services/api/test/unit/group_test.rb

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: AGPL-3.0
   4
   5 require 'test_helper'
   6
   7 class GroupTest < ActiveSupport::TestCase
   8
   9   test "cannot set owner_uuid to object with existing ownership cycle" do
  10     set_user_from_auth :active_trustedclient
  11
  12     # First make sure we have lots of permission on the bad group by
  13     # renaming it to "{current name} is mine all mine"
  14     g = groups(:bad_group_has_ownership_cycle_b)
  15     g.name += " is mine all mine"
  16     assert g.save, "active user should be able to modify group #{g.uuid}"
  17
  18     # Use the group as the owner of a new object
  19     s = Specimen.
  20       create(owner_uuid: groups(:bad_group_has_ownership_cycle_b).uuid)
  21     assert s.valid?, "ownership should pass validation #{s.errors.messages}"
  22     assert_equal false, s.save, "should not save object with #{g.uuid} as owner"
  23
  24     # Use the group as the new owner of an existing object
  25     s = specimens(:in_aproject)
  26     s.owner_uuid = groups(:bad_group_has_ownership_cycle_b).uuid
  27     assert s.valid?, "ownership should pass validation"
  28     assert_equal false, s.save, "should not save object with #{g.uuid} as owner"
  29   end
  30
  31   test "cannot create a new ownership cycle" do
  32     set_user_from_auth :active_trustedclient
  33
  34     g_foo = Group.create!(name: "foo")
  35     g_bar = Group.create!(name: "bar")
  36
  37     g_foo.owner_uuid = g_bar.uuid
  38     assert g_foo.save, lambda { g_foo.errors.messages }
  39     g_bar.owner_uuid = g_foo.uuid
  40     assert g_bar.valid?, "ownership cycle should not prevent validation"
  41     assert_equal false, g_bar.save, "should not create an ownership loop"
  42     assert g_bar.errors.messages[:owner_uuid].join(" ").match(/ownership cycle/)
  43   end
  44
  45   test "cannot create a single-object ownership cycle" do
  46     set_user_from_auth :active_trustedclient
  47
  48     g_foo = Group.create!(name: "foo")
  49     assert g_foo.save
  50
  51     # Ensure I have permission to manage this group even when its owner changes
  52     perm_link = Link.create!(tail_uuid: users(:active).uuid,
  53                             head_uuid: g_foo.uuid,
  54                             link_class: 'permission',
  55                             name: 'can_manage')
  56     assert perm_link.save
  57
  58     g_foo.owner_uuid = g_foo.uuid
  59     assert_equal false, g_foo.save, "should not create an ownership loop"
  60     assert g_foo.errors.messages[:owner_uuid].join(" ").match(/ownership cycle/)
  61   end
  62
  63   test "trash group hides contents" do
  64     set_user_from_auth :active_trustedclient
  65
  66     g_foo = Group.create!(name: "foo")
  67     col = Collection.create!(owner_uuid: g_foo.uuid)
  68
  69     assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?
  70     g_foo.update! is_trashed: true
  71     assert Collection.readable_by(users(:active)).where(uuid: col.uuid).empty?
  72     assert Collection.readable_by(users(:active), {:include_trash => true}).where(uuid: col.uuid).any?
  73     g_foo.update! is_trashed: false
  74     assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?
  75   end
  76
  77   test "trash group" do
  78     set_user_from_auth :active_trustedclient
  79
  80     g_foo = Group.create!(name: "foo")
  81     g_bar = Group.create!(name: "bar", owner_uuid: g_foo.uuid)
  82     g_baz = Group.create!(name: "baz", owner_uuid: g_bar.uuid)
  83
  84     assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
  85     assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
  86     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).any?
  87     g_foo.update! is_trashed: true
  88     assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).empty?
  89     assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).empty?
  90     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
  91
  92     assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_foo.uuid).any?
  93     assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_bar.uuid).any?
  94     assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_baz.uuid).any?
  95   end
  96
  97
  98   test "trash subgroup" do
  99     set_user_from_auth :active_trustedclient
 100
 101     g_foo = Group.create!(name: "foo")
 102     g_bar = Group.create!(name: "bar", owner_uuid: g_foo.uuid)
 103     g_baz = Group.create!(name: "baz", owner_uuid: g_bar.uuid)
 104
 105     assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
 106     assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
 107     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).any?
 108     g_bar.update! is_trashed: true
 109
 110     assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
 111     assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).empty?
 112     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
 113
 114     assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_bar.uuid).any?
 115     assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_baz.uuid).any?
 116   end
 117
 118   test "trash subsubgroup" do
 119     set_user_from_auth :active_trustedclient
 120
 121     g_foo = Group.create!(name: "foo")
 122     g_bar = Group.create!(name: "bar", owner_uuid: g_foo.uuid)
 123     g_baz = Group.create!(name: "baz", owner_uuid: g_bar.uuid)
 124
 125     assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
 126     assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
 127     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).any?
