2 require 'helpers/users_test_helper'
4 class Arvados::V1::UsersControllerTest < ActionController::TestCase
5 include CurrentApiClient
6 include UsersTestHelper
9 @initial_link_count = Link.count
10 @vm_uuid = virtual_machines(:testvm).uuid
13 test "activate a user after signing UA" do
14 authorize_with :inactive_but_signed_user_agreement
15 post :activate, id: users(:inactive_but_signed_user_agreement).uuid
16 assert_response :success
17 assert_not_nil assigns(:object)
18 me = JSON.parse(@response.body)
19 assert_equal true, me['is_active']
22 test "refuse to activate a user before signing UA" do
24 required_uuids = Link.where("owner_uuid = ? and link_class = ? and name = ? and tail_uuid = ? and head_uuid like ?",
29 Collection.uuid_like_pattern).
32 assert required_uuids.length > 0
34 signed_uuids = Link.where(owner_uuid: system_user_uuid,
35 link_class: 'signature',
37 tail_uuid: users(:inactive).uuid,
38 head_uuid: required_uuids).
41 assert_equal 0, signed_uuids.length
44 authorize_with :inactive
45 assert_equal false, users(:inactive).is_active
47 post :activate, id: users(:inactive).uuid
51 assert resp['errors'].first.include? 'Cannot activate without user agreements'
52 assert_nil resp['is_active']
55 test "activate an already-active user" do
56 authorize_with :active
57 post :activate, id: users(:active).uuid
58 assert_response :success
59 me = JSON.parse(@response.body)
60 assert_equal true, me['is_active']
63 test "respond 401 if given token exists but user record is missing" do
64 authorize_with :valid_token_deleted_user
65 get :current, {format: :json}
69 test "create new user with user as input" do
72 first_name: "test_first_name",
73 last_name: "test_last_name",
74 email: "foo@example.com"
76 assert_response :success
77 created = JSON.parse(@response.body)
78 assert_equal 'test_first_name', created['first_name']
79 assert_not_nil created['uuid'], 'expected uuid for the newly created user'
80 assert_not_nil created['email'], 'expected non-nil email'
81 assert_nil created['identity_url'], 'expected no identity_url'
84 test "create user with user, vm and repo as input" do
86 repo_name = 'usertestrepo'
90 openid_prefix: 'https://www.google.com/accounts/o8/id',
92 uuid: 'zzzzz-tpzed-abcdefghijklmno',
93 first_name: "in_create_test_first_name",
94 last_name: "test_last_name",
95 email: "foo@example.com"
98 assert_response :success
99 response_items = JSON.parse(@response.body)['items']
101 created = find_obj_in_resp response_items, 'User', nil
103 assert_equal 'in_create_test_first_name', created['first_name']
104 assert_not_nil created['uuid'], 'expected non-null uuid for the new user'
105 assert_equal 'zzzzz-tpzed-abcdefghijklmno', created['uuid']
106 assert_not_nil created['email'], 'expected non-nil email'
107 assert_nil created['identity_url'], 'expected no identity_url'
109 # arvados#user, repo link and link add user to 'All users' group
112 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
113 created['uuid'], created['email'], 'arvados#user', false, 'User'
115 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
116 "foo/#{repo_name}", created['uuid'], 'arvados#repository', true, 'Repository'
118 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
119 'All users', created['uuid'], 'arvados#group', true, 'Group'
121 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
122 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
124 verify_system_group_permission_link_for created['uuid']
127 test "setup user with bogus uuid and expect error" do
128 authorize_with :admin
132 repo_name: 'usertestrepo',
135 response_body = JSON.parse(@response.body)
136 response_errors = response_body['errors']
137 assert_not_nil response_errors, 'Expected error in response'
138 assert (response_errors.first.include? 'Path not found'), 'Expected 404'
141 test "setup user with bogus uuid in user and expect error" do
142 authorize_with :admin
145 user: {uuid: 'bogus_uuid'},
146 repo_name: 'usertestrepo',
148 openid_prefix: 'https://www.google.com/accounts/o8/id'
