 response_items = JSON.parse(@response.body)['items']
370 response_object = find_obj_in_resp response_items, 'User', nil
371 assert_not_nil response_object['uuid'], 'expected uuid for new user'
372 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
373 assert_equal 'test_first_name', response_object['first_name'],
374 'expecting first name'
376 # five extra links; system_group, login, group, repo and vm
377 verify_num_links @all_links_at_start, 5
380 test "setup user twice with email and check two different objects created" do
381 authorize_with :admin
384 openid_prefix: 'https://www.google.com/accounts/o8/id',
385 repo_name: 'test_repo',
387 email: 'foo@example.com'
391 assert_response :success
392 response_items = JSON.parse(@response.body)['items']
393 response_object = find_obj_in_resp response_items, 'User', nil
394 assert_not_nil response_object['uuid'], 'expected uuid for new user'
395 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
396 # system_group, openid, group, and repo. No vm link.
397 verify_num_links @all_links_at_start, 4
401 user: {email: 'foo@example.com'},
402 openid_prefix: 'https://www.google.com/accounts/o8/id'
405 assert_response :success
406 response_items = JSON.parse(@response.body)['items']
407 response_object2 = find_obj_in_resp response_items, 'User', nil
408 assert_not_equal response_object['uuid'], response_object2['uuid'],
409 'expected same uuid as first create operation'
410 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
412 # +1 extra login link +1 extra system_group link pointing to the new User
413 verify_num_links @all_links_at_start, 6
416 test "setup user with openid prefix" do
417 authorize_with :admin
420 repo_name: 'test_repo',
421 openid_prefix: 'http://www.example.com/account',
423 first_name: "in_create_test_first_name",
424 last_name: "test_last_name",
425 email: "foo@example.com"
429 assert_response :success
431 response_items = JSON.parse(@response.body)['items']
432 created = find_obj_in_resp response_items, 'User', nil
434 assert_equal 'in_create_test_first_name', created['first_name']
435 assert_not_nil created['uuid'], 'expected uuid for new user'
436 assert_not_nil created['email'], 'expected non-nil email'
437 assert_nil created['identity_url'], 'expected no identity_url'
440 # four new links: system_group, arvados#user, repo, and 'All users' group.
441 verify_num_links @all_links_at_start, 4
443 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
444 created['uuid'], created['email'], 'arvados#user', false, 'User'
446 verify_link response_items, 'arvados#repository', true, 'permission', 'can_write',
447 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
449 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
450 'All users', created['uuid'], 'arvados#group', true, 'Group'
452 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
453 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
456 test "invoke setup with no openid prefix, expect error" do
457 authorize_with :admin
460 repo_name: 'test_repo',
462 first_name: "in_create_test_first_name",
463 last_name: "test_last_name",
464 email: "foo@example.com"
468 response_body = JSON.parse(@response.body)
469 response_errors = response_body['errors']
470 assert_not_nil response_errors, 'Expected error in response'
471 assert (response_errors.first.include? 'openid_prefix parameter is missing'),
472 'Expected ArgumentError'
475 test "setup user with user, vm and repo and verify links" do
476 authorize_with :admin
480 first_name: "in_create_test_first_name",
481 last_name: "test_last_name",
482 email: "foo@example.com"
485 repo_name: 'test_repo',
486 openid_prefix: 'https://www.google.com/accounts/o8/id'
489 assert_response :success
491 response_items = JSON.parse(@response.body)['items']
492 created = find_obj_in_resp response_items, 'User', nil
494 assert_equal 'in_create_test_first_name', created['first_name']
495 assert_not_nil created['uuid'], 'expected uuid for new user'
496 assert_not_nil created['email'], 'expected non-nil email'
497 assert_nil created['identity_url'], 'expected no identity_url'
499 # five new links: system_group, arvados#user, repo, vm and 'All
501 verify_num_links @all_links_at_start, 5
503 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
504 created['uuid'], created['email'], 'arvados#user', false, 'User'
506 verify_link response_items, 'arvados#repository', true, 'permission', 'can_write',
507 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
509 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
510 'All users', created['uuid'], 'arvados#group', true, 'Group'
512 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
513 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
516 test "create user as non admin user and expect error" do
517 authorize_with :active
520 user: {email: 'foo@example.com'}
523 response_body = JSON.parse(@response.body)
524 response_errors = response_body['errors']
525 assert_not_nil response_errors, 'Expected error in response'
526 assert (response_errors.first.include? 'PermissionDenied'),
527 'Expected PermissionDeniedError'
530 test "setup user as non admin user and expect error" do
531 authorize_with :active
534 openid_prefix: 'https://www.google.com/accounts/o8/id',
535 user: {email: 'foo@example.com'}
538 response_body = JSON.parse(@response.body)
539 response_errors = response_body['errors']
540 assert_not_nil response_errors, 'Expected error in response'
541 assert (response_errors.first.include? 'Forbidden'),
542 'Expected Forbidden error'
545 test "setup user in multiple steps and verify response" do
546 authorize_with :admin
549 openid_prefix: 'http://www.example.com/account',
551 email: "foo@example.com"
555 assert_response :success
556 response_items = JSON.parse(@response.body)['items']
557 created = find_obj_in_resp response_items, 'User', nil
559 assert_not_nil created['uuid'], 'expected uuid for new user'
560 assert_not_nil created['email'], 'expected non-nil email'
561 assert_equal created['email'], 'foo@example.com', 'expected input email'
563 # three new links: system_group, arvados#user, and 'All users' group.