 128     g_baz.update! is_trashed: true
 129     assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
 130     assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
 131     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
 132     assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_baz.uuid).any?
 133   end
 134
 135
 136   test "trash group propagates to subgroups" do
 137     set_user_from_auth :active_trustedclient
 138
 139     g_foo = groups(:trashed_project)
 140     g_bar = groups(:trashed_subproject)
 141     g_baz = groups(:trashed_subproject3)
 142     col = collections(:collection_in_trashed_subproject)
 143
 144     assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).empty?
 145     assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).empty?
 146     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
 147     assert Collection.readable_by(users(:active)).where(uuid: col.uuid).empty?
 148
 149     set_user_from_auth :admin
 150     assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).empty?
 151     assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).empty?
 152     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
 153     assert Collection.readable_by(users(:active)).where(uuid: col.uuid).empty?
 154
 155     set_user_from_auth :active_trustedclient
 156     g_foo.update! is_trashed: false
 157     assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
 158     assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
 159     assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?
 160
 161     # this one should still be trashed.
 162     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
 163
 164     g_baz.update! is_trashed: false
 165     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).any?
 166   end
 167
 168   test "trashed does not propagate across permission links" do
 169     set_user_from_auth :admin
 170
 171     g_foo = Group.create!(name: "foo")
 172     u_bar = User.create!(first_name: "bar")
 173
 174     assert Group.readable_by(users(:admin)).where(uuid: g_foo.uuid).any?
 175     assert User.readable_by(users(:admin)).where(uuid:  u_bar.uuid).any?
 176     g_foo.update! is_trashed: true
 177
 178     assert Group.readable_by(users(:admin)).where(uuid: g_foo.uuid).empty?
 179     assert User.readable_by(users(:admin)).where(uuid:  u_bar.uuid).any?
 180
 181     g_foo.update! is_trashed: false
 182     ln = Link.create!(tail_uuid: g_foo.uuid,
 183                       head_uuid: u_bar.uuid,
 184                       link_class: "permission",
 185                       name: "can_read")
 186     g_foo.update! is_trashed: true
 187
 188     assert Group.readable_by(users(:admin)).where(uuid: g_foo.uuid).empty?
 189     assert User.readable_by(users(:admin)).where(uuid:  u_bar.uuid).any?
 190   end
 191
 192   test "move projects to trash in SweepTrashedObjects" do
 193     p = groups(:trashed_on_next_sweep)
 194     assert_empty Group.where('uuid=? and is_trashed=true', p.uuid)
 195     SweepTrashedObjects.sweep_now
 196     assert_not_empty Group.where('uuid=? and is_trashed=true', p.uuid)
 197   end
 198
 199   test "delete projects and their contents in SweepTrashedObjects" do
 200     g_foo = groups(:trashed_project)
 201     g_bar = groups(:trashed_subproject)
 202     g_baz = groups(:trashed_subproject3)
 203     col = collections(:collection_in_trashed_subproject)
 204     job = jobs(:job_in_trashed_project)
 205     cr = container_requests(:cr_in_trashed_project)
 206     # Save how many objects were before the sweep
 207     user_nr_was = User.all.length
 208     coll_nr_was = Collection.all.length
 209     group_nr_was = Group.where('group_class<>?', 'project').length
 210     project_nr_was = Group.where(group_class: 'project').length
 211     cr_nr_was = ContainerRequest.all.length
 212     job_nr_was = Job.all.length
 213     assert_not_empty Group.where(uuid: g_foo.uuid)
 214     assert_not_empty Group.where(uuid: g_bar.uuid)
 215     assert_not_empty Group.where(uuid: g_baz.uuid)
 216     assert_not_empty Collection.where(uuid: col.uuid)
 217     assert_not_empty Job.where(uuid: job.uuid)
 218     assert_not_empty ContainerRequest.where(uuid: cr.uuid)
 219     SweepTrashedObjects.sweep_now
 220     assert_empty Group.where(uuid: g_foo.uuid)
 221     assert_empty Group.where(uuid: g_bar.uuid)
 222     assert_empty Group.where(uuid: g_baz.uuid)
 223     assert_empty Collection.where(uuid: col.uuid)
 224     assert_empty Job.where(uuid: job.uuid)
 225     assert_empty ContainerRequest.where(uuid: cr.uuid)
 226     # No unwanted deletions should have happened
 227     assert_equal user_nr_was, User.all.length
 228     assert_equal coll_nr_was-2,        # collection_in_trashed_subproject
 229                  Collection.all.length # & deleted_on_next_sweep collections
 230     assert_equal group_nr_was, Group.where('group_class<>?', 'project').length
 231     assert_equal project_nr_was-3, Group.where(group_class: 'project').length
 232     assert_equal cr_nr_was-1, ContainerRequest.all.length
 233     assert_equal job_nr_was-1, Job.all.length
 234   end
 235 end