1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
7 class Arvados::V1::GroupsControllerTest < ActionController::TestCase
9 test "attempt to delete group that cannot be seen" do
10 Rails.configuration.Users.RoleGroupsVisibleToAll = false
11 authorize_with :active
12 post :destroy, params: {id: groups(:empty_lonely_group).uuid}
16 test "attempt to delete group without read or write access" do
17 authorize_with :active
18 post :destroy, params: {id: groups(:empty_lonely_group).uuid}
22 test "attempt to delete group without write access" do
23 authorize_with :active
24 post :destroy, params: {id: groups(:all_users).uuid}
28 test "get list of projects" do
29 authorize_with :active
30 get :index, params: {filters: [['group_class', '=', 'project']], format: :json}
31 assert_response :success
33 json_response['items'].each do |group|
34 assert_equal 'project', group['group_class']
35 group_uuids << group['uuid']
37 assert_includes group_uuids, groups(:aproject).uuid
38 assert_includes group_uuids, groups(:asubproject).uuid
39 assert_includes group_uuids, groups(:private).uuid
40 assert_not_includes group_uuids, groups(:system_group).uuid
41 assert_not_includes group_uuids, groups(:private_and_can_read_foofile).uuid
44 test "get list of groups that are not projects" do
45 authorize_with :active
46 get :index, params: {filters: [['group_class', '!=', 'project']], format: :json}
47 assert_response :success
49 json_response['items'].each do |group|
50 assert_not_equal 'project', group['group_class']
51 group_uuids << group['uuid']
53 assert_not_includes group_uuids, groups(:aproject).uuid
54 assert_not_includes group_uuids, groups(:asubproject).uuid
57 test "get list of groups with bogus group_class" do
58 authorize_with :active
60 filters: [['group_class', '=', 'nogrouphasthislittleclass']],
63 assert_response :success
64 assert_equal [], json_response['items']
65 assert_equal 0, json_response['items_available']
68 def check_project_contents_response
69 assert_response :success
70 assert_operator 2, :<=, json_response['items_available']
71 assert_operator 2, :<=, json_response['items'].count
72 kinds = json_response['items'].collect { |i| i['kind'] }.uniq
73 expect_kinds = %w'arvados#group'
74 assert_equal expect_kinds, (expect_kinds & kinds)
76 json_response['items'].each do |i|
77 if i['kind'] == 'arvados#group'
78 assert(i['group_class'] == 'project',
79 "group#contents returned a non-project group")
84 test 'get group-owned objects' do
85 authorize_with :active
86 get :contents, params: {
87 id: groups(:aproject).uuid,
90 check_project_contents_response
93 test "user with project read permission can see project objects" do
94 authorize_with :project_viewer
95 get :contents, params: {
96 id: groups(:aproject).uuid,
99 check_project_contents_response
102 test "list objects across projects" do
103 authorize_with :project_viewer
104 get :contents, params: {
106 filters: [['uuid', 'is_a', 'arvados#collection']]
108 assert_response :success
109 found_uuids = json_response['items'].collect { |i| i['uuid'] }
110 [[:foo_collection_in_aproject, true],
111 [:baz_collection_name_in_asubproject, true],
112 [:collection_not_readable_by_active, false]].each do |collection_fixture, should_find|
114 assert_includes found_uuids, collections(collection_fixture).uuid, "did not find collection fixture '#{collection_fixture}'"
116 refute_includes found_uuids, collections(collection_fixture).uuid, "found collection fixture '#{collection_fixture}'"
121 test "list trashed collections and projects" do
122 authorize_with :active
123 get(:contents, params: {
127 ['uuid', 'is_a', ['arvados#collection', 'arvados#group']],
128 ['is_trashed', '=', true],
132 assert_response :success
133 found_uuids = json_response['items'].collect { |i| i['uuid'] }
134 assert_includes found_uuids, groups(:trashed_project).uuid