150 response_body = JSON.parse(@response.body)
151 response_errors = response_body['errors']
152 assert_not_nil response_errors, 'Expected error in response'
153 assert (response_errors.first.include? 'ArgumentError: Require user email'),
154 'Expected RuntimeError'
157 test "setup user with no uuid and user, expect error" do
158 authorize_with :admin
161 repo_name: 'usertestrepo',
163 openid_prefix: 'https://www.google.com/accounts/o8/id'
165 response_body = JSON.parse(@response.body)
166 response_errors = response_body['errors']
167 assert_not_nil response_errors, 'Expected error in response'
168 assert (response_errors.first.include? 'Required uuid or user'),
169 'Expected ArgumentError'
172 test "setup user with no uuid and email, expect error" do
173 authorize_with :admin
177 repo_name: 'usertestrepo',
179 openid_prefix: 'https://www.google.com/accounts/o8/id'
181 response_body = JSON.parse(@response.body)
182 response_errors = response_body['errors']
183 assert_not_nil response_errors, 'Expected error in response'
184 assert (response_errors.first.include? '<ArgumentError: Require user email'),
185 'Expected ArgumentError'
188 test "invoke setup with existing uuid, vm and repo and verify links" do
189 authorize_with :admin
190 inactive_user = users(:inactive)
193 uuid: users(:inactive).uuid,
194 repo_name: 'usertestrepo',
198 assert_response :success
200 response_items = JSON.parse(@response.body)['items']
201 resp_obj = find_obj_in_resp response_items, 'User', nil
203 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
204 assert_equal inactive_user['uuid'], resp_obj['uuid']
205 assert_equal inactive_user['email'], resp_obj['email'],
206 'expecting inactive user email'
208 # expect repo and vm links
209 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
210 'inactiveuser/usertestrepo', resp_obj['uuid'], 'arvados#repository', true, 'Repository'
212 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
213 @vm_uuid, resp_obj['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
216 test "invoke setup with existing uuid in user, verify response" do
217 authorize_with :admin
218 inactive_user = users(:inactive)
221 user: {uuid: inactive_user['uuid']},
222 openid_prefix: 'https://www.google.com/accounts/o8/id'
225 assert_response :success
227 response_items = JSON.parse(@response.body)['items']
228 resp_obj = find_obj_in_resp response_items, 'User', nil
230 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
231 assert_equal inactive_user['uuid'], resp_obj['uuid']
232 assert_equal inactive_user['email'], resp_obj['email'],
233 'expecting inactive user email'
236 test "invoke setup with existing uuid but different email, expect original email" do
237 authorize_with :admin
238 inactive_user = users(:inactive)
241 uuid: inactive_user['uuid'],
242 user: {email: 'junk_email'}
245 assert_response :success
247 response_items = JSON.parse(@response.body)['items']
248 resp_obj = find_obj_in_resp response_items, 'User', nil
250 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
251 assert_equal inactive_user['uuid'], resp_obj['uuid']
252 assert_equal inactive_user['email'], resp_obj['email'],
253 'expecting inactive user email'
256 test "setup user with valid email and repo as input" do
257 authorize_with :admin
260 repo_name: 'usertestrepo',
261 user: {email: 'foo@example.com'},
262 openid_prefix: 'https://www.google.com/accounts/o8/id'
265 assert_response :success
266 response_items = JSON.parse(@response.body)['items']
267 response_object = find_obj_in_resp response_items, 'User', nil
268 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
269 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
271 # four extra links; system_group, login, group and repo perms
275 test "setup user with fake vm and expect error" do
276 authorize_with :admin
279 repo_name: 'usertestrepo',
280 vm_uuid: 'no_such_vm',
281 user: {email: 'foo@example.com'},
282 openid_prefix: 'https://www.google.com/accounts/o8/id'
285 response_body = JSON.parse(@response.body)
286 response_errors = response_body['errors']
