projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch '12377-arvbox-composer' refs #12377
[arvados.git] / apps / workbench / test / controllers / projects_controller_test.rb
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: AGPL-3.0
4
5 require 'test_helper'
6 require 'helpers/share_object_helper'
7
8 class ProjectsControllerTest < ActionController::TestCase
9   include ShareObjectHelper
10
11   test "invited user is asked to sign user agreements on front page" do
12     get :index, {}, session_for(:inactive)
13     assert_response :redirect
14     assert_match(/^#{Regexp.escape(user_agreements_url)}\b/,
15                  @response.redirect_url,
16                  "Inactive user was not redirected to user_agreements page")
17   end
18
19   test "uninvited user is asked to wait for activation" do
20     get :index, {}, session_for(:inactive_uninvited)
21     assert_response :redirect
22     assert_match(/^#{Regexp.escape(inactive_users_url)}\b/,
23                  @response.redirect_url,
24                  "Uninvited user was not redirected to inactive user page")
25   end
26
27   [[:active, true],
28    [:project_viewer, false]].each do |which_user, should_show|
29     test "create subproject button #{'not ' unless should_show} shown to #{which_user}" do
30       readonly_project_uuid = api_fixture('groups')['aproject']['uuid']
31       get :show, {
32         id: readonly_project_uuid
33       }, session_for(which_user)
34       buttons = css_select('[data-method=post]').select do |el|
35         el.attributes['data-remote-href'].match /project.*owner_uuid.*#{readonly_project_uuid}/
36       end
37       if should_show
38         assert_not_empty(buttons, "did not offer to create a subproject")
39       else
40         assert_empty(buttons.collect(&:to_s),
41                      "offered to create a subproject in a non-writable project")
42       end
43     end
44   end
45
46   test "sharing a project with a user and group" do
47     uuid_list = [api_fixture("groups")["future_project_viewing_group"]["uuid"],
48                  api_fixture("users")["future_project_user"]["uuid"]]
49     post(:share_with, {
50            id: api_fixture("groups")["asubproject"]["uuid"],
51            uuids: uuid_list,
52            format: "json"},
53          session_for(:active))
54     assert_response :success
55     assert_equal(uuid_list, json_response["success"])
56   end
57
58   test "user with project read permission can't add permissions" do
59     share_uuid = api_fixture("users")["spectator"]["uuid"]
60     post(:share_with, {
61            id: api_fixture("groups")["aproject"]["uuid"],
62            uuids: [share_uuid],
63            format: "json"},
64          session_for(:project_viewer))
65     assert_response 422
66     assert(json_response["errors"].andand.
67              any? { |msg| msg.start_with?("#{share_uuid}: ") },
68            "JSON response missing properly formatted sharing error")
69   end
70
71   test "admin can_manage aproject" do
72     assert user_can_manage(:admin, api_fixture("groups")["aproject"])
73   end
74
75   test "owner can_manage aproject" do
76     assert user_can_manage(:active, api_fixture("groups")["aproject"])
77   end
78
79   test "owner can_manage asubproject" do
80     assert user_can_manage(:active, api_fixture("groups")["asubproject"])
81   end
82
83   test "viewer can't manage aproject" do
84     refute user_can_manage(:project_viewer, api_fixture("groups")["aproject"])
85   end
86
87   test "viewer can't manage asubproject" do
88     refute user_can_manage(:project_viewer, api_fixture("groups")["asubproject"])
89   end
90
91   test "subproject_admin can_manage asubproject" do
92     assert user_can_manage(:subproject_admin, api_fixture("groups")["asubproject"])
93   end
94
95   test "detect ownership loop in project breadcrumbs" do
96     # This test has an arbitrary time limit -- otherwise we'd just sit
97     # here forever instead of reporting that the loop was not
98     # detected. The test passes quickly, but fails slowly.
99     Timeout::timeout 10 do
100       get(:show,
101           { id: api_fixture("groups")["project_owns_itself"]["uuid"] },
102           session_for(:admin))
103     end
104     assert_response :success
105   end
106
107   test "project admin can remove collections from the project" do
108     # Deleting an object that supports 'trash_at' should make it
109     # completely inaccessible to API queries, not simply moved out of
110     # the project.
