3 class Arvados::V1::UsersControllerTest < ActionController::TestCase
4 include CurrentApiClient
7 @all_links_at_start = Link.all
8 @vm_uuid = virtual_machines(:testvm).uuid
11 test "activate a user after signing UA" do
12 authorize_with :inactive_but_signed_user_agreement
13 post :activate, id: users(:inactive_but_signed_user_agreement).uuid
14 assert_response :success
15 assert_not_nil assigns(:object)
16 me = JSON.parse(@response.body)
17 assert_equal true, me['is_active']
20 test "refuse to activate a user before signing UA" do
22 required_uuids = Link.where("owner_uuid = ? and link_class = ? and name = ? and tail_uuid = ? and head_uuid like ?",
27 Collection.uuid_like_pattern).
30 assert required_uuids.length > 0
32 signed_uuids = Link.where(owner_uuid: system_user_uuid,
33 link_class: 'signature',
35 tail_uuid: users(:inactive).uuid,
36 head_uuid: required_uuids).
39 assert_equal 0, signed_uuids.length
42 authorize_with :inactive
44 post :activate, id: users(:inactive).uuid
47 response_body = JSON.parse(@response.body)
48 assert response_body['errors'].first.include? 'Cannot activate without user agreements'
51 test "activate an already-active user" do
52 authorize_with :active
53 post :activate, id: users(:active).uuid
54 assert_response :success
55 me = JSON.parse(@response.body)
56 assert_equal true, me['is_active']
59 test "respond 401 if given token exists but user record is missing" do
60 authorize_with :valid_token_deleted_user
61 get :current, {format: :json}
65 test "create new user with user as input" do
68 first_name: "test_first_name",
69 last_name: "test_last_name",
70 email: "foo@example.com"
72 assert_response :success
73 created = JSON.parse(@response.body)
74 assert_equal 'test_first_name', created['first_name']
75 assert_not_nil created['uuid'], 'expected uuid for the newly created user'
76 assert_not_nil created['email'], 'expected non-nil email'
77 assert_nil created['identity_url'], 'expected no identity_url'
80 test "create user with user, vm and repo as input" do
82 repo_name = 'test_repo'
86 openid_prefix: 'https://www.google.com/accounts/o8/id',
88 uuid: 'zzzzz-tpzed-abcdefghijklmno',
89 first_name: "in_create_test_first_name",
90 last_name: "test_last_name",
91 email: "foo@example.com"
94 assert_response :success
95 response_items = JSON.parse(@response.body)['items']
97 created = find_obj_in_resp response_items, 'User', nil
99 assert_equal 'in_create_test_first_name', created['first_name']
100 assert_not_nil created['uuid'], 'expected non-null uuid for the new user'
101 assert_equal 'zzzzz-tpzed-abcdefghijklmno', created['uuid']
102 assert_not_nil created['email'], 'expected non-nil email'
103 assert_nil created['identity_url'], 'expected no identity_url'
105 # arvados#user, repo link and link add user to 'All users' group
106 verify_num_links @all_links_at_start, 4
108 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
109 created['uuid'], created['email'], 'arvados#user', false, 'User'
111 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
112 repo_name, created['uuid'], 'arvados#repository', true, 'Repository'
114 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
115 'All users', created['uuid'], 'arvados#group', true, 'Group'
117 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
118 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
120 verify_system_group_permission_link_for created['uuid']
123 test "setup user with bogus uuid and expect error" do
124 authorize_with :admin
128 repo_name: 'test_repo',
131 response_body = JSON.parse(@response.body)
132 response_errors = response_body['errors']
133 assert_not_nil response_errors, 'Expected error in response'
134 assert (response_errors.first.include? 'Path not found'), 'Expected 404'
137 test "setup user with bogus uuid in user and expect error" do
138 authorize_with :admin
141 user: {uuid: 'bogus_uuid'},
142 repo_name: 'test_repo',
144 openid_prefix: 'https://www.google.com/accounts/o8/id'
146 response_body = JSON.parse(@response.body)
147 response_errors = response_body['errors']
148 assert_not_nil response_errors, 'Expected error in response'
149 assert (response_errors.first.include? 'ArgumentError: Require user email'),
150 'Expected RuntimeError'
153 test "setup user with no uuid and user, expect error" do
154 authorize_with :admin
157 repo_name: 'test_repo',
159 openid_prefix: 'https://www.google.com/accounts/o8/id'
161 response_body = JSON.parse(@response.body)
162 response_errors = response_body['errors']
163 assert_not_nil response_errors, 'Expected error in response'
164 assert (response_errors.first.include? 'Required uuid or user'),
165 'Expected ArgumentError'
168 test "setup user with no uuid and email, expect error" do
169 authorize_with :admin
173 repo_name: 'test_repo',
175 openid_prefix: 'https://www.google.com/accounts/o8/id'
177 response_body = JSON.parse(@response.body)
178 response_errors = response_body['errors']
