3 class Arvados::V1::UsersControllerTest < ActionController::TestCase
4 include CurrentApiClient
7 @all_links_at_start = Link.all
8 @vm_uuid = virtual_machines(:testvm).uuid
11 test "activate a user after signing UA" do
12 authorize_with :inactive_but_signed_user_agreement
13 post :activate, id: users(:inactive_but_signed_user_agreement).uuid
14 assert_response :success
15 assert_not_nil assigns(:object)
16 me = JSON.parse(@response.body)
17 assert_equal true, me['is_active']
20 test "refuse to activate a user before signing UA" do
22 required_uuids = Link.where("owner_uuid = ? and link_class = ? and name = ? and tail_uuid = ? and head_uuid like ?",
27 Collection.uuid_like_pattern).
30 assert required_uuids.length > 0
32 signed_uuids = Link.where(owner_uuid: system_user_uuid,
33 link_class: 'signature',
35 tail_uuid: users(:inactive).uuid,
36 head_uuid: required_uuids).
39 assert_equal 0, signed_uuids.length
42 authorize_with :inactive
44 post :activate, id: users(:inactive).uuid
47 response_body = JSON.parse(@response.body)
48 assert response_body['errors'].first.include? 'Cannot activate without user agreements'
51 test "activate an already-active user" do
52 authorize_with :active
53 post :activate, id: users(:active).uuid
54 assert_response :success
55 me = JSON.parse(@response.body)
56 assert_equal true, me['is_active']
59 test "respond 401 if given token exists but user record is missing" do
60 authorize_with :valid_token_deleted_user
61 get :current, {format: :json}
65 test "create new user with user as input" do
68 first_name: "test_first_name",
69 last_name: "test_last_name",
70 email: "foo@example.com"
72 assert_response :success
73 created = JSON.parse(@response.body)
74 assert_equal 'test_first_name', created['first_name']
75 assert_not_nil created['uuid'], 'expected uuid for the newly created user'
76 assert_not_nil created['email'], 'expected non-nil email'
77 assert_nil created['identity_url'], 'expected no identity_url'
80 test "create user with user, vm and repo as input" do
82 repo_name = 'test_repo'
86 openid_prefix: 'https://www.google.com/accounts/o8/id',
88 uuid: 'zzzzz-tpzed-abcdefghijklmno',
89 first_name: "in_create_test_first_name",
90 last_name: "test_last_name",
91 email: "foo@example.com"
94 assert_response :success
95 response_items = JSON.parse(@response.body)['items']
97 created = find_obj_in_resp response_items, 'User', nil
99 assert_equal 'in_create_test_first_name', created['first_name']
100 assert_not_nil created['uuid'], 'expected non-null uuid for the new user'
101 assert_equal 'zzzzz-tpzed-abcdefghijklmno', created['uuid']
102 assert_not_nil created['email'], 'expected non-nil email'
103 assert_nil created['identity_url'], 'expected no identity_url'
105 # arvados#user, repo link and link add user to 'All users' group
106 verify_num_links @all_links_at_start, 4
108 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
109 created['uuid'], created['email'], 'arvados#user', false, 'User'
111 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
112 repo_name, created['uuid'], 'arvados#repository', true, 'Repository'
114 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
115 'All users', created['uuid'], 'arvados#group', true, 'Group'
117 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
118 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
120 verify_system_group_permission_link_for created['uuid']
123 test "setup user with bogus uuid and expect error" do
124 authorize_with :admin
128 repo_name: 'test_repo',
131 response_body = JSON.parse(@response.body)
132 response_errors = response_body['errors']
133 assert_not_nil response_errors, 'Expected error in response'
134 assert (response_errors.first.include? 'Path not found'), 'Expected 404'
137 test "setup user with bogus uuid in user and expect error" do
138 authorize_with :admin
141 user: {uuid: 'bogus_uuid'},
142 repo_name: 'test_repo',
144 openid_prefix: 'https://www.google.com/accounts/o8/id'
146 response_body = JSON.parse(@response.body)
147 response_errors = response_body['errors']
148 assert_not_nil response_errors, 'Expected error in response'
149 assert (response_errors.first.include? 'ArgumentError: Require user email'),
150 'Expected RuntimeError'
153 test "setup user with no uuid and user, expect error" do
154 authorize_with :admin
157 repo_name: 'test_repo',
159 openid_prefix: 'https://www.google.com/accounts/o8/id'
161 response_body = JSON.parse(@response.body)
162 response_errors = response_body['errors']
163 assert_not_nil response_errors, 'Expected error in response'
164 assert (response_errors.first.include? 'Required uuid or user'),
165 'Expected ArgumentError'
168 test "setup user with no uuid and email, expect error" do
169 authorize_with :admin
173 repo_name: 'test_repo',
175 openid_prefix: 'https://www.google.com/accounts/o8/id'
177 response_body = JSON.parse(@response.body)
178 response_errors = response_body['errors']
179 assert_not_nil response_errors, 'Expected error in response'
180 assert (response_errors.first.include? '<ArgumentError: Require user email'),
181 'Expected ArgumentError'