111     coll_key = "collection_to_remove_from_subproject"
112     coll_uuid = api_fixture("collections")[coll_key]["uuid"]
113     delete(:remove_item,
114            { id: api_fixture("groups")["asubproject"]["uuid"],
115              item_uuid: coll_uuid,
116              format: "js" },
117            session_for(:subproject_admin))
118     assert_response :success
119     assert_match(/\b#{coll_uuid}\b/, @response.body,
120                  "removed object not named in response")
121
122     use_token :subproject_admin
123     assert_raise ArvadosApiClient::NotFoundException do
124       Collection.find(coll_uuid, cache: false)
125     end
126   end
127
128   test "project admin can remove items from project other than collections" do
129     # An object which does not have an trash_at field (e.g. Specimen)
130     # should be implicitly moved to the user's Home project when removed.
131     specimen_uuid = api_fixture('specimens', 'in_asubproject')['uuid']
132     delete(:remove_item,
133            { id: api_fixture('groups', 'asubproject')['uuid'],
134              item_uuid: specimen_uuid,
135              format: 'js' },
136            session_for(:subproject_admin))
137     assert_response :success
138     assert_match(/\b#{specimen_uuid}\b/, @response.body,
139                  "removed object not named in response")
140
141     use_token :subproject_admin
142     new_specimen = Specimen.find(specimen_uuid)
143     assert_equal api_fixture('users', 'subproject_admin')['uuid'], new_specimen.owner_uuid
144   end
145
146   # An object which does not offer an expired_at field but has a xx_owner_uuid_name_unique constraint
147   # will be renamed when removed and another object with the same name exists in user's home project.
148   [
149     ['pipeline_templates', 'template_in_asubproject_with_same_name_as_one_in_active_user_home'],
150   ].each do |dm, fixture|
151     test "removing #{dm} from a subproject results in renaming it when there is another such object with same name in home project" do
152       object = api_fixture(dm, fixture)
153       delete(:remove_item,
154              { id: api_fixture('groups', 'asubproject')['uuid'],
155                item_uuid: object['uuid'],
156                format: 'js' },
157              session_for(:active))
158       assert_response :success
159       assert_match(/\b#{object['uuid']}\b/, @response.body,
160                    "removed object not named in response")
161       use_token :active
162       if dm.eql?('groups')
163         found = Group.find(object['uuid'])
164       else
165         found = PipelineTemplate.find(object['uuid'])
166       end
167       assert_equal api_fixture('users', 'active')['uuid'], found.owner_uuid
168       assert_equal true, found.name.include?(object['name'] + ' removed from ')
169     end
170   end
171
172   test 'projects#show tab infinite scroll partial obeys limit' do
173     get_contents_rows(limit: 1, filters: [['uuid','is_a',['arvados#job']]])
174     assert_response :success
175     assert_equal(1, json_response['content'].scan('<tr').count,
176                  "Did not get exactly one row")
177   end
178
179   ['', ' asc', ' desc'].each do |direction|
180     test "projects#show tab partial orders correctly by #{direction}" do
181       _test_tab_content_order direction
182     end
183   end
184
185   def _test_tab_content_order direction
186     get_contents_rows(limit: 100,
187                       order: "created_at#{direction}",
188                       filters: [['uuid','is_a',['arvados#job',
189                                                 'arvados#pipelineInstance']]])
190     assert_response :success
191     not_grouped_by_kind = nil
192     last_timestamp = nil
193     last_kind = nil
194     found_kind = {}
195     json_response['content'].scan /<tr[^>]+>/ do |tr_tag|
196       found_timestamps = 0
197       tr_tag.scan(/\ data-object-created-at=\"(.*?)\"/).each do |t,|
198         if last_timestamp
199           correct_operator = / desc$/ =~ direction ? :>= : :<=
200           assert_operator(last_timestamp, correct_operator, t,
201                           "Rows are not sorted by created_at#{direction}")
202         end
203         last_timestamp = t
204         found_timestamps += 1
205       end
206       assert_equal(1, found_timestamps,
207                    "Content row did not have exactly one timestamp")
208
209       # Confirm that the test for timestamp ordering couldn't have
210       # passed merely because the test fixtures have convenient
211       # timestamps (e.g., there is only one pipeline and one job in
212       # the project being tested, or there are no pipelines at all in
213       # the project being tested):
214       tr_tag.scan /\ data-kind=\"(.*?)\"/ do |kind|
215         if last_kind and last_kind != kind and found_kind[kind]
216           # We saw this kind before, then a different kind, then
217           # this kind again. That means objects are not grouped by
218           # kind.