179 assert_not_nil response_errors, 'Expected error in response'
180 assert (response_errors.first.include? '<ArgumentError: Require user email'),
181 'Expected ArgumentError'
184 test "invoke setup with existing uuid, vm and repo and verify links" do
185 authorize_with :admin
186 inactive_user = users(:inactive)
189 uuid: users(:inactive).uuid,
190 repo_name: 'test_repo',
194 assert_response :success
196 response_items = JSON.parse(@response.body)['items']
197 resp_obj = find_obj_in_resp response_items, 'User', nil
199 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
200 assert_equal inactive_user['uuid'], resp_obj['uuid']
201 assert_equal inactive_user['email'], resp_obj['email'],
202 'expecting inactive user email'
204 # expect repo and vm links
205 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
206 'test_repo', resp_obj['uuid'], 'arvados#repository', true, 'Repository'
208 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
209 @vm_uuid, resp_obj['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
212 test "invoke setup with existing uuid in user, verify response" do
213 authorize_with :admin
214 inactive_user = users(:inactive)
217 user: {uuid: inactive_user['uuid']},
218 openid_prefix: 'https://www.google.com/accounts/o8/id'
221 assert_response :success
223 response_items = JSON.parse(@response.body)['items']
224 resp_obj = find_obj_in_resp response_items, 'User', nil
226 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
227 assert_equal inactive_user['uuid'], resp_obj['uuid']
228 assert_equal inactive_user['email'], resp_obj['email'],
229 'expecting inactive user email'
232 test "invoke setup with existing uuid but different email, expect original email" do
233 authorize_with :admin
234 inactive_user = users(:inactive)
237 uuid: inactive_user['uuid'],
238 user: {email: 'junk_email'}
241 assert_response :success
243 response_items = JSON.parse(@response.body)['items']
244 resp_obj = find_obj_in_resp response_items, 'User', nil
246 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
247 assert_equal inactive_user['uuid'], resp_obj['uuid']
248 assert_equal inactive_user['email'], resp_obj['email'],
249 'expecting inactive user email'
252 test "setup user with valid email and repo as input" do
253 authorize_with :admin
256 repo_name: 'test_repo',
257 user: {email: 'foo@example.com'},
258 openid_prefix: 'https://www.google.com/accounts/o8/id'
261 assert_response :success
262 response_items = JSON.parse(@response.body)['items']
263 response_object = find_obj_in_resp response_items, 'User', nil
264 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
265 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
267 # four extra links; system_group, login, group and repo perms
268 verify_num_links @all_links_at_start, 4
271 test "setup user with fake vm and expect error" do
272 authorize_with :admin
275 repo_name: 'test_repo',
276 vm_uuid: 'no_such_vm',
277 user: {email: 'foo@example.com'},
278 openid_prefix: 'https://www.google.com/accounts/o8/id'
281 response_body = JSON.parse(@response.body)
282 response_errors = response_body['errors']
283 assert_not_nil response_errors, 'Expected error in response'
284 assert (response_errors.first.include? "No vm found for no_such_vm"),
285 'Expected RuntimeError: No vm found for no_such_vm'
288 test "setup user with valid email, repo and real vm as input" do
289 authorize_with :admin
292 repo_name: 'test_repo',
293 openid_prefix: 'https://www.google.com/accounts/o8/id',
295 user: {email: 'foo@example.com'}
298 assert_response :success
299 response_items = JSON.parse(@response.body)['items']
300 response_object = find_obj_in_resp response_items, 'User', nil
301 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
302 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
304 # five extra links; system_group, login, group, vm, repo
305 verify_num_links @all_links_at_start, 5
308 test "setup user with valid email, no vm and no repo as input" do
309 authorize_with :admin
312 user: {email: 'foo@example.com'},
313 openid_prefix: 'https://www.google.com/accounts/o8/id'
316 assert_response :success
317 response_items = JSON.parse(@response.body)['items']
318 response_object = find_obj_in_resp response_items, 'User', nil
319 assert_not_nil response_object['uuid'], 'expected uuid for new user'
320 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
322 # three extra links; system_group, login, and group
323 verify_num_links @all_links_at_start, 3
325 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
326 response_object['uuid'], response_object['email'], 'arvados#user', false, 'User'
328 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
329 'All users', response_object['uuid'], 'arvados#group', true, 'Group'
331 verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
332 'test_repo', response_object['uuid'], 'arvados#repository', true, 'Repository'
