1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
7 # Test referential integrity: ensure we cannot leave any object
8 # without owners by deleting a user or group.
13 class OwnerTest < ActiveSupport::TestCase
14 fixtures :users, :groups, :specimens
17 set_user_from_auth :admin_trustedclient
22 [User, Group].each do |o_class|
23 test "create object with legit #{o_class} owner" do
25 o = o_class.create! group_class: "project"
29 i = Specimen.create(owner_uuid: o.uuid)
30 assert i.valid?, "new item should pass validation"
31 assert i.uuid, "new item should have an ID"
32 assert Specimen.where(uuid: i.uuid).any?, "new item should really be in DB"
35 test "create object with non-existent #{o_class} owner" do
36 assert_raises(ActiveRecord::RecordInvalid,
37 "create should fail with random owner_uuid") do
38 Specimen.create!(owner_uuid: o_class.generate_uuid)
41 i = Specimen.create(owner_uuid: o_class.generate_uuid)
42 assert !i.valid?, "object with random owner_uuid should not be valid?"
44 i = Specimen.new(owner_uuid: o_class.generate_uuid)
45 assert !i.valid?, "new item should not pass validation"
46 assert !i.uuid, "new item should not have an ID"
49 [User, Group].each do |new_o_class|
50 test "change owner from legit #{o_class} to legit #{new_o_class} owner" do
51 o = if o_class == Group
52 o_class.create! group_class: "project"
56 i = Specimen.create!(owner_uuid: o.uuid)
58 new_o = if new_o_class == Group
59 new_o_class.create! group_class: "project"
64 assert(Specimen.where(uuid: i.uuid).any?,
65 "new item should really be in DB")
66 assert(i.update(owner_uuid: new_o.uuid),
67 "should change owner_uuid from #{o.uuid} to #{new_o.uuid}")
71 test "delete #{o_class} that owns nothing" do
73 o = o_class.create! group_class: "project"
77 assert(o_class.where(uuid: o.uuid).any?,
78 "new #{o_class} should really be in DB")
79 assert(o.destroy, "should delete #{o_class} that owns nothing")
80 assert_equal(false, o_class.where(uuid: o.uuid).any?,
81 "#{o.uuid} should not be in DB after deleting")
84 test "change uuid of #{o_class} that owns nothing" do
85 # (we're relying on our admin credentials here)
87 o = o_class.create! group_class: "project"
91 assert(o_class.where(uuid: o.uuid).any?,
92 "new #{o_class} should really be in DB")
94 new_uuid = o.uuid.sub(/..........$/, rand(2**256).to_s(36)[0..9])
95 assert(o.update(uuid: new_uuid),
96 "should change #{o_class} uuid from #{old_uuid} to #{new_uuid}")
97 assert_equal(false, o_class.where(uuid: old_uuid).any?,
98 "#{old_uuid} should disappear when renamed to #{new_uuid}")
102 ['users(:active)', 'groups(:aproject)'].each do |ofixt|
103 test "delete #{ofixt} that owns other objects" do
105 assert_equal(true, Specimen.where(owner_uuid: o.uuid).any?,
106 "need something to be owned by #{o.uuid} for this test")
108 skip_check_permissions_against_full_refresh do
109 assert_raises(ActiveRecord::DeleteRestrictionError,
110 "should not delete #{ofixt} that owns objects") do
116 test "change uuid of #{ofixt} that owns other objects" do
118 assert_equal(true, Specimen.where(owner_uuid: o.uuid).any?,
119 "need something to be owned by #{o.uuid} for this test")
120 new_uuid = o.uuid.sub(/..........$/, rand(2**256).to_s(36)[0..9])
121 assert(!o.update(uuid: new_uuid),
122 "should not change uuid of #{ofixt} that owns objects")
126 test "delete User that owns self" do
128 assert User.where(uuid: o.uuid).any?, "new User should really be in DB"
129 assert_equal(true, o.update(owner_uuid: o.uuid),
130 "setting owner to self should work")
132 skip_check_permissions_against_full_refresh do
133 assert(o.destroy, "should delete User that owns self")
136 assert_equal(false, User.where(uuid: o.uuid).any?,
137 "#{o.uuid} should not be in DB after deleting")
138 check_permissions_against_full_refresh