219           not_grouped_by_kind = true
220         end
221         found_kind[kind] ||= 0
222         found_kind[kind] += 1
223         last_kind = kind
224       end
225     end
226     assert_equal(true, not_grouped_by_kind,
227                  "Could not confirm that results are not grouped by kind")
228   end
229
230   def get_contents_rows params
231     params = {
232       id: api_fixture('users')['active']['uuid'],
233       partial: :contents_rows,
234       format: :json,
235     }.merge(params)
236     encoded_params = Hash[params.map { |k,v|
237                             [k, (v.is_a?(Array) || v.is_a?(Hash)) ? v.to_json : v]
238                           }]
239     get :show, encoded_params, session_for(:active)
240   end
241
242   test "visit non-public project as anonymous when anonymous browsing is enabled and expect page not found" do
243     Rails.configuration.anonymous_user_token = api_fixture('api_client_authorizations')['anonymous']['api_token']
244     get(:show, {id: api_fixture('groups')['aproject']['uuid']})
245     assert_response 404
246     assert_match(/log ?in/i, @response.body)
247   end
248
249   test "visit home page as anonymous when anonymous browsing is enabled and expect login" do
250     Rails.configuration.anonymous_user_token = api_fixture('api_client_authorizations')['anonymous']['api_token']
251     get(:index)
252     assert_response :redirect
253     assert_match /\/users\/welcome/, @response.redirect_url
254   end
255
256   [
257     nil,
258     :active,
259   ].each do |user|
260     test "visit public projects page when anon config is enabled, as user #{user}, and expect page" do
261       Rails.configuration.anonymous_user_token = api_fixture('api_client_authorizations')['anonymous']['api_token']
262
263       if user
264         get :public, {}, session_for(user)
265       else
266         get :public
267       end
268
269       assert_response :success
270       assert_not_nil assigns(:objects)
271       project_names = assigns(:objects).collect(&:name)
272       assert_includes project_names, 'Unrestricted public data'
273       assert_not_includes project_names, 'A Project'
274       refute_empty css_select('[href="/projects/public"]')
275     end
276   end
277
278   test "visit public projects page when anon config is not enabled as active user and expect 404" do
279     get :public, {}, session_for(:active)
280     assert_response 404
281   end
282
283   test "visit public projects page when anon config is enabled but public projects page is disabled as active user and expect 404" do
284     Rails.configuration.anonymous_user_token = api_fixture('api_client_authorizations')['anonymous']['api_token']
285     Rails.configuration.enable_public_projects_page = false
286     get :public, {}, session_for(:active)
287     assert_response 404
288   end
289
290   test "visit public projects page when anon config is not enabled as anonymous and expect login page" do
291     get :public
292     assert_response :redirect
293     assert_match /\/users\/welcome/, @response.redirect_url
294     assert_empty css_select('[href="/projects/public"]')
295   end
296
297   test "visit public projects page when anon config is enabled and public projects page is disabled and expect login page" do
298     Rails.configuration.anonymous_user_token = api_fixture('api_client_authorizations')['anonymous']['api_token']
299     Rails.configuration.enable_public_projects_page = false
300     get :index
301     assert_response :redirect
302     assert_match /\/users\/welcome/, @response.redirect_url
303     assert_empty css_select('[href="/projects/public"]')
304   end
305
306   test "visit public projects page when anon config is not enabled and public projects page is enabled and expect login page" do
307     Rails.configuration.enable_public_projects_page = true
308     get :index
309     assert_response :redirect
310     assert_match /\/users\/welcome/, @response.redirect_url
311     assert_empty css_select('[href="/projects/public"]')
312   end
313
314   test "find a project and edit its description" do
315     project = api_fixture('groups')['aproject']
316     use_token :active
317     found = Group.find(project['uuid'])
318     found.description = 'test description update'
319     found.save!
320     get(:show, {id: project['uuid']}, session_for(:active))
321     assert_includes @response.body, 'test description update'
322   end
323
324   test "find a project and edit description to textile description" do
325     project = api_fixture('groups')['aproject']
326     use_token :active
327     found = Group.find(project['uuid'])
328     found.description = '*test bold description for textile formatting*'
329     found.save!
330     get(:show, {id: project['uuid']}, session_for(:active))
331     assert_includes @response.body, '<strong>test bold description for textile formatting</strong>'
332   end
333
334   test "find a project and edit description to html description" do
335     project = api_fixture('groups')['aproject']
336     use_token :active
337     found = Group.find(project['uuid'])
338     found.description = 'Textile description with link to home page <a href="/">take me home</a>.'