334 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
335 nil, response_object['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
338 test "setup user with email, first name, repo name and vm uuid" do
339 authorize_with :admin
342 openid_prefix: 'https://www.google.com/accounts/o8/id',
343 repo_name: 'test_repo',
346 first_name: 'test_first_name',
347 email: 'foo@example.com'
351 assert_response :success
352 response_items = JSON.parse(@response.body)['items']
353 response_object = find_obj_in_resp response_items, 'User', nil
354 assert_not_nil response_object['uuid'], 'expected uuid for new user'
355 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
356 assert_equal 'test_first_name', response_object['first_name'],
357 'expecting first name'
359 # five extra links; system_group, login, group, repo and vm
360 verify_num_links @all_links_at_start, 5
363 test "setup user with an exising user email and check different object is created" do
364 authorize_with :admin
365 inactive_user = users(:inactive)
368 openid_prefix: 'https://www.google.com/accounts/o8/id',
369 repo_name: 'test_repo',
371 email: inactive_user['email']
375 assert_response :success
376 response_items = JSON.parse(@response.body)['items']
377 response_object = find_obj_in_resp response_items, 'User', nil
378 assert_not_nil response_object['uuid'], 'expected uuid for new user'
379 assert_not_equal response_object['uuid'], inactive_user['uuid'],
380 'expected different uuid after create operation'
381 assert_equal inactive_user['email'], response_object['email'], 'expected given email'
382 # system_group, openid, group, and repo. No vm link.
383 verify_num_links @all_links_at_start, 4
386 test "setup user with openid prefix" do
387 authorize_with :admin
390 repo_name: 'test_repo',
391 openid_prefix: 'http://www.example.com/account',
393 first_name: "in_create_test_first_name",
394 last_name: "test_last_name",
395 email: "foo@example.com"
399 assert_response :success
401 response_items = JSON.parse(@response.body)['items']
402 created = find_obj_in_resp response_items, 'User', nil
404 assert_equal 'in_create_test_first_name', created['first_name']
405 assert_not_nil created['uuid'], 'expected uuid for new user'
406 assert_not_nil created['email'], 'expected non-nil email'
407 assert_nil created['identity_url'], 'expected no identity_url'
410 # four new links: system_group, arvados#user, repo, and 'All users' group.
411 verify_num_links @all_links_at_start, 4
413 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
414 created['uuid'], created['email'], 'arvados#user', false, 'User'
416 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
417 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
419 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
420 'All users', created['uuid'], 'arvados#group', true, 'Group'
422 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
423 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
426 test "invoke setup with no openid prefix, expect error" do
427 authorize_with :admin
430 repo_name: 'test_repo',
432 first_name: "in_create_test_first_name",
433 last_name: "test_last_name",
434 email: "foo@example.com"
438 response_body = JSON.parse(@response.body)
439 response_errors = response_body['errors']
440 assert_not_nil response_errors, 'Expected error in response'
441 assert (response_errors.first.include? 'openid_prefix parameter is missing'),
442 'Expected ArgumentError'
445 test "setup user with user, vm and repo and verify links" do
446 authorize_with :admin
450 first_name: "in_create_test_first_name",
451 last_name: "test_last_name",
452 email: "foo@example.com"
455 repo_name: 'test_repo',
456 openid_prefix: 'https://www.google.com/accounts/o8/id'
459 assert_response :success
461 response_items = JSON.parse(@response.body)['items']
462 created = find_obj_in_resp response_items, 'User', nil
464 assert_equal 'in_create_test_first_name', created['first_name']
465 assert_not_nil created['uuid'], 'expected uuid for new user'
466 assert_not_nil created['email'], 'expected non-nil email'
467 assert_nil created['identity_url'], 'expected no identity_url'
469 # five new links: system_group, arvados#user, repo, vm and 'All
471 verify_num_links @all_links_at_start, 5
473 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
474 created['uuid'], created['email'], 'arvados#user', false, 'User'
476 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
477 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
479 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
480 'All users', created['uuid'], 'arvados#group', true, 'Group'
482 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
483 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
486 test "create user as non admin user and expect error" do
487 authorize_with :active
490 user: {email: 'foo@example.com'}
493 response_body = JSON.parse(@response.body)