135 refute_includes found_uuids, groups(:aproject).uuid
136 assert_includes found_uuids, collections(:expired_collection).uuid
137 refute_includes found_uuids, collections(:w_a_z_file).uuid
140 test "list objects in home project" do
141 authorize_with :active
142 get :contents, params: {
145 id: users(:active).uuid
147 assert_response :success
148 found_uuids = json_response['items'].collect { |i| i['uuid'] }
149 assert_includes found_uuids, collections(:collection_owned_by_active).uuid, "collection did not appear in home project"
150 refute_includes found_uuids, collections(:foo_collection_in_aproject).uuid, "collection appeared unexpectedly in home project"
153 test "list collections in home project" do
154 authorize_with :active
155 get(:contents, params: {
158 ['uuid', 'is_a', 'arvados#collection'],
161 id: users(:active).uuid,
163 assert_response :success
164 found_uuids = json_response['items'].collect { |i| i['uuid'] }
165 assert_includes found_uuids, collections(:collection_owned_by_active).uuid, "collection did not appear in home project"
166 refute_includes found_uuids, collections(:collection_owned_by_active_past_version_1).uuid, "collection appeared unexpectedly in home project"
169 test "list collections in home project, including old versions" do
170 authorize_with :active
171 get(:contents, params: {
173 include_old_versions: true,
175 ['uuid', 'is_a', 'arvados#collection'],
178 id: users(:active).uuid,
180 assert_response :success
181 found_uuids = json_response['items'].collect { |i| i['uuid'] }
182 assert_includes found_uuids, collections(:collection_owned_by_active).uuid, "collection did not appear in home project"
183 assert_includes found_uuids, collections(:collection_owned_by_active_past_version_1).uuid, "old collection version did not appear in home project"
186 test "user with project read permission can see project collections" do
187 authorize_with :project_viewer
188 get :contents, params: {
189 id: groups(:asubproject).uuid,
192 ids = json_response['items'].map { |item| item["uuid"] }
193 assert_includes ids, collections(:baz_file_in_asubproject).uuid
197 ['collections.name', 'asc', :<=, "name"],
198 ['collections.name', 'desc', :>=, "name"],
199 ['name', 'asc', :<=, "name"],
200 ['name', 'desc', :>=, "name"],
201 ['collections.created_at', 'asc', :<=, "created_at"],
202 ['collections.created_at', 'desc', :>=, "created_at"],
203 ['created_at', 'asc', :<=, "created_at"],
204 ['created_at', 'desc', :>=, "created_at"],
205 ].each do |column, order, operator, field|
206 test "user with project read permission can sort projects on #{column} #{order}" do
207 authorize_with :project_viewer
208 get :contents, params: {
209 id: groups(:asubproject).uuid,
211 filters: [['uuid', 'is_a', "arvados#collection"]],
212 order: "#{column} #{order}"
214 sorted_values = json_response['items'].collect { |item| item[field] }
216 # Here we avoid assuming too much about the database
217 # collation. Both "alice"<"Bob" and "alice">"Bob" can be
218 # correct. Hopefully it _is_ safe to assume that if "a" comes
219 # before "b" in the ascii alphabet, "aX">"bY" is never true for
220 # any strings X and Y.
221 reliably_sortable_names = sorted_values.select do |name|
222 name[0] >= 'a' && name[0] <= 'z'
226 # Preserve order of sorted_values. But do not use &=. If
227 # sorted_values has out-of-order duplicates, we want to preserve
228 # them here, so we can detect them and fail the test below.
229 sorted_values.select! do |name|
230 reliably_sortable_names.include? name
233 assert_sorted(operator, sorted_values)
237 def assert_sorted(operator, sorted_items)
238 actually_checked_anything = false
240 sorted_items.each do |entry|
242 assert_operator(previous, operator, entry,
243 "Entries sorted incorrectly.")
244 actually_checked_anything = true
248 assert actually_checked_anything, "Didn't even find two items to compare."