339     found.save!
340     get(:show, {id: project['uuid']}, session_for(:active))
341     assert_includes @response.body, 'Textile description with link to home page <a href="/">take me home</a>.'
342   end
343
344   test "find a project and edit description to textile description with link to object" do
345     project = api_fixture('groups')['aproject']
346     use_token :active
347     found = Group.find(project['uuid'])
348
349     # uses 'Link to object' as a hyperlink for the object
350     found.description = '"Link to object":' + api_fixture('groups')['asubproject']['uuid']
351     found.save!
352     get(:show, {id: project['uuid']}, session_for(:active))
353
354     # check that input was converted to textile, not staying as inputted
355     refute_includes  @response.body,'"Link to object"'
356     refute_empty css_select('[href="/groups/zzzzz-j7d0g-axqo7eu9pwvna1x"]')
357   end
358
359   test "project viewer can't see project sharing tab" do
360     project = api_fixture('groups')['aproject']
361     get(:show, {id: project['uuid']}, session_for(:project_viewer))
362     refute_includes @response.body, '<div id="Sharing"'
363     assert_includes @response.body, '<div id="Data_collections"'
364   end
365
366   [
367     'admin',
368     'active',
369   ].each do |username|
370     test "#{username} can see project sharing tab" do
371      project = api_fixture('groups')['aproject']
372      get(:show, {id: project['uuid']}, session_for(username))
373      assert_includes @response.body, '<div id="Sharing"'
374      assert_includes @response.body, '<div id="Data_collections"'
375     end
376   end
377
378   [
379     ['admin',true],
380     ['active',true],
381     ['project_viewer',false],
382   ].each do |user, can_move|
383     test "#{user} can move subproject from project #{can_move}" do
384       get(:show, {id: api_fixture('groups')['aproject']['uuid']}, session_for(user))
385       if can_move
386         assert_includes @response.body, 'Move project...'
387       else
388         refute_includes @response.body, 'Move project...'
389       end
390     end
391   end
392
393   [
394     [:admin, true],
395     [:active, false],
396   ].each do |user, expect_all_nodes|
397     test "in dashboard other index page links as #{user}" do
398       get :index, {}, session_for(user)
399
400       [["processes", "/all_processes"],
401        ["collections", "/collections"],
402       ].each do |target, path|
403         assert_includes @response.body, "href=\"#{path}\""
404         assert_includes @response.body, "All #{target}"
405       end
406
407       if expect_all_nodes
408         assert_includes @response.body, "href=\"/nodes\""
409         assert_includes @response.body, "All nodes"
410       else
411         assert_not_includes @response.body, "href=\"/nodes\""
412         assert_not_includes @response.body, "All nodes"
413       end
414     end
415   end
416
417   test "dashboard should show the correct status for processes" do
418     get :index, {}, session_for(:active)
419     assert_select 'div.panel-body.recent-processes' do
420       [
421         {
422           fixture: 'container_requests',
423           state: 'completed',
424           selectors: [['div.progress', false],
425                       ['span.label.label-success', true, 'Complete']]
426         },
427         {
428           fixture: 'container_requests',
429           state: 'uncommitted',
430           selectors: [['div.progress', false],
431                       ['span.label.label-default', true, 'Uncommitted']]
432         },
433         {
434           fixture: 'container_requests',
435           state: 'queued',
436           selectors: [['div.progress', false],
437                       ['span.label.label-default', true, 'Queued']]
438         },
439         {
440           fixture: 'container_requests',
441           state: 'running',
442           selectors: [['.label-info', true, 'Running']]
443         },
444         {
445           fixture: 'pipeline_instances',
446           state: 'new_pipeline',
447           selectors: [['div.progress', false],
448                       ['span.label.label-default', true, 'Not started']]
449         },
450         {
451           fixture: 'pipeline_instances',
452           state: 'pipeline_in_running_state',
453           selectors: [['.label-info', true, 'Running']]
454         },
455       ].each do |c|
456         uuid = api_fixture(c[:fixture])[c[:state]]['uuid']
457         assert_select "div.dashboard-panel-info-row.row-#{uuid}" do
458           if c.include? :selectors
459             c[:selectors].each do |selector, should_show, label|
460               assert_select selector, should_show, "UUID #{uuid} should #{should_show ? '' : 'not'} show '#{selector}'"
461               if should_show and not label.nil?
