3 class Arvados::V1::LinksControllerTest < ActionController::TestCase
5 ['link', 'link_json'].each do |formatted_link|
6 test "no symbol keys in serialized hash #{formatted_link}" do
8 properties: {username: 'testusername'},
11 tail_uuid: users(:admin).uuid,
12 head_uuid: virtual_machines(:testvm).uuid
15 if formatted_link == 'link_json'
16 post :create, link: link.to_json
18 post :create, link: link
20 assert_response :success
21 assert_not_nil assigns(:object)
22 assert_equal 'testusername', assigns(:object).properties['username']
23 assert_equal false, assigns(:object).properties.has_key?(:username)
27 %w(created_at modified_at).each do |attr|
28 {nil: nil, bogus: 2.days.ago}.each do |bogustype, bogusvalue|
29 test "cannot set #{bogustype} #{attr} in create" do
30 authorize_with :active
36 }.merge(attr => bogusvalue)
38 assert_response :success
39 resp = JSON.parse @response.body
40 assert_in_delta Time.now, Time.parse(resp[attr]), 3.0
42 test "cannot set #{bogustype} #{attr} in update" do
43 really_created_at = links(:test_timestamps).created_at
44 authorize_with :active
46 id: links(:test_timestamps).uuid,
48 :properties => {test: 'test'},
52 assert_response :success
53 resp = JSON.parse @response.body
56 assert_in_delta really_created_at, Time.parse(resp[attr]), 0.001
58 assert_in_delta Time.now, Time.parse(resp[attr]), 3.0
64 test "head must exist" do
68 tail_uuid: users(:active).uuid,
69 head_uuid: 'zzzzz-tpzed-xyzxyzxerrrorxx'
72 post :create, link: link
76 test "tail must exist" do
80 head_uuid: users(:active).uuid,
81 tail_uuid: 'zzzzz-tpzed-xyzxyzxerrrorxx'
84 post :create, link: link
88 test "head and tail exist, head_kind and tail_kind are returned" do
92 head_uuid: users(:active).uuid,
93 tail_uuid: users(:spectator).uuid,
96 post :create, link: link
97 assert_response :success
98 l = JSON.parse(@response.body)
99 assert 'arvados#user', l['head_kind']
100 assert 'arvados#user', l['tail_kind']
103 test "can supply head_kind and tail_kind without error" do
107 head_uuid: users(:active).uuid,
108 tail_uuid: users(:spectator).uuid,
109 head_kind: "arvados#user",
110 tail_kind: "arvados#user",
112 authorize_with :admin
113 post :create, link: link
114 assert_response :success
115 l = JSON.parse(@response.body)
116 assert 'arvados#user', l['head_kind']
117 assert 'arvados#user', l['tail_kind']
120 test "tail must be visible by user" do
124 head_uuid: users(:active).uuid,
125 tail_uuid: authorized_keys(:admin).uuid,
127 authorize_with :active
128 post :create, link: link
132 test "filter links with 'is_a' operator" do
133 authorize_with :admin
135 filters: [ ['tail_uuid', 'is_a', 'arvados#user'] ]
137 assert_response :success
138 found = assigns(:objects)
139 assert_not_equal 0, found.count
140 assert_equal found.count, (found.select { |f| f.tail_uuid.match User.uuid_regex }).count
143 test "filter links with 'is_a' operator with more than one" do
144 authorize_with :admin
146 filters: [ ['tail_uuid', 'is_a', ['arvados#user', 'arvados#group'] ] ],
148 assert_response :success
149 found = assigns(:objects)
150 assert_not_equal 0, found.count
151 assert_equal found.count, (found.select { |f|
152 f.tail_uuid.match User.uuid_regex or
153 f.tail_uuid.match Group.uuid_regex
157 test "filter links with 'is_a' operator with bogus type" do
158 authorize_with :admin
160 filters: [ ['tail_uuid', 'is_a', ['arvados#bogus'] ] ],
162 assert_response :success
163 found = assigns(:objects)
164 assert_equal 0, found.count
167 test "filter links with 'is_a' operator with collection" do
168 authorize_with :admin
170 filters: [ ['head_uuid', 'is_a', ['arvados#collection'] ] ],
172 assert_response :success
173 found = assigns(:objects)
174 assert_not_equal 0, found.count
175 assert_equal found.count, (found.select { |f| f.head_uuid.match Collection.uuid_regex}).count
178 test "test can still use where tail_kind" do
179 authorize_with :admin
181 where: { tail_kind: 'arvados#user' }
183 assert_response :success
184 found = assigns(:objects)
185 assert_not_equal 0, found.count
186 assert_equal found.count, (found.select { |f| f.tail_uuid.match User.uuid_regex }).count
189 test "test can still use where head_kind" do
190 authorize_with :admin
192 where: { head_kind: 'arvados#user' }
194 assert_response :success
195 found = assigns(:objects)
196 assert_not_equal 0, found.count
197 assert_equal found.count, (found.select { |f| f.head_uuid.match User.uuid_regex }).count
200 test "test can still use filter tail_kind" do