287 assert_not_nil response_errors, 'Expected error in response'
288 assert (response_errors.first.include? "No vm found for no_such_vm"),
289 'Expected RuntimeError: No vm found for no_such_vm'
292 test "setup user with valid email, repo and real vm as input" do
293 authorize_with :admin
296 repo_name: 'usertestrepo',
297 openid_prefix: 'https://www.google.com/accounts/o8/id',
299 user: {email: 'foo@example.com'}
302 assert_response :success
303 response_items = JSON.parse(@response.body)['items']
304 response_object = find_obj_in_resp response_items, 'User', nil
305 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
306 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
308 # five extra links; system_group, login, group, vm, repo
312 test "setup user with valid email, no vm and no repo as input" do
313 authorize_with :admin
316 user: {email: 'foo@example.com'},
317 openid_prefix: 'https://www.google.com/accounts/o8/id'
320 assert_response :success
321 response_items = JSON.parse(@response.body)['items']
322 response_object = find_obj_in_resp response_items, 'User', nil
323 assert_not_nil response_object['uuid'], 'expected uuid for new user'
324 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
326 # three extra links; system_group, login, and group
329 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
330 response_object['uuid'], response_object['email'], 'arvados#user', false, 'User'
332 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
333 'All users', response_object['uuid'], 'arvados#group', true, 'Group'
335 verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
336 'foo/usertestrepo', response_object['uuid'], 'arvados#repository', true, 'Repository'
338 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
339 nil, response_object['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
342 test "setup user with email, first name, repo name and vm uuid" do
343 authorize_with :admin
346 openid_prefix: 'https://www.google.com/accounts/o8/id',
347 repo_name: 'usertestrepo',
350 first_name: 'test_first_name',
351 email: 'foo@example.com'
355 assert_response :success
356 response_items = JSON.parse(@response.body)['items']
357 response_object = find_obj_in_resp response_items, 'User', nil
358 assert_not_nil response_object['uuid'], 'expected uuid for new user'
359 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
360 assert_equal 'test_first_name', response_object['first_name'],
361 'expecting first name'
363 # five extra links; system_group, login, group, repo and vm
367 test "setup user with an existing user email and check different object is created" do
368 authorize_with :admin
369 inactive_user = users(:inactive)
372 openid_prefix: 'https://www.google.com/accounts/o8/id',
373 repo_name: 'usertestrepo',
375 email: inactive_user['email']
379 assert_response :success
380 response_items = JSON.parse(@response.body)['items']
381 response_object = find_obj_in_resp response_items, 'User', nil
382 assert_not_nil response_object['uuid'], 'expected uuid for new user'
383 assert_not_equal response_object['uuid'], inactive_user['uuid'],
384 'expected different uuid after create operation'
385 assert_equal inactive_user['email'], response_object['email'], 'expected given email'
386 # system_group, openid, group, and repo. No vm link.
390 test "setup user with openid prefix" do
391 authorize_with :admin
394 repo_name: 'usertestrepo',
395 openid_prefix: 'http://www.example.com/account',
397 first_name: "in_create_test_first_name",
398 last_name: "test_last_name",
399 email: "foo@example.com"
403 assert_response :success
405 response_items = JSON.parse(@response.body)['items']
406 created = find_obj_in_resp response_items, 'User', nil
408 assert_equal 'in_create_test_first_name', created['first_name']
409 assert_not_nil created['uuid'], 'expected uuid for new user'
410 assert_not_nil created['email'], 'expected non-nil email'
411 assert_nil created['identity_url'], 'expected no identity_url'
414 # four new links: system_group, arvados#user, repo, and 'All users' group.