251 # Even though the project_viewer tests go through other controllers,
252 # I'm putting them here so they're easy to find alongside the other
254 def check_new_project_link_fails(link_attrs)
255 @controller = Arvados::V1::LinksController.new
256 post :create, params: {
258 link_class: "permission",
260 head_uuid: groups(:aproject).uuid,
263 assert_includes(403..422, response.status)
266 test "user with project read permission can't add users to it" do
267 authorize_with :project_viewer
268 check_new_project_link_fails(tail_uuid: users(:spectator).uuid)
271 test "user with project read permission can't add items to it" do
272 authorize_with :project_viewer
273 check_new_project_link_fails(tail_uuid: collections(:baz_file).uuid)
276 test "user with project read permission can't rename items in it" do
277 authorize_with :project_viewer
278 @controller = Arvados::V1::CollectionsController.new
279 post :update, params: {
280 id: collections(:collection_to_search_for_in_aproject).uuid,
281 name: "Denied test name",
283 assert_includes(403..404, response.status)
286 test "user with project read permission can't remove items from it" do
287 @controller = Arvados::V1::CollectionsController.new
288 authorize_with :project_viewer
289 post :update, params: {
290 id: collections(:collection_to_search_for_in_aproject).uuid,
292 owner_uuid: users(:project_viewer).uuid,
298 test "user with project read permission can't delete it" do
299 authorize_with :project_viewer
300 post :destroy, params: {id: groups(:aproject).uuid}
304 test 'get group-owned objects with limit' do
305 authorize_with :active
306 get :contents, params: {
307 id: groups(:aproject).uuid,
311 assert_response :success
312 assert_operator 1, :<, json_response['items_available']
313 assert_equal 1, json_response['items'].count
316 test 'get group-owned objects with limit and offset' do
317 authorize_with :active
318 get :contents, params: {
319 id: groups(:aproject).uuid,
324 assert_response :success
325 assert_operator 1, :<, json_response['items_available']
326 assert_equal 0, json_response['items'].count
329 test 'get group-owned objects with select' do
330 authorize_with :active
331 get :contents, params: {
332 id: groups(:aproject).uuid,
335 select: ["uuid", "storage_classes_desired"]
337 assert_response :success
338 assert_equal 6, json_response['items_available']
339 assert_equal 6, json_response['items'].count
340 json_response['items'].each do |item|
341 # Expect collections to have a storage_classes field, other items should not.
342 if item["kind"] == "arvados#collection"
343 assert !item["storage_classes_desired"].nil?
345 assert item["storage_classes_desired"].nil?
350 test 'get group-owned objects with invalid field in select' do
351 authorize_with :active
352 get :contents, params: {
353 id: groups(:aproject).uuid,
356 select: ["uuid", "storage_classes_desire"]
361 test 'get group-owned objects with additional filter matching nothing' do
362 authorize_with :active
363 get :contents, params: {
364 id: groups(:aproject).uuid,
365 filters: [['uuid', 'in', ['foo_not_a_uuid','bar_not_a_uuid']]],
368 assert_response :success
369 assert_equal [], json_response['items']
370 assert_equal 0, json_response['items_available']
373 %w(offset limit).each do |arg|
374 ['foo', '', '1234five', '0x10', '-8'].each do |val|
375 test "Raise error on bogus #{arg} parameter #{val.inspect}" do
376 authorize_with :active
377 get :contents, params: {
378 :id => groups(:aproject).uuid,
387 test "Collection contents don't include manifest_text or unsigned_manifest_text" do
388 authorize_with :active
389 get :contents, params: {
390 id: groups(:aproject).uuid,
391 filters: [["uuid", "is_a", "arvados#collection"]],
394 assert_response :success
