3 class Arvados::V1::GroupsControllerTest < ActionController::TestCase
5 test "attempt to delete group without read or write access" do
7 post :destroy, id: groups(:empty_lonely_group).uuid
11 test "attempt to delete group without write access" do
12 authorize_with :active
13 post :destroy, id: groups(:all_users).uuid
17 test "get list of projects" do
18 authorize_with :active
19 get :index, filters: [['group_class', '=', 'project']], format: :json
20 assert_response :success
22 json_response['items'].each do |group|
23 assert_equal 'project', group['group_class']
24 group_uuids << group['uuid']
26 assert_includes group_uuids, groups(:aproject).uuid
27 assert_includes group_uuids, groups(:asubproject).uuid
28 assert_not_includes group_uuids, groups(:system_group).uuid
29 assert_not_includes group_uuids, groups(:private).uuid
32 test "get list of groups that are not projects" do
33 authorize_with :active
34 get :index, filters: [['group_class', '=', nil]], format: :json
35 assert_response :success
37 json_response['items'].each do |group|
38 assert_equal nil, group['group_class']
39 group_uuids << group['uuid']
41 assert_not_includes group_uuids, groups(:aproject).uuid
42 assert_not_includes group_uuids, groups(:asubproject).uuid
43 assert_includes group_uuids, groups(:private).uuid
46 test "get list of groups with bogus group_class" do
47 authorize_with :active
49 filters: [['group_class', '=', 'nogrouphasthislittleclass']],
52 assert_response :success
53 assert_equal [], json_response['items']
54 assert_equal 0, json_response['items_available']
57 def check_project_contents_response
58 assert_response :success
59 assert_operator 2, :<=, json_response['items_available']
60 assert_operator 2, :<=, json_response['items'].count
61 kinds = json_response['items'].collect { |i| i['kind'] }.uniq
62 expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job'
63 assert_equal expect_kinds, (expect_kinds & kinds)
65 json_response['items'].each do |i|
66 if i['kind'] == 'arvados#group'
67 assert(i['group_class'] == 'project',
68 "group#contents returned a non-project group")
73 test 'get group-owned objects' do
74 authorize_with :active
76 id: groups(:aproject).uuid,
80 check_project_contents_response
83 test "user with project read permission can see project objects" do
84 authorize_with :project_viewer
86 id: groups(:aproject).uuid,
90 check_project_contents_response
93 [false, true].each do |include_linked|
94 test "list objects across projects, include_linked=#{include_linked}" do
95 authorize_with :project_viewer
98 include_linked: include_linked,
99 filters: [['uuid', 'is_a', 'arvados#specimen']]
101 assert_response :success
102 found_uuids = json_response['items'].collect { |i| i['uuid'] }
103 [[:in_aproject, true],
104 [:in_asubproject, true],
105 [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
107 assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
109 refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
115 [false, true].each do |include_linked|
116 test "list objects in home project, include_linked=#{include_linked}" do
117 authorize_with :active
120 id: users(:active).uuid,
121 include_linked: include_linked,
123 assert_response :success
124 found_uuids = json_response['items'].collect { |i| i['uuid'] }
126 assert_includes found_uuids, collections(:empty).uuid, "empty collection did not appear in home project"
128 assert_includes found_uuids, specimens(:owned_by_active_user).uuid, "specimen did not appear in home project"
129 refute_includes found_uuids, specimens(:in_asubproject).uuid, "specimen appeared unexpectedly in home project"
133 test "user with project read permission can see project collections" do
134 authorize_with :project_viewer
136 id: groups(:asubproject).uuid,
138 include_linked: true,
140 ids = json_response['items'].map { |item| item["uuid"] }
141 assert_includes ids, collections(:baz_file).uuid
144 test 'list objects across multiple projects' do
145 authorize_with :project_viewer
148 include_linked: false,
149 filters: [['uuid', 'is_a', 'arvados#specimen']]
151 assert_response :success
152 found_uuids = json_response['items'].collect { |i| i['uuid'] }
153 [[:in_aproject, true],
154 [:in_asubproject, true],
155 [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
157 assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
159 refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
164 # Even though the project_viewer tests go through other controllers,
165 # I'm putting them here so they're easy to find alongside the other
167 def check_new_project_link_fails(link_attrs)
168 @controller = Arvados::V1::LinksController.new
169 post :create, link: {
170 link_class: "permission",
172 head_uuid: groups(:aproject).uuid,
174 assert_includes(403..422, response.status)
177 test "user with project read permission can't add users to it" do
178 authorize_with :project_viewer
179 check_new_project_link_fails(tail_uuid: users(:spectator).uuid)
182 test "user with project read permission can't add items to it" do
183 authorize_with :project_viewer
184 check_new_project_link_fails(tail_uuid: collections(:baz_file).uuid)
