projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
17755: Merge branch 'main' into 17755-add-singularity-to-compute-image
[arvados.git] / services / api / test / integration / groups_test.rb
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: AGPL-3.0
4
5 require 'test_helper'
6
7 class GroupsTest < ActionDispatch::IntegrationTest
8   [[], ['replication_confirmed']].each do |orders|
9     test "results are consistent when provided orders #{orders} is incomplete" do
10       last = nil
11       (0..20).each do
12         get '/arvados/v1/groups/contents',
13           params: {
14             id: groups(:aproject).uuid,
15             filters: [["uuid", "is_a", "arvados#collection"]].to_json,
16             orders: orders.to_json,
17             format: :json,
18           },
19           headers: auth(:active)
20         assert_response :success
21         if last.nil?
22           last = json_response['items']
23         else
24           assert_equal last, json_response['items']
25         end
26       end
27     end
28   end
29
30   test "get all pages of group-owned objects" do
31     limit = 5
32     offset = 0
33     items_available = nil
34     uuid_received = {}
35     owner_received = {}
36     while true
37       get "/arvados/v1/groups/contents",
38         params: {
39           id: groups(:aproject).uuid,
40           limit: limit,
41           offset: offset,
42           format: :json,
43         },
44         headers: auth(:active)
45
46       assert_response :success
47       assert_operator(0, :<, json_response['items'].count,
48                       "items_available=#{items_available} but received 0 "\
49                       "items with offset=#{offset}")
50       items_available ||= json_response['items_available']
51       assert_equal(items_available, json_response['items_available'],
52                    "items_available changed between page #{offset/limit} "\
53                    "and page #{1+offset/limit}")
54       json_response['items'].each do |item|
55         uuid = item['uuid']
56         assert_equal(nil, uuid_received[uuid],
57                      "Received '#{uuid}' again on page #{1+offset/limit}")
58         uuid_received[uuid] = true
59         owner_received[item['owner_uuid']] = true
60         offset += 1
61         assert_equal groups(:aproject).uuid, item['owner_uuid']
62       end
63       break if offset >= items_available
64     end
65   end
66
67   test "group contents with include trash collections" do
68     get "/arvados/v1/groups/contents",
69       params: {
70         include_trash: "true",
71         filters: [["uuid", "is_a", "arvados#collection"]].to_json,
72         limit: 1000
73       },
74       headers: auth(:active)
75     assert_response 200
76
77     coll_uuids = []
78     json_response['items'].each { |c| coll_uuids << c['uuid'] }
79     assert_includes coll_uuids, collections(:foo_collection_in_aproject).uuid
80     assert_includes coll_uuids, collections(:expired_collection).uuid
81   end
82
83   test "group contents without trash collections" do
84     get "/arvados/v1/groups/contents",
85       params: {
86         filters: [["uuid", "is_a", "arvados#collection"]].to_json,
87         limit: 1000
88       },
89       headers: auth(:active)
90     assert_response 200
91
92     coll_uuids = []
93     json_response['items'].each { |c| coll_uuids << c['uuid'] }
94     assert_includes coll_uuids, collections(:foo_collection_in_aproject).uuid
95     assert_not_includes coll_uuids, collections(:expired_collection).uuid
96   end
97
98   test "unsharing a project results in hiding it from previously shared user" do
99     # remove sharing link for project
100     delete "/arvados/v1/links/#{links(:share_starred_project_with_project_viewer).uuid}", headers: auth(:admin)
101     assert_response 200
102
103     # verify that the user can no longer see the project
104     get "/arvados/v1/groups",
105       params: {
106         filters: [['group_class', '=', 'project']].to_json,
107         limit: 1000
108       }, headers: auth(:project_viewer)
109     assert_response 200
110     found_projects = {}
111     json_response['items'].each do |g|
112       found_projects[g['uuid']] = g
113     end
114     assert_equal false, found_projects.include?(groups(:starred_and_shared_active_user_project).uuid)
115
116     # share the project
117     post "/arvados/v1/links", params: {
118       link: {
119         link_class: "permission",
120         name: "can_read",
121         head_uuid: groups(:starred_and_shared_active_user_project).uuid,
122         tail_uuid: users(:project_viewer).uuid,
123       }
124     }, headers: auth(:system_user)
125     assert_response 200
126     assert_equal 'permission', json_response['link_class']
127
128     # verify that project_viewer user can now see shared project again
129     get "/arvados/v1/groups", params: {
130       filters: [['group_class', '=', 'project']].to_json,
131       limit: 1000
132     }, headers: auth(:project_viewer)
133     assert_response 200
134     found_projects = {}
135     json_response['items'].each do |g|
136       found_projects[g['uuid']] = g
137     end
138     assert_equal true, found_projects.include?(groups(:starred_and_shared_active_user_project).uuid)
139   end
140
141   test 'count none works with offset' do
142     first_results = nil
143     (0..10).each do |offset|
144       get "/arvados/v1/groups/contents", params: {
145         id: groups(:aproject).uuid,
146         offset: offset,
147         format: :json,
148         order: :uuid,
149         count: :none,
150       }, headers: auth(:active)
151       assert_response :success
152       assert_nil json_response['items_available']
153       if first_results.nil?
154         first_results = json_response['items']
155       else
156         assert_equal first_results[offset]['uuid'], json_response['items'][0]['uuid']
157       end
158     end
159   end
160 end
161
162 class NonTransactionalGroupsTest < ActionDispatch::IntegrationTest
163   # Transactional tests are disabled to be able to test the concurrent
164   # asynchronous permissions update feature.
165   # This is needed because nested transactions share the connection pool, so
166   # one thread is locked while trying to talk to the database, until the other
167   # one finishes.
168   self.use_transactional_tests = false
169
170   teardown do
171     # Explicitly reset the database after each test.
172     post '/database/reset', params: {}, headers: auth(:admin)
173     assert_response :success
174   end
175
176   test "create request with async=true does not defer permissions update" do
177     Rails.configuration.API.AsyncPermissionsUpdateInterval = 1 # second
178     name = "Random group #{rand(1000)}"
179     assert_equal nil, Group.find_by_name(name)
180
181     # Following the implementation of incremental permission updates
182     # (#16007) the async flag is now a no-op.  Permission changes are
183     # visible immediately.
184
185     # Trigger the asynchronous permission update by using async=true parameter.
186     post "/arvados/v1/groups",
187       params: {
188         group: {
189           name: name,
190           group_class: "project"
191         },
192         async: true
193       },
194       headers: auth(:active)
195     assert_response 202
196
197     # The group exists in the database
198     assert_not_nil Group.find_by_name(name)
199     get "/arvados/v1/groups",
200       params: {
201         filters: [["name", "=", name]].to_json,
202         limit: 10
203       },
204       headers: auth(:active)
205     assert_response 200
206     assert_equal 1, json_response['items_available']
207
208     # Wait a bit and try again.
209     sleep(1)
210     get "/arvados/v1/groups",
211       params: {
212         filters: [["name", "=", name]].to_json,
213         limit: 10
214       },
215       headers: auth(:active)
216     assert_response 200
217     assert_equal 1, json_response['items_available']
218   end
219 end