494 response_errors = response_body['errors']
495 assert_not_nil response_errors, 'Expected error in response'
496 assert (response_errors.first.include? 'PermissionDenied'),
497 'Expected PermissionDeniedError'
500 test "setup user as non admin user and expect error" do
501 authorize_with :active
504 openid_prefix: 'https://www.google.com/accounts/o8/id',
505 user: {email: 'foo@example.com'}
508 response_body = JSON.parse(@response.body)
509 response_errors = response_body['errors']
510 assert_not_nil response_errors, 'Expected error in response'
511 assert (response_errors.first.include? 'Forbidden'),
512 'Expected Forbidden error'
515 test "setup active user with repo and no vm" do
516 authorize_with :admin
517 active_user = users(:active)
519 # invoke setup with a repository
521 repo_name: 'new_repo',
522 uuid: active_user['uuid']
525 assert_response :success
527 response_items = JSON.parse(@response.body)['items']
528 created = find_obj_in_resp response_items, 'User', nil
530 assert_equal active_user[:email], created['email'], 'expected input email'
533 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
534 'All users', created['uuid'], 'arvados#group', true, 'Group'
536 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
537 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository'
539 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
540 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
543 test "setup active user with vm and no repo" do
544 authorize_with :admin
545 active_user = users(:active)
547 # invoke setup with a repository
550 uuid: active_user['uuid'],
554 assert_response :success
556 response_items = JSON.parse(@response.body)['items']
557 created = find_obj_in_resp response_items, 'User', nil
559 assert_equal active_user['email'], created['email'], 'expected original email'
562 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
563 'All users', created['uuid'], 'arvados#group', true, 'Group'
565 verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
566 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository'
568 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
569 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
572 test "unsetup active user" do
573 active_user = users(:active)
574 assert_not_nil active_user['uuid'], 'expected uuid for the active user'
575 assert active_user['is_active'], 'expected is_active for active user'
577 verify_link_existence active_user['uuid'], active_user['email'],
578 false, true, false, true, true
580 authorize_with :admin
582 # now unsetup this user
583 post :unsetup, id: active_user['uuid']
584 assert_response :success
586 response_user = JSON.parse(@response.body)
587 assert_not_nil response_user['uuid'], 'expected uuid for the upsetup user'
588 assert_equal active_user['uuid'], response_user['uuid'], 'expected uuid not found'
589 assert !response_user['is_active'], 'expected user to be inactive'
590 assert !response_user['is_invited'], 'expected user to be uninvited'
592 verify_link_existence response_user['uuid'], response_user['email'],
593 false, false, false, false, false
595 active_user = User.find_by_uuid(users(:active).uuid)
596 readable_groups = active_user.groups_i_can(:read)
597 all_users_group = Group.all.collect(&:uuid).select { |g| g.match /-f+$/ }
598 refute_includes(readable_groups, all_users_group,
599 "active user can read All Users group after being deactivated")
600 assert_equal(false, active_user.is_invited,
601 "active user is_invited after being deactivated & reloaded")
604 test "setup user with send notification param false and verify no email" do
605 authorize_with :admin
608 openid_prefix: 'http://www.example.com/account',
609 send_notification_email: 'false',
611 email: "foo@example.com"
615 assert_response :success
616 response_items = JSON.parse(@response.body)['items']
617 created = find_obj_in_resp response_items, 'User', nil
618 assert_not_nil created['uuid'], 'expected uuid for the new user'
619 assert_equal created['email'], 'foo@example.com', 'expected given email'
621 setup_email = ActionMailer::Base.deliveries.last
622 assert_nil setup_email, 'expected no setup email'
625 test "setup user with send notification param true and verify email" do
626 authorize_with :admin
629 openid_prefix: 'http://www.example.com/account',
630 send_notification_email: 'true',
632 email: "foo@example.com"
636 assert_response :success
637 response_items = JSON.parse(@response.body)['items']
638 created = find_obj_in_resp response_items, 'User', nil
639 assert_not_nil created['uuid'], 'expected uuid for the new user'
640 assert_equal created['email'], 'foo@example.com', 'expected given email'
642 setup_email = ActionMailer::Base.deliveries.last
643 assert_not_nil setup_email, 'Expected email after setup'
645 assert_equal Rails.configuration.user_notifier_email_from, setup_email.from[0]