187 test "user with project read permission can't rename items in it" do
188 authorize_with :project_viewer
189 @controller = Arvados::V1::LinksController.new
191 id: links(:job_name_in_aproject).uuid,
192 link: {name: "Denied test name"},
194 assert_includes(403..404, response.status)
197 test "user with project read permission can't remove items from it" do
198 @controller = Arvados::V1::PipelineTemplatesController.new
199 authorize_with :project_viewer
201 id: links(:template_name_in_aproject).head_uuid,
203 owner_uuid: users(:project_viewer).uuid,
209 test "user with project read permission can't delete it" do
210 authorize_with :project_viewer
211 post :destroy, {id: groups(:aproject).uuid}
215 test 'get group-owned objects with limit' do
216 authorize_with :active
218 id: groups(:aproject).uuid,
222 assert_response :success
223 assert_operator 1, :<, json_response['items_available']
224 assert_equal 1, json_response['items'].count
227 test 'get group-owned objects with limit and offset' do
228 authorize_with :active
230 id: groups(:aproject).uuid,
235 assert_response :success
236 assert_operator 1, :<, json_response['items_available']
237 assert_equal 0, json_response['items'].count
240 test 'get group-owned objects with additional filter matching nothing' do
241 authorize_with :active
243 id: groups(:aproject).uuid,
244 filters: [['uuid', 'in', ['foo_not_a_uuid','bar_not_a_uuid']]],
247 assert_response :success
248 assert_equal [], json_response['items']
249 assert_equal 0, json_response['items_available']
252 test 'get group-owned objects without include_linked' do
253 unexpected_uuid = specimens(:in_aproject_linked_from_asubproject).uuid
254 authorize_with :active
256 id: groups(:asubproject).uuid,
259 assert_response :success
260 uuids = json_response['items'].collect { |i| i['uuid'] }
261 assert_equal nil, uuids.index(unexpected_uuid)
264 test 'get group-owned objects with include_linked' do
265 expected_uuid = specimens(:in_aproject_linked_from_asubproject).uuid
266 authorize_with :active
268 id: groups(:asubproject).uuid,
269 include_linked: true,
272 assert_response :success
273 uuids = json_response['items'].collect { |i| i['uuid'] }
274 assert_includes uuids, expected_uuid, "Did not get #{expected_uuid}"
276 expected_name = links(:specimen_is_in_two_projects).name
277 found_specimen_name = false
278 assert(json_response['links'].any?,
279 "Expected a non-empty array of links in response")
280 json_response['links'].each do |link|
281 if link['head_uuid'] == expected_uuid
282 if link['name'] == expected_name
283 found_specimen_name = true
287 assert(found_specimen_name,
288 "Expected to find name '#{expected_name}' in response")
291 [false, true].each do |inc_ind|
292 test "get all pages of group-owned #{'and -linked ' if inc_ind}objects" do
293 authorize_with :active
296 items_available = nil
300 # Behaving badly here, using the same controller multiple
301 # times within a test.
304 id: groups(:aproject).uuid,
305 include_linked: inc_ind,
310 assert_response :success
311 assert_operator(0, :<, json_response['items'].count,
312 "items_available=#{items_available} but received 0 "\
313 "items with offset=#{offset}")
314 items_available ||= json_response['items_available']
315 assert_equal(items_available, json_response['items_available'],
316 "items_available changed between page #{offset/limit} "\
317 "and page #{1+offset/limit}")
318 json_response['items'].each do |item|
320 assert_equal(nil, uuid_received[uuid],
321 "Received '#{uuid}' again on page #{1+offset/limit}")
322 uuid_received[uuid] = true
323 owner_received[item['owner_uuid']] = true
326 assert_equal groups(:aproject).uuid, item['owner_uuid']
329 break if offset >= items_available
332 assert_operator 0, :<, (json_response.keys - [users(:active).uuid]).count,
333 "Set include_linked=true but did not receive any non-owned items"
338 %w(offset limit).each do |arg|
339 ['foo', '', '1234five', '0x10', '-8'].each do |val|
340 test "Raise error on bogus #{arg} parameter #{val.inspect}" do
341 authorize_with :active
343 :id => groups(:aproject).uuid,
352 test 'get writable_by list for owned group' do
353 authorize_with :active
355 id: groups(:aproject).uuid,
358 assert_response :success
359 assert_not_nil(json_response['writable_by'],
360 "Should receive uuid list in 'writable_by' field")
361 assert_includes(json_response['writable_by'], users(:active).uuid,
362 "owner should be included in writable_by list")
365 test 'no writable_by list for group with read-only access' do
366 authorize_with :rominiadmin
368 id: groups(:testusergroup_admins).uuid,
371 assert_response :success
372 assert_nil(json_response['writable_by'],
373 "Should not receive uuid list in 'writable_by' field")
376 test 'get writable_by list by admin user' do
377 authorize_with :admin
379 id: groups(:testusergroup_admins).uuid,
382 assert_response :success
383 assert_not_nil(json_response['writable_by'],
384 "Should receive uuid list in 'writable_by' field")
385 assert_includes(json_response['writable_by'],
387 "Current user should be included in 'writable_by' field")