395 refute(json_response["items"].any? { |c| not c["portable_data_hash"] },
396 "response included an item without a portable data hash")
397 refute(json_response["items"].any? { |c| c.include?("manifest_text") },
398 "response included an item with manifest_text")
399 refute(json_response["items"].any? { |c| c.include?("unsigned_manifest_text") },
400 "response included an item with unsigned_manifest_text")
403 test 'get writable_by list for owned group' do
404 authorize_with :active
406 id: groups(:aproject).uuid,
409 assert_response :success
410 assert_not_nil(json_response['writable_by'],
411 "Should receive uuid list in 'writable_by' field")
412 assert_includes(json_response['writable_by'], users(:active).uuid,
413 "owner should be included in writable_by list")
416 test 'no writable_by list for group with read-only access' do
417 authorize_with :rominiadmin
419 id: groups(:testusergroup_admins).uuid,
422 assert_response :success
423 assert_equal([json_response['owner_uuid']],
424 json_response['writable_by'],
425 "Should only see owner_uuid in 'writable_by' field")
428 test 'get writable_by list by admin user' do
429 authorize_with :admin
431 id: groups(:testusergroup_admins).uuid,
434 assert_response :success
435 assert_not_nil(json_response['writable_by'],
436 "Should receive uuid list in 'writable_by' field")
437 assert_includes(json_response['writable_by'],
439 "Current user should be included in 'writable_by' field")
442 test 'creating subproject with duplicate name fails' do
443 authorize_with :active
444 post :create, params: {
447 owner_uuid: users(:active).uuid,
448 group_class: 'project',
452 response_errors = json_response['errors']
453 assert_not_nil response_errors, 'Expected error in response'
454 assert(response_errors.first.include?('duplicate key'),
455 "Expected 'duplicate key' error in #{response_errors.first}")
458 test 'creating duplicate named subproject succeeds with ensure_unique_name' do
459 authorize_with :active
460 post :create, params: {
463 owner_uuid: users(:active).uuid,
464 group_class: 'project',
466 ensure_unique_name: true
468 assert_response :success
469 new_project = json_response
470 assert_not_equal(new_project['uuid'],
471 groups(:aproject).uuid,
472 "create returned same uuid as existing project")
473 assert_match(/^A Project \(#{new_project['uuid'][-15..-1]}\)$/,
478 [['owner_uuid', '!=', 'zzzzz-tpzed-xurymjxw79nv3jz'], 200,
479 'zzzzz-j7d0g-publicfavorites', 'zzzzz-xvhdp-cr4queuedcontnr'],
480 [["container_requests.state", "not in", ["Final"]], 200,
481 'zzzzz-xvhdp-cr4queuedcontnr', 'zzzzz-xvhdp-cr4completedctr'],
482 [['container_requests.requesting_container_uuid', '=', nil], 200,
483 'zzzzz-xvhdp-cr4queuedcontnr', 'zzzzz-xvhdp-cr4requestercn2'],
484 [['container_requests.no_such_column', '=', nil], 422],
485 [['container_requests.', '=', nil], 422],
486 [['.requesting_container_uuid', '=', nil], 422],
487 [['no_such_table.uuid', '!=', 'zzzzz-tpzed-xurymjxw79nv3jz'], 422],
488 ].each do |filter, expect_code, expect_uuid, not_expect_uuid|
489 test "get contents with '#{filter}' filter" do
490 authorize_with :active
491 get :contents, params: {filters: [filter], format: :json}
492 assert_response expect_code
493 if expect_code == 200
494 assert_not_empty json_response['items']
495 item_uuids = json_response['items'].collect {|item| item['uuid']}
496 assert_includes(item_uuids, expect_uuid)
497 assert_not_includes(item_uuids, not_expect_uuid)
502 test 'get contents with low max_index_database_read' do
503 # Some result will certainly have at least 12 bytes in a
506 # We cannot use collections.manifest_text to test this, because
507 # GroupsController refuses to select manifest_text, because
508 # controller doesn't sign manifests in a groups#contents response.