201 authorize_with :admin
203 filters: [ ['tail_kind', '=', 'arvados#user'] ]
205 assert_response :success
206 found = assigns(:objects)
207 assert_not_equal 0, found.count
208 assert_equal found.count, (found.select { |f| f.tail_uuid.match User.uuid_regex }).count
211 test "test can still use filter head_kind" do
212 authorize_with :admin
214 filters: [ ['head_kind', '=', 'arvados#user'] ]
216 assert_response :success
217 found = assigns(:objects)
218 assert_not_equal 0, found.count
219 assert_equal found.count, (found.select { |f| f.head_uuid.match User.uuid_regex }).count
222 test "head_kind matches head_uuid" do
226 head_uuid: groups(:public).uuid,
227 head_kind: "arvados#user",
228 tail_uuid: users(:spectator).uuid,
229 tail_kind: "arvados#user",
231 authorize_with :admin
232 post :create, link: link
236 test "tail_kind matches tail_uuid" do
240 head_uuid: users(:active).uuid,
241 head_kind: "arvados#user",
242 tail_uuid: groups(:public).uuid,
243 tail_kind: "arvados#user",
245 authorize_with :admin
246 post :create, link: link
250 test "test with virtual_machine" do
252 tail_kind: "arvados#user",
253 tail_uuid: users(:active).uuid,
254 head_kind: "arvados#virtual_machine",
255 head_uuid: virtual_machines(:testvm).uuid,
256 link_class: "permission",
258 properties: {username: "repo_and_user_name"}
260 authorize_with :admin
261 post :create, link: link
265 test "test with virtualMachine" do
267 tail_kind: "arvados#user",
268 tail_uuid: users(:active).uuid,
269 head_kind: "arvados#virtualMachine",
270 head_uuid: virtual_machines(:testvm).uuid,
271 link_class: "permission",
273 properties: {username: "repo_and_user_name"}
275 authorize_with :admin
276 post :create, link: link
277 assert_response :success
280 test "project owner can show a project permission" do
281 uuid = links(:project_viewer_can_read_project).uuid
282 authorize_with :active
284 assert_response :success
285 assert_equal(uuid, assigns(:object).andand.uuid)
288 test "admin can show a project permission" do
289 uuid = links(:project_viewer_can_read_project).uuid
290 authorize_with :admin
292 assert_response :success
293 assert_equal(uuid, assigns(:object).andand.uuid)
296 test "project viewer can't show others' project permissions" do
297 authorize_with :project_viewer
298 get :show, id: links(:admin_can_write_aproject).uuid
302 test "requesting a nonexistent link returns 404" do
303 authorize_with :active
304 get :show, id: 'zzzzz-zzzzz-zzzzzzzzzzzzzzz'
309 skip "retrieve all permissions using generic links index api" do
310 # Links.readable_by() does not return the full set of permission
311 # links that are visible to a user (i.e., all permission links
312 # whose head_uuid references an object for which the user has
313 # ownership or can_manage permission). Therefore, neither does
316 # It is possible to retrieve the full set of permissions for a
317 # single object via /arvados/v1/permissions.
318 authorize_with :active
319 get :index, filters: [['link_class', '=', 'permission'],
320 ['head_uuid', '=', groups(:aproject).uuid]]
321 assert_response :success
322 assert_not_nil assigns(:objects)
323 assert_includes(assigns(:objects).map(&:uuid),
324 links(:project_viewer_can_read_project).uuid)
327 test "admin can index project permissions" do
328 authorize_with :admin
329 get :index, filters: [['link_class', '=', 'permission'],
330 ['head_uuid', '=', groups(:aproject).uuid]]
331 assert_response :success
332 assert_not_nil assigns(:objects)
333 assert_includes(assigns(:objects).map(&:uuid),
334 links(:project_viewer_can_read_project).uuid)
337 test "project viewer can't index others' project permissions" do
338 authorize_with :project_viewer
339 get :index, filters: [['link_class', '=', 'permission'],
340 ['head_uuid', '=', groups(:aproject).uuid],
341 ['tail_uuid', '!=', users(:project_viewer).uuid]]
342 assert_response :success
343 assert_not_nil assigns(:objects)
344 assert_empty assigns(:objects)
347 # Granting permissions.
348 test "grant can_read on project to other users in group" do
349 authorize_with :user_foo_in_sharing_group
351 refute users(:user_bar_in_sharing_group).can?(read: collections(:collection_owned_by_foo).uuid)
355 tail_uuid: users(:user_bar_in_sharing_group).uuid,
356 link_class: 'permission',
358 head_uuid: collections(:collection_owned_by_foo).uuid,
361 assert_response :success
362 assert users(:user_bar_in_sharing_group).can?(read: collections(:collection_owned_by_foo).uuid)