417 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
418 created['uuid'], created['email'], 'arvados#user', false, 'User'
420 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
421 'foo/usertestrepo', created['uuid'], 'arvados#repository', true, 'Repository'
423 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
424 'All users', created['uuid'], 'arvados#group', true, 'Group'
426 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
427 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
430 test "invoke setup with no openid prefix, expect error" do
431 authorize_with :admin
434 repo_name: 'usertestrepo',
436 first_name: "in_create_test_first_name",
437 last_name: "test_last_name",
438 email: "foo@example.com"
442 response_body = JSON.parse(@response.body)
443 response_errors = response_body['errors']
444 assert_not_nil response_errors, 'Expected error in response'
445 assert (response_errors.first.include? 'openid_prefix parameter is missing'),
446 'Expected ArgumentError'
449 test "setup user with user, vm and repo and verify links" do
450 authorize_with :admin
454 first_name: "in_create_test_first_name",
455 last_name: "test_last_name",
456 email: "foo@example.com"
459 repo_name: 'usertestrepo',
460 openid_prefix: 'https://www.google.com/accounts/o8/id'
463 assert_response :success
465 response_items = JSON.parse(@response.body)['items']
466 created = find_obj_in_resp response_items, 'User', nil
468 assert_equal 'in_create_test_first_name', created['first_name']
469 assert_not_nil created['uuid'], 'expected uuid for new user'
470 assert_not_nil created['email'], 'expected non-nil email'
471 assert_nil created['identity_url'], 'expected no identity_url'
473 # five new links: system_group, arvados#user, repo, vm and 'All
477 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
478 created['uuid'], created['email'], 'arvados#user', false, 'User'
480 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
481 'foo/usertestrepo', created['uuid'], 'arvados#repository', true, 'Repository'
483 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
484 'All users', created['uuid'], 'arvados#group', true, 'Group'
486 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
487 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
490 test "create user as non admin user and expect error" do
491 authorize_with :active
494 user: {email: 'foo@example.com'}
497 response_body = JSON.parse(@response.body)
498 response_errors = response_body['errors']
499 assert_not_nil response_errors, 'Expected error in response'
500 assert (response_errors.first.include? 'PermissionDenied'),
501 'Expected PermissionDeniedError'
504 test "setup user as non admin user and expect error" do
505 authorize_with :active
508 openid_prefix: 'https://www.google.com/accounts/o8/id',
509 user: {email: 'foo@example.com'}
512 response_body = JSON.parse(@response.body)
513 response_errors = response_body['errors']
514 assert_not_nil response_errors, 'Expected error in response'
515 assert (response_errors.first.include? 'Forbidden'),
516 'Expected Forbidden error'
519 test "setup active user with repo and no vm" do
520 authorize_with :admin
521 active_user = users(:active)
523 # invoke setup with a repository
525 repo_name: 'usertestrepo',
526 uuid: active_user['uuid']
529 assert_response :success
531 response_items = JSON.parse(@response.body)['items']
532 created = find_obj_in_resp response_items, 'User', nil
534 assert_equal active_user[:email], created['email'], 'expected input email'
537 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
538 'All users', created['uuid'], 'arvados#group', true, 'Group'
540 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
541 'active/usertestrepo', created['uuid'], 'arvados#repository', true, 'Repository'
543 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
544 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
547 test "setup active user with vm and no repo" do
548 authorize_with :admin
549 active_user = users(:active)
550 repos_query = Repository.where(owner_uuid: active_user.uuid)
551 repo_link_query = Link.where(tail_uuid: active_user.uuid,
552 link_class: "permission", name: "can_manage")
553 repos_count = repos_query.count
554 repo_link_count = repo_link_query.count
556 # invoke setup with a repository
559 uuid: active_user['uuid'],
563 assert_response :success
565 response_items = JSON.parse(@response.body)['items']
566 created = find_obj_in_resp response_items, 'User', nil