646 assert_equal 'foo@example.com', setup_email.to[0]
647 assert_equal 'Welcome to Curoverse', setup_email.subject
648 assert (setup_email.body.to_s.include? 'Your Arvados account has been set up'),
649 'Expected Your Arvados account has been set up in email body'
650 assert (setup_email.body.to_s.include? 'foo@example.com'),
651 'Expected user email in email body'
652 assert (setup_email.body.to_s.include? Rails.configuration.workbench_address),
653 'Expected workbench url in email body'
656 test "non-admin user can get basic information about readable users" do
657 authorize_with :spectator
659 check_non_admin_index
660 check_readable_users_index [:spectator], [:inactive, :active]
663 test "non-admin user gets only safe attributes from users#show" do
664 g = act_as_system_user do
667 users = create_list :active_user, 2, join_groups: [g]
668 token = create :token, user: users[0]
669 authorize_with_token token
670 get :show, id: users[1].uuid
674 test "non-admin user can limit index" do
675 g = act_as_system_user do
678 users = create_list :active_user, 4, join_groups: [g]
679 token = create :token, user: users[0]
681 [2, 4].each do |limit|
682 authorize_with_token token
683 get(:index, limit: limit)
684 check_non_admin_index
685 assert_equal(limit, json_response["items"].size,
686 "non-admin index limit was ineffective")
690 test "admin has full index powers" do
691 authorize_with :admin
692 check_inactive_user_findable
695 test "reader token can grant admin index powers" do
696 authorize_with :spectator
697 check_inactive_user_findable(reader_tokens: [api_token(:admin)])
700 test "admin can filter on user.is_active" do
701 authorize_with :admin
702 get(:index, filters: [["is_active", "=", "true"]])
703 assert_response :success
704 check_readable_users_index [:active, :spectator], [:inactive]
707 test "admin can search where user.is_active" do
708 authorize_with :admin
709 get(:index, where: {is_active: true})
710 assert_response :success
711 check_readable_users_index [:active, :spectator], [:inactive]
714 test "update active_no_prefs user profile and expect notification email" do
715 authorize_with :admin
718 id: users(:active_no_prefs).uuid,
720 prefs: {:profile => {'organization' => 'example.com'}}
723 assert_response :success
726 ActionMailer::Base.deliveries.andand.each do |email|
727 if email.subject == "Profile created by #{users(:active_no_prefs).email}"
732 assert_equal true, found_email, 'Expected email after creating profile'
735 test "update active_no_prefs_profile user profile and expect notification email" do
736 authorize_with :admin
739 user[:prefs] = users(:active_no_prefs_profile).prefs
740 user[:prefs][:profile] = {:profile => {'organization' => 'example.com'}}
742 id: users(:active_no_prefs_profile).uuid,
745 assert_response :success
748 ActionMailer::Base.deliveries.andand.each do |email|
749 if email.subject == "Profile created by #{users(:active_no_prefs_profile).email}"
754 assert_equal true, found_email, 'Expected email after creating profile'
757 test "update active user profile and expect no notification email" do
758 authorize_with :admin
761 id: users(:active).uuid,
763 prefs: {:profile => {'organization' => 'anotherexample.com'}}
766 assert_response :success
769 ActionMailer::Base.deliveries.andand.each do |email|
770 if email.subject == "Profile created by #{users(:active).email}"
775 assert_equal false, found_email, 'Expected no email after updating profile'
779 NON_ADMIN_USER_DATA = ["uuid", "kind", "is_active", "email", "first_name",
782 def check_non_admin_index
783 assert_response :success
784 response_items = json_response["items"]
785 assert_not_nil response_items
786 response_items.each do |user_data|
787 check_non_admin_item user_data
788 assert(user_data["is_active"], "non-admin index returned inactive user")
792 def check_non_admin_show
793 assert_response :success
794 check_non_admin_item json_response
797 def check_non_admin_item user_data
798 assert_equal(NON_ADMIN_USER_DATA, user_data.keys.sort,
799 "data in response had missing or extra attributes")
800 assert_equal("arvados#user", user_data["kind"])
804 def check_readable_users_index expect_present, expect_missing
805 response_uuids = json_response["items"].map { |u| u["uuid"] }
806 expect_present.each do |user_key|
807 assert_includes(response_uuids, users(user_key).uuid,
808 "#{user_key} missing from index")
810 expect_missing.each do |user_key|
811 refute_includes(response_uuids, users(user_key).uuid,
812 "#{user_key} included in index")
816 def check_inactive_user_findable(params={})
817 inactive_user = users(:inactive)
818 get(:index, params.merge(filters: [["email", "=", inactive_user.email]]))
819 assert_response :success
820 user_list = json_response["items"]
821 assert_equal(1, user_list.andand.count)
822 # This test needs to check a column non-admins have no access to,
823 # to ensure that admins see all user information.