564 verify_num_links @all_links_at_start, 3
566 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
567 created['uuid'], created['email'], 'arvados#user', false, 'User'
569 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
570 'All users', created['uuid'], 'arvados#group', true, 'Group'
572 verify_link response_items, 'arvados#repository', false, 'permission', 'can_write',
573 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
575 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
576 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
578 # invoke setup with a repository
580 openid_prefix: 'http://www.example.com/account',
581 repo_name: 'new_repo',
582 uuid: created['uuid']
585 assert_response :success
587 response_items = JSON.parse(@response.body)['items']
588 created = find_obj_in_resp response_items, 'User', nil
590 assert_equal 'foo@example.com', created['email'], 'expected input email'
593 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
594 'All users', created['uuid'], 'arvados#group', true, 'Group'
596 verify_link response_items, 'arvados#repository', true, 'permission', 'can_write',
597 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository'
599 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
600 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
602 # invoke setup with a vm_uuid
605 openid_prefix: 'http://www.example.com/account',
609 uuid: created['uuid']
612 assert_response :success
614 response_items = JSON.parse(@response.body)['items']
615 created = find_obj_in_resp response_items, 'User', nil
617 assert_equal created['email'], 'foo@example.com', 'expected original email'
620 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
621 'All users', created['uuid'], 'arvados#group', true, 'Group'
623 # since no repo name in input, we won't get any; even though user has one
624 verify_link response_items, 'arvados#repository', false, 'permission', 'can_write',
625 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository'
627 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
628 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
631 test "setup and unsetup user" do
632 authorize_with :admin
635 repo_name: 'test_repo',
637 user: {email: 'foo@example.com'},
638 openid_prefix: 'https://www.google.com/accounts/o8/id'
641 assert_response :success
642 response_items = JSON.parse(@response.body)['items']
643 created = find_obj_in_resp response_items, 'User', nil
644 assert_not_nil created['uuid'], 'expected uuid for the new user'
645 assert_equal created['email'], 'foo@example.com', 'expected given email'
647 # five extra links: system_group, login, group, repo and vm
648 verify_num_links @all_links_at_start, 5
650 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
651 created['uuid'], created['email'], 'arvados#user', false, 'User'
653 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
654 'All users', created['uuid'], 'arvados#group', true, 'Group'
656 verify_link response_items, 'arvados#repository', true, 'permission', 'can_write',
657 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
659 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
660 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
662 verify_link_existence created['uuid'], created['email'], true, true, true, true, false
664 # now unsetup this user
665 post :unsetup, uuid: created['uuid']
666 assert_response :success
668 created2 = JSON.parse(@response.body)
669 assert_not_nil created2['uuid'], 'expected uuid for the newly created user'
670 assert_equal created['uuid'], created2['uuid'], 'expected uuid not found'
672 verify_link_existence created['uuid'], created['email'], false, false, false, false, false
675 test "unsetup active user" do
676 authorize_with :active
678 assert_response :success
679 active_user = JSON.parse(@response.body)
680 assert_not_nil active_user['uuid'], 'expected uuid for the active user'
681 assert active_user['is_active'], 'expected is_active for active user'