568 assert_equal active_user['email'], created['email'], 'expected original email'
571 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
572 'All users', created['uuid'], 'arvados#group', true, 'Group'
574 assert_equal(repos_count, repos_query.count)
575 assert_equal(repo_link_count, repo_link_query.count)
577 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
578 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
581 test "unsetup active user" do
582 active_user = users(:active)
583 assert_not_nil active_user['uuid'], 'expected uuid for the active user'
584 assert active_user['is_active'], 'expected is_active for active user'
586 verify_link_existence active_user['uuid'], active_user['email'],
587 false, true, true, true, true
589 authorize_with :admin
591 # now unsetup this user
592 post :unsetup, id: active_user['uuid']
593 assert_response :success
595 response_user = JSON.parse(@response.body)
596 assert_not_nil response_user['uuid'], 'expected uuid for the upsetup user'
597 assert_equal active_user['uuid'], response_user['uuid'], 'expected uuid not found'
598 assert !response_user['is_active'], 'expected user to be inactive'
599 assert !response_user['is_invited'], 'expected user to be uninvited'
601 verify_link_existence response_user['uuid'], response_user['email'],
602 false, false, false, false, false
604 active_user = User.find_by_uuid(users(:active).uuid)
605 readable_groups = active_user.groups_i_can(:read)
606 all_users_group = Group.all.collect(&:uuid).select { |g| g.match(/-f+$/) }
607 refute_includes(readable_groups, all_users_group,
608 "active user can read All Users group after being deactivated")
609 assert_equal(false, active_user.is_invited,
610 "active user is_invited after being deactivated & reloaded")
613 test "setup user with send notification param false and verify no email" do
614 authorize_with :admin
617 openid_prefix: 'http://www.example.com/account',
618 send_notification_email: 'false',
620 email: "foo@example.com"
624 assert_response :success
625 response_items = JSON.parse(@response.body)['items']
626 created = find_obj_in_resp response_items, 'User', nil
627 assert_not_nil created['uuid'], 'expected uuid for the new user'
628 assert_equal created['email'], 'foo@example.com', 'expected given email'
630 setup_email = ActionMailer::Base.deliveries.last
631 assert_nil setup_email, 'expected no setup email'
634 test "setup user with send notification param true and verify email" do
635 authorize_with :admin
638 openid_prefix: 'http://www.example.com/account',
639 send_notification_email: 'true',
641 email: "foo@example.com"
645 assert_response :success
646 response_items = JSON.parse(@response.body)['items']
647 created = find_obj_in_resp response_items, 'User', nil
648 assert_not_nil created['uuid'], 'expected uuid for the new user'
649 assert_equal created['email'], 'foo@example.com', 'expected given email'
651 setup_email = ActionMailer::Base.deliveries.last
652 assert_not_nil setup_email, 'Expected email after setup'
654 assert_equal Rails.configuration.user_notifier_email_from, setup_email.from[0]
655 assert_equal 'foo@example.com', setup_email.to[0]
656 assert_equal 'Welcome to Curoverse - shell account enabled', setup_email.subject
657 assert (setup_email.body.to_s.include? 'Your Arvados shell account has been set up'),
658 'Expected Your Arvados shell account has been set up in email body'
659 assert (setup_email.body.to_s.include? "#{Rails.configuration.workbench_address}users/#{created['uuid']}/virtual_machines"), 'Expected virtual machines url in email body'
662 test "non-admin user can get basic information about readable users" do
663 authorize_with :spectator
665 check_non_admin_index
666 check_readable_users_index [:spectator], [:inactive, :active]
669 test "non-admin user gets only safe attributes from users#show" do
670 g = act_as_system_user do
673 users = create_list :active_user, 2, join_groups: [g]
674 token = create :token, user: users[0]
675 authorize_with_token token
676 get :show, id: users[1].uuid
680 [2, 4].each do |limit|
681 test "non-admin user can limit index to #{limit}" do
682 g = act_as_system_user do
685 users = create_list :active_user, 4, join_groups: [g]
686 token = create :token, user: users[0]
688 authorize_with_token token
689 get(:index, limit: limit)
690 check_non_admin_index
691 assert_equal(limit, json_response["items"].size,
692 "non-admin index limit was ineffective")
696 test "admin has full index powers" do
697 authorize_with :admin
698 check_inactive_user_findable