462                 assert_select selector, label, "UUID #{uuid} state label should show #{label}"
463               end
464             end
465           end
466         end
467       end
468     end
469   end
470
471   test "visit a public project and verify the public projects page link exists" do
472     Rails.configuration.anonymous_user_token = api_fixture('api_client_authorizations')['anonymous']['api_token']
473     uuid = api_fixture('groups')['anonymously_accessible_project']['uuid']
474     get :show, {id: uuid}
475     project = assigns(:object)
476     assert_equal uuid, project['uuid']
477     refute_empty css_select("[href=\"/projects/#{project['uuid']}\"]")
478     assert_includes @response.body, "<a href=\"/projects/public\">Public Projects</a>"
479   end
480
481   test 'all_projects unaffected by params after use by ProjectsController (#6640)' do
482     @controller = ProjectsController.new
483     project_uuid = api_fixture('groups')['aproject']['uuid']
484     get :index, {
485       filters: [['uuid', '<', project_uuid]].to_json,
486       limit: 0,
487       offset: 1000,
488     }, session_for(:active)
489     assert_select "#projects-menu + ul li.divider ~ li a[href=/projects/#{project_uuid}]"
490   end
491
492   [
493     ["active", 5, ["aproject", "asubproject"], "anonymously_accessible_project"],
494     ["user1_with_load", 2, ["project_with_10_collections"], "project_with_2_pipelines_and_60_crs"],
495     ["admin", 5, ["anonymously_accessible_project", "subproject_in_anonymous_accessible_project"], "aproject"],
496   ].each do |user, page_size, tree_segment, unexpected|
497     # Note: this test is sensitive to database collation. It passes
498     # with en_US.UTF-8.
499     test "build my projects tree for #{user} user and verify #{unexpected} is omitted" do
500       use_token user
501
502       tree, _, _ = @controller.send(:my_wanted_projects_tree,
503                                     User.current,
504                                     page_size)
505
506       tree_segment_at_depth_1 = api_fixture('groups')[tree_segment[0]]
507       tree_segment_at_depth_2 = api_fixture('groups')[tree_segment[1]] if tree_segment[1]
508
509       node_depth = {}
510       tree.each do |x|
511         node_depth[x[:object]['uuid']] = x[:depth]
512       end
513
514       assert_equal(1, node_depth[tree_segment_at_depth_1['uuid']])
515       assert_equal(2, node_depth[tree_segment_at_depth_2['uuid']]) if tree_segment[1]
516
517       unexpected_project = api_fixture('groups')[unexpected]
518       assert_nil(node_depth[unexpected_project['uuid']], node_depth.inspect)
519     end
520   end
521
522   [
523     ["active", 1],
524     ["project_viewer", 1],
525     ["admin", 0],
526   ].each do |user, size|
527     test "starred projects for #{user}" do
528       use_token user
529       ctrl = ProjectsController.new
530       current_user = User.find(api_fixture('users')[user]['uuid'])
531       my_starred_project = ctrl.send :my_starred_projects, current_user
532       assert_equal(size, my_starred_project.andand.size)
533
534       ctrl2 = ProjectsController.new
535       current_user = User.find(api_fixture('users')[user]['uuid'])
536       my_starred_project = ctrl2.send :my_starred_projects, current_user
537       assert_equal(size, my_starred_project.andand.size)
538     end
539   end
540
541   test "unshare project and verify that it is no longer included in shared user's starred projects" do
542     # remove sharing link
543     use_token :system_user
544     Link.find(api_fixture('links')['share_starred_project_with_project_viewer']['uuid']).destroy
545
546     # verify that project is no longer included in starred projects
547     use_token :project_viewer
548     current_user = User.find(api_fixture('users')['project_viewer']['uuid'])
549     ctrl = ProjectsController.new
550     my_starred_project = ctrl.send :my_starred_projects, current_user
551     assert_equal(0, my_starred_project.andand.size)
552
553     # share it again
554     @controller = LinksController.new
555     post :create, {
556       link: {
557         link_class: 'permission',
558         name: 'can_read',
559         head_uuid: api_fixture('groups')['starred_and_shared_active_user_project']['uuid'],
560         tail_uuid: api_fixture('users')['project_viewer']['uuid'],
561       },
562       format: :json
563     }, session_for(:system_user)
564
565     # verify that the project is again included in starred projects
566     use_token :project_viewer
567     ctrl = ProjectsController.new
568     my_starred_project = ctrl.send :my_starred_projects, current_user
569     assert_equal(1, my_starred_project.andand.size)
570   end
571 end