824 assert_equal(inactive_user.identity_url, user_list.first["identity_url"],
825 "admin's filtered index did not return inactive user")
828 def verify_num_links (original_links, expected_additional_links)
830 assert_equal expected_additional_links, Link.all.size-original_links.size,
831 "Expected #{expected_additional_links.inspect} more links"
834 def find_obj_in_resp (response_items, object_type, head_kind=nil)
837 response_items.each { |x|
842 if object_type == 'User'
843 if ArvadosModel::resource_class_for_uuid(x['uuid']) == User
847 else # looking for a link
848 if x['head_uuid'] and ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind
857 def verify_link(response_items, link_object_name, expect_link, link_class,
858 link_name, head_uuid, tail_uuid, head_kind, fetch_object, class_name)
860 link = find_obj_in_resp response_items, 'Link', link_object_name
863 assert_nil link, "Expected no link for #{link_object_name}"
867 assert_not_nil link, "Expected link for #{link_object_name}"
870 object = Object.const_get(class_name).where(name: head_uuid)
871 assert [] != object, "expected #{class_name} with name #{head_uuid}"
872 head_uuid = object.first[:uuid]
874 assert_equal link_class, link['link_class'],
875 "did not find expected link_class for #{link_object_name}"
877 assert_equal link_name, link['name'],
878 "did not find expected link_name for #{link_object_name}"
880 assert_equal tail_uuid, link['tail_uuid'],
881 "did not find expected tail_uuid for #{link_object_name}"
883 assert_equal head_kind, link['head_kind'],
884 "did not find expected head_kind for #{link_object_name}"
886 assert_equal head_uuid, link['head_uuid'],
887 "did not find expected head_uuid for #{link_object_name}"
890 def verify_link_existence uuid, email, expect_oid_login_perms,
891 expect_repo_perms, expect_vm_perms, expect_group_perms, expect_signatures
892 # verify that all links are deleted for the user
893 oid_login_perms = Link.where(tail_uuid: email,
894 link_class: 'permission',
895 name: 'can_login').where("head_uuid like ?", User.uuid_like_pattern)
896 if expect_oid_login_perms
897 assert oid_login_perms.any?, "expected oid_login_perms"
899 assert !oid_login_perms.any?, "expected all oid_login_perms deleted"
902 repo_perms = Link.where(tail_uuid: uuid,
903 link_class: 'permission',
904 name: 'can_manage').where("head_uuid like ?", Repository.uuid_like_pattern)
906 assert repo_perms.any?, "expected repo_perms"
908 assert !repo_perms.any?, "expected all repo_perms deleted"
911 vm_login_perms = Link.
912 where(tail_uuid: uuid,
913 link_class: 'permission',
915 where("head_uuid like ?",
916 VirtualMachine.uuid_like_pattern).
918 links(:auto_setup_vm_login_username_can_login_to_test_vm).uuid)
920 assert vm_login_perms.any?, "expected vm_login_perms"
922 assert !vm_login_perms.any?, "expected all vm_login_perms deleted"
925 group = Group.where(name: 'All users').select do |g|
926 g[:uuid].match /-f+$/
928 group_read_perms = Link.where(tail_uuid: uuid,
929 head_uuid: group[:uuid],
930 link_class: 'permission',
932 if expect_group_perms
933 assert group_read_perms.any?, "expected all users group read perms"
935 assert !group_read_perms.any?, "expected all users group perm deleted"
938 signed_uuids = Link.where(link_class: 'signature',
942 assert signed_uuids.any?, "expected signatures"
944 assert !signed_uuids.any?, "expected all signatures deleted"
949 def verify_system_group_permission_link_for user_uuid
950 assert_equal 1, Link.where(link_class: 'permission',
952 tail_uuid: system_group_uuid,
953 head_uuid: user_uuid).count