184 test "invoke setup with existing uuid, vm and repo and verify links" do
185 authorize_with :admin
186 inactive_user = users(:inactive)
189 uuid: users(:inactive).uuid,
190 repo_name: 'test_repo',
194 assert_response :success
196 response_items = JSON.parse(@response.body)['items']
197 resp_obj = find_obj_in_resp response_items, 'User', nil
199 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
200 assert_equal inactive_user['uuid'], resp_obj['uuid']
201 assert_equal inactive_user['email'], resp_obj['email'],
202 'expecting inactive user email'
204 # expect repo and vm links
205 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
206 'test_repo', resp_obj['uuid'], 'arvados#repository', true, 'Repository'
208 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
209 @vm_uuid, resp_obj['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
212 test "invoke setup with existing uuid in user, verify response" do
213 authorize_with :admin
214 inactive_user = users(:inactive)
217 user: {uuid: inactive_user['uuid']},
218 openid_prefix: 'https://www.google.com/accounts/o8/id'
221 assert_response :success
223 response_items = JSON.parse(@response.body)['items']
224 resp_obj = find_obj_in_resp response_items, 'User', nil
226 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
227 assert_equal inactive_user['uuid'], resp_obj['uuid']
228 assert_equal inactive_user['email'], resp_obj['email'],
229 'expecting inactive user email'
232 test "invoke setup with existing uuid but different email, expect original email" do
233 authorize_with :admin
234 inactive_user = users(:inactive)
237 uuid: inactive_user['uuid'],
238 user: {email: 'junk_email'}
241 assert_response :success
243 response_items = JSON.parse(@response.body)['items']
244 resp_obj = find_obj_in_resp response_items, 'User', nil
246 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
247 assert_equal inactive_user['uuid'], resp_obj['uuid']
248 assert_equal inactive_user['email'], resp_obj['email'],
249 'expecting inactive user email'
252 test "setup user with valid email and repo as input" do
253 authorize_with :admin
256 repo_name: 'test_repo',
257 user: {email: 'foo@example.com'},
258 openid_prefix: 'https://www.google.com/accounts/o8/id'
261 assert_response :success
262 response_items = JSON.parse(@response.body)['items']
263 response_object = find_obj_in_resp response_items, 'User', nil
264 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
265 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
267 # four extra links; system_group, login, group and repo perms
268 verify_num_links @all_links_at_start, 4
271 test "setup user with fake vm and expect error" do
272 authorize_with :admin
275 repo_name: 'test_repo',
276 vm_uuid: 'no_such_vm',
277 user: {email: 'foo@example.com'},
278 openid_prefix: 'https://www.google.com/accounts/o8/id'
281 response_body = JSON.parse(@response.body)
282 response_errors = response_body['errors']
283 assert_not_nil response_errors, 'Expected error in response'
284 assert (response_errors.first.include? "No vm found for no_such_vm"),
285 'Expected RuntimeError: No vm found for no_such_vm'
288 test "setup user with valid email, repo and real vm as input" do
289 authorize_with :admin
292 repo_name: 'test_repo',
293 openid_prefix: 'https://www.google.com/accounts/o8/id',
295 user: {email: 'foo@example.com'}
298 assert_response :success
299 response_items = JSON.parse(@response.body)['items']
300 response_object = find_obj_in_resp response_items, 'User', nil
301 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
302 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
304 # five extra links; system_group, login, group, vm, repo
305 verify_num_links @all_links_at_start, 5
308 test "setup user with valid email, no vm and repo as input" do
309 authorize_with :admin
312 user: {email: 'foo@example.com'},
313 openid_prefix: 'https://www.google.com/accounts/o8/id'
316 assert_response :success
317 response_items = JSON.parse(@response.body)['items']
318 response_object = find_obj_in_resp response_items, 'User', nil
319 assert_not_nil response_object['uuid'], 'expected uuid for new user'
320 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
322 # three extra links; system_group, login, and group
323 verify_num_links @all_links_at_start, 3
326 test "setup user with email, first name, repo name and vm uuid" do
327 authorize_with :admin
330 openid_prefix: 'https://www.google.com/accounts/o8/id',
331 repo_name: 'test_repo',
334 first_name: 'test_first_name',
335 email: 'foo@example.com'
339 assert_response :success
340 response_items = JSON.parse(@response.body)['items']
341 response_object = find_obj_in_resp response_items, 'User', nil
342 assert_not_nil response_object['uuid'], 'expected uuid for new user'
343 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
344 assert_equal 'test_first_name', response_object['first_name'],
345 'expecting first name'
347 # five extra links; system_group, login, group, repo and vm
348 verify_num_links @all_links_at_start, 5
351 test "setup user with an exising user email and check different object is created" do
352 authorize_with :admin
353 inactive_user = users(:inactive)
356 openid_prefix: 'https://www.google.com/accounts/o8/id',
357 repo_name: 'test_repo',
359 email: inactive_user['email']
363 assert_response :success
364 response_items = JSON.parse(@response.body)['items']
365 response_object = find_obj_in_resp response_items, 'User', nil
366 assert_not_nil response_object['uuid'], 'expected uuid for new user'
367 assert_not_equal response_object['uuid'], inactive_user['uuid'],
368 'expected different uuid after create operation'
369 assert_equal inactive_user['email'], response_object['email'], 'expected given email'
370 # system_group, openid, group, and repo. No vm link.
371 verify_num_links @all_links_at_start, 4
374 test "setup user with openid prefix" do
375 authorize_with :admin
378 repo_name: 'test_repo',
379 openid_prefix: 'http://www.example.com/account',
381 first_name: "in_create_test_first_name",
382 last_name: "test_last_name",
383 email: "foo@example.com"
387 assert_response :success
389 response_items = JSON.parse(@response.body)['items']
390 created = find_obj_in_resp response_items, 'User', nil
392 assert_equal 'in_create_test_first_name', created['first_name']
393 assert_not_nil created['uuid'], 'expected uuid for new user'
394 assert_not_nil created['email'], 'expected non-nil email'
395 assert_nil created['identity_url'], 'expected no identity_url'
398 # four new links: system_group, arvados#user, repo, and 'All users' group.
399 verify_num_links @all_links_at_start, 4
401 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
402 created['uuid'], created['email'], 'arvados#user', false, 'User'
404 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
405 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
407 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
408 'All users', created['uuid'], 'arvados#group', true, 'Group'
410 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
411 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
414 test "invoke setup with no openid prefix, expect error" do
415 authorize_with :admin
418 repo_name: 'test_repo',
420 first_name: "in_create_test_first_name",
421 last_name: "test_last_name",
422 email: "foo@example.com"
426 response_body = JSON.parse(@response.body)
427 response_errors = response_body['errors']
428 assert_not_nil response_errors, 'Expected error in response'
429 assert (response_errors.first.include? 'openid_prefix parameter is missing'),
430 'Expected ArgumentError'
433 test "setup user with user, vm and repo and verify links" do
434 authorize_with :admin
438 first_name: "in_create_test_first_name",
439 last_name: "test_last_name",
440 email: "foo@example.com"
443 repo_name: 'test_repo',
444 openid_prefix: 'https://www.google.com/accounts/o8/id'
447 assert_response :success
449 response_items = JSON.parse(@response.body)['items']
450 created = find_obj_in_resp response_items, 'User', nil
452 assert_equal 'in_create_test_first_name', created['first_name']
453 assert_not_nil created['uuid'], 'expected uuid for new user'
454 assert_not_nil created['email'], 'expected non-nil email'
455 assert_nil created['identity_url'], 'expected no identity_url'
457 # five new links: system_group, arvados#user, repo, vm and 'All
459 verify_num_links @all_links_at_start, 5
461 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
462 created['uuid'], created['email'], 'arvados#user', false, 'User'
464 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
465 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
467 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
468 'All users', created['uuid'], 'arvados#group', true, 'Group'
470 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
471 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
474 test "create user as non admin user and expect error" do
475 authorize_with :active
478 user: {email: 'foo@example.com'}
481 response_body = JSON.parse(@response.body)
482 response_errors = response_body['errors']
483 assert_not_nil response_errors, 'Expected error in response'
484 assert (response_errors.first.include? 'PermissionDenied'),
485 'Expected PermissionDeniedError'
488 test "setup user as non admin user and expect error" do
489 authorize_with :active
492 openid_prefix: 'https://www.google.com/accounts/o8/id',
493 user: {email: 'foo@example.com'}
496 response_body = JSON.parse(@response.body)
497 response_errors = response_body['errors']
498 assert_not_nil response_errors, 'Expected error in response'
499 assert (response_errors.first.include? 'Forbidden'),
500 'Expected Forbidden error'
503 test "setup user in multiple steps and verify response" do
504 authorize_with :admin
507 openid_prefix: 'http://www.example.com/account',
509 email: "foo@example.com"
513 assert_response :success
514 response_items = JSON.parse(@response.body)['items']
515 created = find_obj_in_resp response_items, 'User', nil
517 assert_not_nil created['uuid'], 'expected uuid for new user'
518 assert_not_nil created['email'], 'expected non-nil email'
519 assert_equal created['email'], 'foo@example.com', 'expected input email'
521 # three new links: system_group, arvados#user, and 'All users' group.
522 verify_num_links @all_links_at_start, 3
524 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
525 created['uuid'], created['email'], 'arvados#user', false, 'User'
527 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
528 'All users', created['uuid'], 'arvados#group', true, 'Group'
530 verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
531 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
533 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
534 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
536 # invoke setup with a repository
538 openid_prefix: 'http://www.example.com/account',
539 repo_name: 'new_repo',
540 uuid: created['uuid']
543 assert_response :success
545 response_items = JSON.parse(@response.body)['items']
546 created = find_obj_in_resp response_items, 'User', nil
548 assert_equal 'foo@example.com', created['email'], 'expected input email'
551 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
552 'All users', created['uuid'], 'arvados#group', true, 'Group'
554 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
555 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository'
557 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
558 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
560 # invoke setup with a vm_uuid
563 openid_prefix: 'http://www.example.com/account',
567 uuid: created['uuid']
570 assert_response :success
572 response_items = JSON.parse(@response.body)['items']
573 created = find_obj_in_resp response_items, 'User', nil
575 assert_equal created['email'], 'foo@example.com', 'expected original email'
578 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
579 'All users', created['uuid'], 'arvados#group', true, 'Group'
581 # since no repo name in input, we won't get any; even though user has one
582 verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
583 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository'
585 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
586 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
589 test "unsetup active user" do
590 active_user = users(:active)
591 assert_not_nil active_user['uuid'], 'expected uuid for the active user'
592 assert active_user['is_active'], 'expected is_active for active user'
594 verify_link_existence active_user['uuid'], active_user['email'],
595 false, true, false, true, true
597 authorize_with :admin
599 # now unsetup this user
600 post :unsetup, id: active_user['uuid']
601 assert_response :success
603 response_user = JSON.parse(@response.body)
604 assert_not_nil response_user['uuid'], 'expected uuid for the upsetup user'
605 assert_equal active_user['uuid'], response_user['uuid'], 'expected uuid not found'
606 assert !response_user['is_active'], 'expected user to be inactive'
607 assert !response_user['is_invited'], 'expected user to be uninvited'
609 verify_link_existence response_user['uuid'], response_user['email'],
610 false, false, false, false, false
612 active_user = User.find_by_uuid(users(:active).uuid)
613 readable_groups = active_user.groups_i_can(:read)
614 all_users_group = Group.all.collect(&:uuid).select { |g| g.match /-f+$/ }
615 refute_includes(readable_groups, all_users_group,
616 "active user can read All Users group after being deactivated")
617 assert_equal(false, active_user.is_invited,
618 "active user is_invited after being deactivated & reloaded")
621 test "setup user with send notification param false and verify no email" do
622 authorize_with :admin
625 openid_prefix: 'http://www.example.com/account',
626 send_notification_email: 'false',
628 email: "foo@example.com"
632 assert_response :success
633 response_items = JSON.parse(@response.body)['items']
634 created = find_obj_in_resp response_items, 'User', nil
635 assert_not_nil created['uuid'], 'expected uuid for the new user'
636 assert_equal created['email'], 'foo@example.com', 'expected given email'
638 setup_email = ActionMailer::Base.deliveries.last
639 assert_nil setup_email, 'expected no setup email'
642 test "setup user with send notification param true and verify email" do
643 authorize_with :admin
646 openid_prefix: 'http://www.example.com/account',
647 send_notification_email: 'true',
649 email: "foo@example.com"
653 assert_response :success
654 response_items = JSON.parse(@response.body)['items']
655 created = find_obj_in_resp response_items, 'User', nil
656 assert_not_nil created['uuid'], 'expected uuid for the new user'
657 assert_equal created['email'], 'foo@example.com', 'expected given email'
659 setup_email = ActionMailer::Base.deliveries.last
660 assert_not_nil setup_email, 'Expected email after setup'
662 assert_equal Rails.configuration.user_notifier_email_from, setup_email.from[0]
663 assert_equal 'foo@example.com', setup_email.to[0]
664 assert_equal 'Welcome to Curoverse', setup_email.subject
665 assert (setup_email.body.to_s.include? 'Your Arvados account has been set up'),
666 'Expected Your Arvados account has been set up in email body'
667 assert (setup_email.body.to_s.include? 'foo@example.com'),
668 'Expected user email in email body'
669 assert (setup_email.body.to_s.include? Rails.configuration.workbench_address),
670 'Expected workbench url in email body'
673 test "non-admin user can get basic information about readable users" do
674 authorize_with :spectator
676 check_non_admin_index
677 check_readable_users_index [:spectator], [:inactive, :active]
680 test "non-admin user gets only safe attributes from users#show" do
681 g = act_as_system_user do
684 users = create_list :active_user, 2, join_groups: [g]
685 token = create :token, user: users[0]
686 authorize_with_token token
687 get :show, id: users[1].uuid
691 test "non-admin user can limit index" do
692 g = act_as_system_user do
695 users = create_list :active_user, 4, join_groups: [g]
696 token = create :token, user: users[0]
698 [2, 4].each do |limit|
699 authorize_with_token token
700 get(:index, limit: limit)
701 check_non_admin_index
702 assert_equal(limit, json_response["items"].size,
703 "non-admin index limit was ineffective")
707 test "admin has full index powers" do
708 authorize_with :admin
709 check_inactive_user_findable
712 test "reader token can grant admin index powers" do
713 authorize_with :spectator
714 check_inactive_user_findable(reader_tokens: [api_token(:admin)])
717 test "admin can filter on user.is_active" do
718 authorize_with :admin
719 get(:index, filters: [["is_active", "=", "true"]])
720 assert_response :success
721 check_readable_users_index [:active, :spectator], [:inactive]
724 test "admin can search where user.is_active" do
725 authorize_with :admin
726 get(:index, where: {is_active: true})
727 assert_response :success
728 check_readable_users_index [:active, :spectator], [:inactive]
731 test "update active_no_prefs user profile and expect notification email" do
732 authorize_with :admin
735 id: users(:active_no_prefs).uuid,
737 prefs: {:profile => {'organization' => 'example.com'}}
740 assert_response :success
743 ActionMailer::Base.deliveries.andand.each do |email|
744 if email.subject == "Profile created by #{users(:active_no_prefs).email}"
749 assert_equal true, found_email, 'Expected email after creating profile'
752 test "update active_no_prefs_profile user profile and expect notification email" do
753 authorize_with :admin
756 user[:prefs] = users(:active_no_prefs_profile).prefs
757 user[:prefs][:profile] = {:profile => {'organization' => 'example.com'}}
759 id: users(:active_no_prefs_profile).uuid,
762 assert_response :success
765 ActionMailer::Base.deliveries.andand.each do |email|
766 if email.subject == "Profile created by #{users(:active_no_prefs_profile).email}"
771 assert_equal true, found_email, 'Expected email after creating profile'
774 test "update active user profile and expect no notification email" do
775 authorize_with :admin
778 id: users(:active).uuid,
780 prefs: {:profile => {'organization' => 'anotherexample.com'}}
783 assert_response :success
786 ActionMailer::Base.deliveries.andand.each do |email|
787 if email.subject == "Profile created by #{users(:active).email}"
792 assert_equal false, found_email, 'Expected no email after updating profile'
796 NON_ADMIN_USER_DATA = ["uuid", "kind", "is_active", "email", "first_name",
799 def check_non_admin_index
800 assert_response :success
801 response_items = json_response["items"]
802 assert_not_nil response_items
803 response_items.each do |user_data|
804 check_non_admin_item user_data
805 assert(user_data["is_active"], "non-admin index returned inactive user")
809 def check_non_admin_show
810 assert_response :success
811 check_non_admin_item json_response
814 def check_non_admin_item user_data
815 assert_equal(NON_ADMIN_USER_DATA, user_data.keys.sort,
816 "data in response had missing or extra attributes")
817 assert_equal("arvados#user", user_data["kind"])
821 def check_readable_users_index expect_present, expect_missing
822 response_uuids = json_response["items"].map { |u| u["uuid"] }
823 expect_present.each do |user_key|
824 assert_includes(response_uuids, users(user_key).uuid,
825 "#{user_key} missing from index")
827 expect_missing.each do |user_key|
828 refute_includes(response_uuids, users(user_key).uuid,
829 "#{user_key} included in index")
833 def check_inactive_user_findable(params={})
834 inactive_user = users(:inactive)
835 get(:index, params.merge(filters: [["email", "=", inactive_user.email]]))
836 assert_response :success
837 user_list = json_response["items"]
838 assert_equal(1, user_list.andand.count)
839 # This test needs to check a column non-admins have no access to,
840 # to ensure that admins see all user information.
841 assert_equal(inactive_user.identity_url, user_list.first["identity_url"],
842 "admin's filtered index did not return inactive user")
845 def verify_num_links (original_links, expected_additional_links)
847 assert_equal expected_additional_links, Link.all.size-original_links.size,
848 "Expected #{expected_additional_links.inspect} more links"
851 def find_obj_in_resp (response_items, object_type, head_kind=nil)
854 response_items.each { |x|
859 if object_type == 'User'
860 if ArvadosModel::resource_class_for_uuid(x['uuid']) == User
864 else # looking for a link
865 if x['head_uuid'] and ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind
874 def verify_link(response_items, link_object_name, expect_link, link_class,
875 link_name, head_uuid, tail_uuid, head_kind, fetch_object, class_name)
877 link = find_obj_in_resp response_items, 'Link', link_object_name
880 assert_nil link, "Expected no link for #{link_object_name}"
884 assert_not_nil link, "Expected link for #{link_object_name}"
887 object = Object.const_get(class_name).where(name: head_uuid)
888 assert [] != object, "expected #{class_name} with name #{head_uuid}"
889 head_uuid = object.first[:uuid]
891 assert_equal link_class, link['link_class'],
892 "did not find expected link_class for #{link_object_name}"
894 assert_equal link_name, link['name'],
895 "did not find expected link_name for #{link_object_name}"
897 assert_equal tail_uuid, link['tail_uuid'],
898 "did not find expected tail_uuid for #{link_object_name}"
900 assert_equal head_kind, link['head_kind'],
901 "did not find expected head_kind for #{link_object_name}"
903 assert_equal head_uuid, link['head_uuid'],
904 "did not find expected head_uuid for #{link_object_name}"
907 def verify_link_existence uuid, email, expect_oid_login_perms,
908 expect_repo_perms, expect_vm_perms, expect_group_perms, expect_signatures
909 # verify that all links are deleted for the user
910 oid_login_perms = Link.where(tail_uuid: email,
911 link_class: 'permission',
912 name: 'can_login').where("head_uuid like ?", User.uuid_like_pattern)
913 if expect_oid_login_perms
914 assert oid_login_perms.any?, "expected oid_login_perms"
916 assert !oid_login_perms.any?, "expected all oid_login_perms deleted"
919 repo_perms = Link.where(tail_uuid: uuid,
920 link_class: 'permission',
921 name: 'can_manage').where("head_uuid like ?", Repository.uuid_like_pattern)
923 assert repo_perms.any?, "expected repo_perms"
925 assert !repo_perms.any?, "expected all repo_perms deleted"
928 vm_login_perms = Link.
929 where(tail_uuid: uuid,
930 link_class: 'permission',
932 where("head_uuid like ?",
933 VirtualMachine.uuid_like_pattern).
935 links(:auto_setup_vm_login_username_can_login_to_test_vm).uuid)
937 assert vm_login_perms.any?, "expected vm_login_perms"
939 assert !vm_login_perms.any?, "expected all vm_login_perms deleted"
942 group = Group.where(name: 'All users').select do |g|
943 g[:uuid].match /-f+$/
945 group_read_perms = Link.where(tail_uuid: uuid,
946 head_uuid: group[:uuid],
947 link_class: 'permission',
949 if expect_group_perms
950 assert group_read_perms.any?, "expected all users group read perms"
952 assert !group_read_perms.any?, "expected all users group perm deleted"
955 signed_uuids = Link.where(link_class: 'signature',
959 assert signed_uuids.any?, "expected signatures"
961 assert !signed_uuids.any?, "expected all signatures deleted"
966 def verify_system_group_permission_link_for user_uuid
967 assert_equal 1, Link.where(link_class: 'permission',
969 tail_uuid: system_group_uuid,
970 head_uuid: user_uuid).count