682 assert active_user['is_invited'], 'expected is_invited for active user'
684 verify_link_existence active_user['uuid'], active_user['email'],
685 false, false, false, true, true
687 authorize_with :admin
689 # now unsetup this user
690 post :unsetup, uuid: active_user['uuid']
691 assert_response :success
693 response_user = JSON.parse(@response.body)
694 assert_not_nil response_user['uuid'], 'expected uuid for the upsetup user'
695 assert_equal active_user['uuid'], response_user['uuid'], 'expected uuid not found'
696 assert !response_user['is_active'], 'expected user to be inactive'
697 assert !response_user['is_invited'], 'expected user to be uninvited'
699 verify_link_existence response_user['uuid'], response_user['email'],
700 false, false, false, false, false
703 def verify_num_links (original_links, expected_additional_links)
705 assert_equal expected_additional_links, Link.all.size-original_links.size,
706 "Expected #{expected_additional_links.inspect} more links"
709 def find_obj_in_resp (response_items, object_type, head_kind=nil)
711 response_items.each { |x|
716 if object_type == 'User'
721 else # looking for a link
722 if x['head_kind'] == head_kind
731 def verify_link(response_items, link_object_name, expect_link, link_class,
732 link_name, head_uuid, tail_uuid, head_kind, fetch_object, class_name)
734 link = find_obj_in_resp response_items, 'Link', link_object_name
737 assert_nil link, "Expected no link for #{link_object_name}"
741 assert_not_nil link, "Expected link for #{link_object_name}"
744 object = Object.const_get(class_name).where(name: head_uuid)
745 assert [] != object, "expected #{class_name} with name #{head_uuid}"
746 head_uuid = object.first[:uuid]
748 assert_equal link['link_class'], link_class,
749 "did not find expected link_class for #{link_object_name}"
751 assert_equal link['name'], link_name,
752 "did not find expected link_name for #{link_object_name}"
754 assert_equal link['tail_uuid'], tail_uuid,
755 "did not find expected tail_uuid for #{link_object_name}"
757 assert_equal link['head_kind'], head_kind,
758 "did not find expected head_kind for #{link_object_name}"
760 assert_equal link['head_uuid'], head_uuid,
761 "did not find expected head_uuid for #{link_object_name}"
764 def verify_link_existence uuid, email, expect_oid_login_perms,
765 expect_repo_perms, expect_vm_perms, expect_group_perms, expect_signatures
766 # verify that all links are deleted for the user
767 oid_login_perms = Link.where(tail_uuid: email,
768 head_kind: 'arvados#user',
769 link_class: 'permission',
771 if expect_oid_login_perms
772 assert oid_login_perms.any?, "expected oid_login_perms"
774 assert !oid_login_perms.any?, "expected all oid_login_perms deleted"
777 repo_perms = Link.where(tail_uuid: uuid,
778 head_kind: 'arvados#repository',
779 link_class: 'permission',
782 assert repo_perms.any?, "expected repo_perms"
784 assert !repo_perms.any?, "expected all repo_perms deleted"
787 vm_login_perms = Link.where(tail_uuid: uuid,
788 head_kind: 'arvados#virtualMachine',
789 link_class: 'permission',
792 assert vm_login_perms.any?, "expected vm_login_perms"
794 assert !vm_login_perms.any?, "expected all vm_login_perms deleted"
797 group = Group.where(name: 'All users').select do |g|
798 g[:uuid].match /-f+$/
800 group_read_perms = Link.where(tail_uuid: uuid,
801 head_uuid: group[:uuid],
802 head_kind: 'arvados#group',
803 link_class: 'permission',
805 if expect_group_perms
806 assert group_read_perms.any?, "expected all users group read perms"
808 assert !group_read_perms.any?, "expected all users group perm deleted"
811 signed_uuids = Link.where(link_class: 'signature',
812 tail_kind: 'arvados#user',
816 assert signed_uuids.any?, "expected signatures"
818 assert !signed_uuids.any?, "expected all signatures deleted"
823 def verify_system_group_permission_link_for user_uuid
824 assert_equal 1, Link.where(link_class: 'permission',
826 tail_uuid: system_group_uuid,
827 head_uuid: user_uuid).count