509 Rails.configuration.API.MaxIndexDatabaseRead = 12
510 authorize_with :active
511 get :contents, params: {
512 uuid: users(:active).uuid,
515 assert_response :success
516 assert_not_empty(json_response['items'])
517 assert_operator(json_response['items'].count,
518 :<, json_response['items_available'])
521 test 'get contents, recursive=true' do
522 authorize_with :active
524 id: groups(:aproject).uuid,
528 get :contents, params: params
529 owners = json_response['items'].map do |item|
532 assert_includes(owners, groups(:aproject).uuid)
533 assert_includes(owners, groups(:asubproject).uuid)
536 [false, nil].each do |recursive|
537 test "get contents, recursive=#{recursive.inspect}" do
538 authorize_with :active
540 id: groups(:aproject).uuid,
543 params[:recursive] = false if recursive == false
544 get :contents, params: params
545 owners = json_response['items'].map do |item|
548 assert_includes(owners, groups(:aproject).uuid)
549 refute_includes(owners, groups(:asubproject).uuid)
553 test 'get home project contents, recursive=true' do
554 authorize_with :active
555 get :contents, params: {
556 id: users(:active).uuid,
560 owners = json_response['items'].map do |item|
563 assert_includes(owners, users(:active).uuid)
564 assert_includes(owners, groups(:aproject).uuid)
565 assert_includes(owners, groups(:asubproject).uuid)
568 [:afiltergroup, :private_role].each do |grp|
569 test "delete non-project group #{grp}" do
570 authorize_with :admin
571 assert_not_nil Group.find_by_uuid(groups(grp).uuid)
572 assert !Group.find_by_uuid(groups(grp).uuid).is_trashed
573 post :destroy, params: {
574 id: groups(grp).uuid,
577 assert_response :success
578 # Should not be trashed
579 assert_nil Group.find_by_uuid(groups(grp).uuid)
584 [false, :inactive, :private_role, false],
585 [false, :spectator, :private_role, false],
586 [false, :admin, :private_role, true],
587 [true, :inactive, :private_role, false],
588 [true, :spectator, :private_role, true],
589 [true, :admin, :private_role, true],
590 # project (non-role) groups are invisible even when RoleGroupsVisibleToAll is true
591 [true, :inactive, :private, false],
592 [true, :spectator, :private, false],
593 [true, :admin, :private, true],
594 ].each do |visibleToAll, userFixture, groupFixture, visible|
595 test "with RoleGroupsVisibleToAll=#{visibleToAll}, #{groupFixture} group is #{visible ? '' : 'in'}visible to #{userFixture} user" do
596 Rails.configuration.Users.RoleGroupsVisibleToAll = visibleToAll
597 authorize_with userFixture
598 get :show, params: {id: groups(groupFixture).uuid, format: :json}
600 assert_response :success
607 ### trashed project tests ###
612 # trashed_project (zzzzz-j7d0g-trashedproject1)
613 # trashed_subproject (zzzzz-j7d0g-trashedproject2)
614 # trashed_subproject3 (zzzzz-j7d0g-trashedproject3)
615 # zzzzz-xvhdp-cr5trashedcontr
618 :admin].each do |auth|
619 # project: to query, to untrash, is visible, parent contents listing success
621 [:trashed_project, [], false, true],
622 [:trashed_project, [:trashed_project], true, true],
623 [:trashed_subproject, [], false, false],
624 [:trashed_subproject, [:trashed_project], true, true],
625 [:trashed_subproject3, [:trashed_project], false, true],
626 [:trashed_subproject3, [:trashed_subproject3], false, false],
627 [:trashed_subproject3, [:trashed_project, :trashed_subproject3], true, true],
628 ].each do |project, untrash, visible, success|
630 test "contents listing #{project} #{untrash} as #{auth}" do
633 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
635 get :contents, params: {
636 id: groups(project).owner_uuid,
640 assert_response :success
641 item_uuids = json_response['items'].map do |item|
645 assert_includes(item_uuids, groups(project).uuid)
647 assert_not_includes(item_uuids, groups(project).uuid)
654 test "contents of #{project} #{untrash} as #{auth}" do
657 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
659 get :contents, params: {
660 id: groups(project).uuid,
664 assert_response :success
670 test "index #{project} #{untrash} as #{auth}" do
673 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
675 get :index, params: {
678 assert_response :success
679 item_uuids = json_response['items'].map do |item|
683 assert_includes(item_uuids, groups(project).uuid)
685 assert_not_includes(item_uuids, groups(project).uuid)
689 test "show #{project} #{untrash} as #{auth}" do
692 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
695 id: groups(project).uuid,
699 assert_response :success
705 test "show include_trash=false #{project} #{untrash} as #{auth}" do
708 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
711 id: groups(project).uuid,
716 assert_response :success
722 test "show include_trash #{project} #{untrash} as #{auth}" do
725 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
728 id: groups(project).uuid,
732 assert_response :success
735 test "index include_trash #{project} #{untrash} as #{auth}" do
738 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
740 get :index, params: {
744 assert_response :success
745 item_uuids = json_response['items'].map do |item|
748 assert_includes(item_uuids, groups(project).uuid)
752 test "delete project #{auth}" do
754 [:trashed_project].each do |pr|
755 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
757 assert !Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
758 post :destroy, params: {
759 id: groups(:trashed_project).uuid,
762 assert_response :success
763 assert Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
766 test "untrash project #{auth}" do
768 assert Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
769 post :untrash, params: {
770 id: groups(:trashed_project).uuid,
773 assert_response :success
774 assert !Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
777 test "untrash project with name conflict #{auth}" do
779 [:trashed_project].each do |pr|
780 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
782 gc = Group.create!({owner_uuid: "zzzzz-j7d0g-trashedproject1",
783 name: "trashed subproject 3",
784 group_class: "project"})
785 post :untrash, params: {
786 id: groups(:trashed_subproject3).uuid,
788 ensure_unique_name: true
790 assert_response :success
791 assert_match /^trashed subproject 3 \(#{json_response['uuid'][-15..-1]}\)$/, json_response['name']
794 test "move trashed subproject to new owner #{auth}" do
796 assert_nil Group.readable_by(users(auth)).where(uuid: groups(:trashed_subproject).uuid).first
797 put :update, params: {
798 id: groups(:trashed_subproject).uuid,
800 owner_uuid: users(:active).uuid
805 assert_response :success
806 assert_not_nil Group.readable_by(users(auth)).where(uuid: groups(:trashed_subproject).uuid).first
810 # the group class overrides the destroy method. Make sure that the destroyed
813 {group_class: "project"},
814 {group_class: "role"},
815 {group_class: "filter", properties: {"filters":[]}},
817 test "destroy group #{params} returns object" do
818 authorize_with :active
820 group = Group.create!(params)
822 post :destroy, params: {
826 assert_response :success
827 assert_not_nil json_response
828 assert_equal group.uuid, json_response["uuid"]
832 test 'get shared owned by another user' do
833 authorize_with :user_bar_in_sharing_group
835 act_as_system_user do
837 tail_uuid: users(:user_bar_in_sharing_group).uuid,
838 link_class: 'permission',
840 head_uuid: groups(:project_owned_by_foo).uuid)
843 get :shared, params: {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"}
845 assert_equal 1, json_response['items'].length
846 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
848 assert_equal 1, json_response['included'].length
849 assert_equal json_response['included'][0]["uuid"], users(:user_foo_in_sharing_group).uuid
852 test 'get shared, owned by unreadable project' do
853 authorize_with :user_bar_in_sharing_group
855 act_as_system_user do
856 Group.find_by_uuid(groups(:project_owned_by_foo).uuid).update!(owner_uuid: groups(:aproject).uuid)
858 tail_uuid: users(:user_bar_in_sharing_group).uuid,
859 link_class: 'permission',
861 head_uuid: groups(:project_owned_by_foo).uuid)
864 get :shared, params: {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"}
866 assert_equal 1, json_response['items'].length
867 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
869 assert_equal 0, json_response['included'].length
