services/api/test/unit/owner_test.rb

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: AGPL-3.0
   4
   5 require 'test_helper'
   6
   7 # Test referential integrity: ensure we cannot leave any object
   8 # without owners by deleting a user or group.
   9 #
  10 # "o" is an owner.
  11 # "i" is an item.
  12
  13 class OwnerTest < ActiveSupport::TestCase
  14   fixtures :users, :groups
  15
  16   setup do
  17     set_user_from_auth :admin_trustedclient
  18   end
  19
  20   User.all
  21   Group.all
  22   [User, Group].each do |o_class|
  23     test "create object with legit #{o_class} owner" do
  24       if o_class == Group
  25         o = o_class.create! group_class: "project"
  26       else
  27         o = o_class.create!
  28       end
  29       i = Collection.create(owner_uuid: o.uuid)
  30       assert i.valid?, "new item should pass validation"
  31       assert i.uuid, "new item should have an ID"
  32       assert Collection.where(uuid: i.uuid).any?, "new item should really be in DB"
  33     end
  34
  35     test "create object with non-existent #{o_class} owner" do
  36       assert_raises(ActiveRecord::RecordInvalid,
  37                     "create should fail with random owner_uuid") do
  38         Collection.create!(owner_uuid: o_class.generate_uuid)
  39       end
  40
  41       i = Collection.create(owner_uuid: o_class.generate_uuid)
  42       assert !i.valid?, "object with random owner_uuid should not be valid?"
  43
  44       i = Collection.new(owner_uuid: o_class.generate_uuid)
  45       assert !i.valid?, "new item should not pass validation"
  46       assert !i.uuid, "new item should not have an ID"
  47     end
  48
  49     [User, Group].each do |new_o_class|
  50       test "change owner from legit #{o_class} to legit #{new_o_class} owner" do
  51         o = if o_class == Group
  52               o_class.create! group_class: "project"
  53             else
  54               o_class.create!
  55             end
  56         i = Collection.create!(owner_uuid: o.uuid)
  57
  58         new_o = if new_o_class == Group
  59               new_o_class.create! group_class: "project"
  60             else
  61               new_o_class.create!
  62             end
  63
  64         assert(Collection.where(uuid: i.uuid).any?,
  65                "new item should really be in DB")
  66         assert(i.update(owner_uuid: new_o.uuid),
  67                "should change owner_uuid from #{o.uuid} to #{new_o.uuid}")
  68       end
  69     end
  70
  71     test "delete #{o_class} that owns nothing" do
  72       if o_class == Group
  73         o = o_class.create! group_class: "project"
  74       else
  75         o = o_class.create!
  76       end
  77       assert(o_class.where(uuid: o.uuid).any?,
  78              "new #{o_class} should really be in DB")
  79       assert(o.destroy, "should delete #{o_class} that owns nothing")
  80       assert_equal(false, o_class.where(uuid: o.uuid).any?,
  81                    "#{o.uuid} should not be in DB after deleting")
  82     end
  83
  84     test "change uuid of #{o_class} that owns nothing" do
  85       # (we're relying on our admin credentials here)
  86       if o_class == Group
  87         o = o_class.create! group_class: "project"
  88       else
  89         o = o_class.create!
  90       end
  91       assert(o_class.where(uuid: o.uuid).any?,
  92              "new #{o_class} should really be in DB")
  93       old_uuid = o.uuid
  94       new_uuid = o.uuid.sub(/..........$/, rand(2**256).to_s(36)[0..9])
  95       assert(o.update(uuid: new_uuid),
  96               "should change #{o_class} uuid from #{old_uuid} to #{new_uuid}")
  97       assert_equal(false, o_class.where(uuid: old_uuid).any?,
  98                    "#{old_uuid} should disappear when renamed to #{new_uuid}")
  99     end
 100   end
 101
 102   ['users(:active)', 'groups(:aproject)'].each do |ofixt|
 103     test "delete #{ofixt} that owns other objects" do
 104       o = eval ofixt
 105       assert_equal(true, Collection.where(owner_uuid: o.uuid).any?,
 106                    "need something to be owned by #{o.uuid} for this test")
 107
 108       skip_check_permissions_against_full_refresh do
 109         assert_raises(ActiveRecord::DeleteRestrictionError,
 110                       "should not delete #{ofixt} that owns objects") do
 111           o.destroy
 112         end
 113       end
 114     end
 115
 116     test "change uuid of #{ofixt} that owns other objects" do
 117       o = eval ofixt
 118       assert_equal(true, Collection.where(owner_uuid: o.uuid).any?,
 119                    "need something to be owned by #{o.uuid} for this test")
 120       new_uuid = o.uuid.sub(/..........$/, rand(2**256).to_s(36)[0..9])
 121       assert(!o.update(uuid: new_uuid),
 122              "should not change uuid of #{ofixt} that owns objects")
 123     end
 124   end
 125
 126   test "delete User that owns self" do
 127     o = User.create!
 128     assert User.where(uuid: o.uuid).any?, "new User should really be in DB"
 129     assert_equal(true, o.update(owner_uuid: o.uuid),
 130                  "setting owner to self should work")
 131
 132     skip_check_permissions_against_full_refresh do
 133       assert(o.destroy, "should delete User that owns self")
 134     end
 135
 136     assert_equal(false, User.where(uuid: o.uuid).any?,
 137                  "#{o.uuid} should not be in DB after deleting")
 138     check_permissions_against_full_refresh
 139   end
 140
 141 end