701 test "reader token can grant admin index powers" do
702 authorize_with :spectator
703 check_inactive_user_findable(reader_tokens: [api_token(:admin)])
706 test "admin can filter on user.is_active" do
707 authorize_with :admin
708 get(:index, filters: [["is_active", "=", "true"]])
709 assert_response :success
710 check_readable_users_index [:active, :spectator], [:inactive]
713 test "admin can search where user.is_active" do
714 authorize_with :admin
715 get(:index, where: {is_active: true})
716 assert_response :success
717 check_readable_users_index [:active, :spectator], [:inactive]
720 test "update active_no_prefs user profile and expect notification email" do
721 authorize_with :admin
724 id: users(:active_no_prefs).uuid,
726 prefs: {:profile => {'organization' => 'example.com'}}
729 assert_response :success
732 ActionMailer::Base.deliveries.andand.each do |email|
733 if email.subject == "Profile created by #{users(:active_no_prefs).email}"
738 assert_equal true, found_email, 'Expected email after creating profile'
741 test "update active_no_prefs_profile user profile and expect notification email" do
742 authorize_with :admin
745 user[:prefs] = users(:active_no_prefs_profile_no_getting_started_shown).prefs
746 user[:prefs][:profile] = {:profile => {'organization' => 'example.com'}}
748 id: users(:active_no_prefs_profile_no_getting_started_shown).uuid,
751 assert_response :success
754 ActionMailer::Base.deliveries.andand.each do |email|
755 if email.subject == "Profile created by #{users(:active_no_prefs_profile_no_getting_started_shown).email}"
760 assert_equal true, found_email, 'Expected email after creating profile'
763 test "update active user profile and expect no notification email" do
764 authorize_with :admin
767 id: users(:active).uuid,
769 prefs: {:profile => {'organization' => 'anotherexample.com'}}
772 assert_response :success
775 ActionMailer::Base.deliveries.andand.each do |email|
776 if email.subject == "Profile created by #{users(:active).email}"
781 assert_equal false, found_email, 'Expected no email after updating profile'
784 test "user API response includes writable_by" do
785 authorize_with :active
787 assert_response :success
788 assert_includes(json_response["writable_by"], users(:active).uuid,
789 "user's writable_by should include self")
790 assert_includes(json_response["writable_by"], users(:active).owner_uuid,
791 "user's writable_by should include its owner_uuid")
795 NON_ADMIN_USER_DATA = ["uuid", "kind", "is_active", "email", "first_name",
798 def check_non_admin_index
799 assert_response :success
800 response_items = json_response["items"]
801 assert_not_nil response_items
802 response_items.each do |user_data|
803 check_non_admin_item user_data
804 assert(user_data["is_active"], "non-admin index returned inactive user")
808 def check_non_admin_show
809 assert_response :success
810 check_non_admin_item json_response
813 def check_non_admin_item user_data
814 assert_equal(NON_ADMIN_USER_DATA, user_data.keys.sort,
815 "data in response had missing or extra attributes")
816 assert_equal("arvados#user", user_data["kind"])
820 def check_readable_users_index expect_present, expect_missing
821 response_uuids = json_response["items"].map { |u| u["uuid"] }
822 expect_present.each do |user_key|
823 assert_includes(response_uuids, users(user_key).uuid,
824 "#{user_key} missing from index")
826 expect_missing.each do |user_key|
827 refute_includes(response_uuids, users(user_key).uuid,
828 "#{user_key} included in index")
832 def check_inactive_user_findable(params={})
833 inactive_user = users(:inactive)
834 get(:index, params.merge(filters: [["email", "=", inactive_user.email]]))
835 assert_response :success
836 user_list = json_response["items"]
837 assert_equal(1, user_list.andand.count)
838 # This test needs to check a column non-admins have no access to,
839 # to ensure that admins see all user information.
840 assert_equal(inactive_user.identity_url, user_list.first["identity_url"],
841 "admin's filtered index did not return inactive user")
844 def verify_links_added more
845 assert_equal @initial_link_count+more, Link.count,
846 "Started with #{@initial_link_count} links, expected #{more} more"
849 def find_obj_in_resp (response_items, object_type, head_kind=nil)
851 response_items.each { |x|
856 if object_type == 'User'
857 if ArvadosModel::resource_class_for_uuid(x['uuid']) == User
861 else # looking for a link
862 if x['head_uuid'] and ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind