1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
7 class GroupTest < ActiveSupport::TestCase
9 test "cannot set owner_uuid to object with existing ownership cycle" do
10 set_user_from_auth :active_trustedclient
12 # First make sure we have lots of permission on the bad group by
13 # renaming it to "{current name} is mine all mine"
14 g = groups(:bad_group_has_ownership_cycle_b)
15 g.name += " is mine all mine"
16 assert g.save, "active user should be able to modify group #{g.uuid}"
18 # Use the group as the owner of a new object
20 create(owner_uuid: groups(:bad_group_has_ownership_cycle_b).uuid)
21 assert s.valid?, "ownership should pass validation #{s.errors.messages}"
22 assert_equal false, s.save, "should not save object with #{g.uuid} as owner"
24 # Use the group as the new owner of an existing object
25 s = specimens(:in_aproject)
26 s.owner_uuid = groups(:bad_group_has_ownership_cycle_b).uuid
27 assert s.valid?, "ownership should pass validation"
28 assert_equal false, s.save, "should not save object with #{g.uuid} as owner"
31 test "cannot create a new ownership cycle" do
32 set_user_from_auth :active_trustedclient
34 g_foo = Group.create!(name: "foo")
35 g_bar = Group.create!(name: "bar")
37 g_foo.owner_uuid = g_bar.uuid
38 assert g_foo.save, lambda { g_foo.errors.messages }
39 g_bar.owner_uuid = g_foo.uuid
40 assert g_bar.valid?, "ownership cycle should not prevent validation"
41 assert_equal false, g_bar.save, "should not create an ownership loop"
42 assert g_bar.errors.messages[:owner_uuid].join(" ").match(/ownership cycle/)
45 test "cannot create a single-object ownership cycle" do
46 set_user_from_auth :active_trustedclient
48 g_foo = Group.create!(name: "foo")
51 # Ensure I have permission to manage this group even when its owner changes
52 perm_link = Link.create!(tail_uuid: users(:active).uuid,
53 head_uuid: g_foo.uuid,
54 link_class: 'permission',
58 g_foo.owner_uuid = g_foo.uuid
59 assert_equal false, g_foo.save, "should not create an ownership loop"
60 assert g_foo.errors.messages[:owner_uuid].join(" ").match(/ownership cycle/)
63 test "delete group hides contents" do
64 set_user_from_auth :active_trustedclient
66 g_foo = Group.create!(name: "foo")
67 col = Collection.create!(owner_uuid: g_foo.uuid)
69 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?
70 g_foo.update! is_trashed: true
71 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).empty?
72 assert Collection.readable_by(users(:active), {:include_trash => true}).where(uuid: col.uuid).any?
73 g_foo.update! is_trashed: false
74 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?
77 test "delete group" do
78 set_user_from_auth :active_trustedclient
80 g_foo = Group.create!(name: "foo")
81 g_bar = Group.create!(name: "bar", owner_uuid: g_foo.uuid)
82 g_baz = Group.create!(name: "baz", owner_uuid: g_bar.uuid)
84 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
85 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
86 assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).any?
87 g_foo.update! is_trashed: true
88 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).empty?
89 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).empty?
90 assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
92 assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_foo.uuid).any?
93 assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_bar.uuid).any?
94 assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_baz.uuid).any?
98 test "delete subgroup" do
99 set_user_from_auth :active_trustedclient
101 g_foo = Group.create!(name: "foo")
102 g_bar = Group.create!(name: "bar", owner_uuid: g_foo.uuid)
103 g_baz = Group.create!(name: "baz", owner_uuid: g_bar.uuid)
105 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
106 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
107 assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).any?
108 g_bar.update! is_trashed: true
110 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
111 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).empty?
112 assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
114 assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_bar.uuid).any?
115 assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_baz.uuid).any?
118 test "delete subsubgroup" do
119 set_user_from_auth :active_trustedclient
121 g_foo = Group.create!(name: "foo")
122 g_bar = Group.create!(name: "bar", owner_uuid: g_foo.uuid)
123 g_baz = Group.create!(name: "baz", owner_uuid: g_bar.uuid)
125 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
126 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
127 assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).any?
128 g_baz.update! is_trashed: true
129 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
130 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
131 assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
132 assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_baz.uuid).any?
136 test "delete group propagates to subgroups" do
137 set_user_from_auth :active_trustedclient
139 g_foo = groups(:trashed_project)
140 g_bar = groups(:trashed_subproject)
141 g_baz = groups(:trashed_subproject3)
142 col = collections(:collection_in_trashed_subproject)
144 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).empty?
145 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).empty?
146 assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
147 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).empty?
149 set_user_from_auth :admin
150 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).empty?
151 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).empty?
152 assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
153 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).empty?
155 set_user_from_auth :active_trustedclient
156 g_foo.update! is_trashed: false
157 assert Group.readable_by(users(:active)).where(uuid: g_foo.uuid).any?
158 assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
159 assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?
161 # this one should still be deleted.
162 assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
164 g_baz.update! is_trashed: false
165 assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).any?
168 test "trashed does not propagate across permission links" do
169 set_user_from_auth :admin
171 g_foo = Group.create!(name: "foo")
172 u_bar = User.create!(first_name: "bar")
174 assert Group.readable_by(users(:admin)).where(uuid: g_foo.uuid).any?
175 assert User.readable_by(users(:admin)).where(uuid: u_bar.uuid).any?
176 g_foo.update! is_trashed: true
178 assert Group.readable_by(users(:admin)).where(uuid: g_foo.uuid).empty?
179 assert User.readable_by(users(:admin)).where(uuid: u_bar.uuid).any?
181 g_foo.update! is_trashed: false
182 ln = Link.create!(tail_uuid: g_foo.uuid,
183 head_uuid: u_bar.uuid,
184 link_class: "permission",
186 g_foo.update! is_trashed: true
188 assert Group.readable_by(users(:admin)).where(uuid: g_foo.uuid).empty?
189 assert User.readable_by(users(:admin)).where(uuid: u_bar.uuid).any?
projects / arvados.git / blob