872 test 'get shared, add permission link' do
873 authorize_with :user_bar_in_sharing_group
875 act_as_system_user do
876 Link.create!(tail_uuid: groups(:group_for_sharing_tests).uuid,
877 head_uuid: groups(:project_owned_by_foo).uuid,
878 link_class: 'permission',
882 get :shared, params: {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"}
884 assert_equal 1, json_response['items'].length
885 assert_equal groups(:project_owned_by_foo).uuid, json_response['items'][0]["uuid"]
887 assert_equal 1, json_response['included'].length
888 assert_equal users(:user_foo_in_sharing_group).uuid, json_response['included'][0]["uuid"]
891 ### contents with exclude_home_project
893 test 'contents, exclude home owned by another user' do
894 authorize_with :user_bar_in_sharing_group
896 act_as_system_user do
898 tail_uuid: users(:user_bar_in_sharing_group).uuid,
899 link_class: 'permission',
901 head_uuid: groups(:project_owned_by_foo).uuid)
903 tail_uuid: users(:user_bar_in_sharing_group).uuid,
904 link_class: 'permission',
906 head_uuid: collections(:collection_owned_by_foo).uuid)
909 get :contents, params: {:include => "owner_uuid", :exclude_home_project => true}
911 assert_equal 2, json_response['items'].length
912 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
913 assert_equal json_response['items'][1]["uuid"], collections(:collection_owned_by_foo).uuid
915 assert_equal 1, json_response['included'].length
916 assert_equal json_response['included'][0]["uuid"], users(:user_foo_in_sharing_group).uuid
919 test 'contents, exclude home, owned by unreadable project' do
920 authorize_with :user_bar_in_sharing_group
922 act_as_system_user do
923 Group.find_by_uuid(groups(:project_owned_by_foo).uuid).update!(owner_uuid: groups(:aproject).uuid)
925 tail_uuid: users(:user_bar_in_sharing_group).uuid,
926 link_class: 'permission',
928 head_uuid: groups(:project_owned_by_foo).uuid)
931 get :contents, params: {:include => "owner_uuid", :exclude_home_project => true}
933 assert_equal 1, json_response['items'].length
934 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
936 assert_equal 0, json_response['included'].length
939 test 'contents, exclude home, add permission link' do
940 authorize_with :user_bar_in_sharing_group
942 act_as_system_user do
943 Link.create!(tail_uuid: groups(:group_for_sharing_tests).uuid,
944 head_uuid: groups(:project_owned_by_foo).uuid,
945 link_class: 'permission',
949 get :contents, params: {:include => "owner_uuid", :exclude_home_project => true}
951 assert_equal 1, json_response['items'].length
952 assert_equal groups(:project_owned_by_foo).uuid, json_response['items'][0]["uuid"]
954 assert_equal 1, json_response['included'].length
955 assert_equal users(:user_foo_in_sharing_group).uuid, json_response['included'][0]["uuid"]
958 test 'contents, exclude home, with parent specified' do
959 authorize_with :active
961 get :contents, params: {id: groups(:aproject).uuid, :include => "owner_uuid", :exclude_home_project => true}
966 test "include_trash does not return trash inside frozen project" do
967 authorize_with :active
968 trashtime = Time.now - 1.second
969 outerproj = Group.create!(group_class: 'project')
970 innerproj = Group.create!(group_class: 'project', owner_uuid: outerproj.uuid)
971 innercoll = Collection.create!(name: 'inner-not-trashed', owner_uuid: innerproj.uuid)
972 innertrash = Collection.create!(name: 'inner-trashed', owner_uuid: innerproj.uuid, trash_at: trashtime)
973 innertrashproj = Group.create!(group_class: 'project', name: 'inner-trashed-proj', owner_uuid: innerproj.uuid, trash_at: trashtime)
974 outertrash = Collection.create!(name: 'outer-trashed', owner_uuid: outerproj.uuid, trash_at: trashtime)
975 innerproj.update!(frozen_by_uuid: users(:active).uuid)
976 get :contents, params: {id: outerproj.uuid, include_trash: true, recursive: true}
977 assert_response :success
978 uuids = json_response['items'].collect { |item| item['uuid'] }
979 assert_includes uuids, outertrash.uuid
980 assert_includes uuids, innerproj.uuid
981 assert_includes uuids, innercoll.uuid
982 refute_includes uuids, innertrash.uuid
983 refute_includes uuids, innertrashproj.uuid
projects / arvados.git / blob