3 class Arvados::V1::GroupsControllerTest < ActionController::TestCase
5 test "attempt to delete group without read or write access" do
7 post :destroy, id: groups(:empty_lonely_group).uuid
11 test "attempt to delete group without write access" do
12 authorize_with :active
13 post :destroy, id: groups(:all_users).uuid
17 test "get list of projects" do
18 authorize_with :active
19 get :index, filters: [['group_class', '=', 'project']], format: :json
20 assert_response :success
22 json_response['items'].each do |group|
23 assert_equal 'project', group['group_class']
24 group_uuids << group['uuid']
26 assert_includes group_uuids, groups(:aproject).uuid
27 assert_includes group_uuids, groups(:asubproject).uuid
28 assert_not_includes group_uuids, groups(:system_group).uuid
29 assert_not_includes group_uuids, groups(:private).uuid
32 test "get list of groups that are not projects" do
33 authorize_with :active
34 get :index, filters: [['group_class', '!=', 'project']], format: :json
35 assert_response :success
37 json_response['items'].each do |group|
38 assert_not_equal 'project', group['group_class']
39 group_uuids << group['uuid']
41 assert_not_includes group_uuids, groups(:aproject).uuid
42 assert_not_includes group_uuids, groups(:asubproject).uuid
43 assert_includes group_uuids, groups(:private).uuid
46 test "get list of groups with bogus group_class" do
47 authorize_with :active
49 filters: [['group_class', '=', 'nogrouphasthislittleclass']],
52 assert_response :success
53 assert_equal [], json_response['items']
54 assert_equal 0, json_response['items_available']
57 def check_project_contents_response
58 assert_response :success
59 assert_operator 2, :<=, json_response['items_available']
60 assert_operator 2, :<=, json_response['items'].count
61 kinds = json_response['items'].collect { |i| i['kind'] }.uniq
62 expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job'
63 assert_equal expect_kinds, (expect_kinds & kinds)
65 json_response['items'].each do |i|
66 if i['kind'] == 'arvados#group'
67 assert(i['group_class'] == 'project',
68 "group#contents returned a non-project group")
73 test 'get group-owned objects' do
74 authorize_with :active
76 id: groups(:aproject).uuid,
80 check_project_contents_response
83 test "user with project read permission can see project objects" do
84 authorize_with :project_viewer
86 id: groups(:aproject).uuid,
90 check_project_contents_response
93 test "list objects across projects" do
94 authorize_with :project_viewer
97 filters: [['uuid', 'is_a', 'arvados#specimen']]
99 assert_response :success
100 found_uuids = json_response['items'].collect { |i| i['uuid'] }
101 [[:in_aproject, true],
102 [:in_asubproject, true],
103 [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
105 assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
107 refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
112 test "list objects in home project" do
113 authorize_with :active
116 id: users(:active).uuid
118 assert_response :success
119 found_uuids = json_response['items'].collect { |i| i['uuid'] }
120 assert_includes found_uuids, specimens(:owned_by_active_user).uuid, "specimen did not appear in home project"
121 refute_includes found_uuids, specimens(:in_asubproject).uuid, "specimen appeared unexpectedly in home project"
124 test "user with project read permission can see project collections" do
125 authorize_with :project_viewer
127 id: groups(:asubproject).uuid,
130 ids = json_response['items'].map { |item| item["uuid"] }
131 assert_includes ids, collections(:baz_file_in_asubproject).uuid
134 test "user with project read permission can sort project collections ascending, ignoring case" do
135 authorize_with :project_viewer
137 id: groups(:asubproject).uuid,
139 filters: [['uuid', 'is_a', "arvados#collection"]],
140 order: 'collections.name asc'
142 sorted_entries = json_response['items'].collect { |item| item["name"].downcase }
144 sorted_entries.each do |entry|
145 assert_operator( previous, :<=, entry) if previous
150 test "user with project read permission can sort project collections descending, ignoring case" do
151 authorize_with :project_viewer
153 id: groups(:asubproject).uuid,
155 filters: [['uuid', 'is_a', "arvados#collection"]],
156 order: 'collections.name desc'
158 sorted_entries = json_response['items'].collect { |item| item["name"].downcase }
160 sorted_entries.each do |entry|
161 assert_operator( previous, :>=, entry) if previous
166 test 'list objects across multiple projects' do
167 authorize_with :project_viewer
170 include_linked: false,
171 filters: [['uuid', 'is_a', 'arvados#specimen']]
173 assert_response :success
174 found_uuids = json_response['items'].collect { |i| i['uuid'] }
175 [[:in_aproject, true],
176 [:in_asubproject, true],
177 [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
179 assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
181 refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
186 # Even though the project_viewer tests go through other controllers,
187 # I'm putting them here so they're easy to find alongside the other
189 def check_new_project_link_fails(link_attrs)
190 @controller = Arvados::V1::LinksController.new
191 post :create, link: {
192 link_class: "permission",
194 head_uuid: groups(:aproject).uuid,
196 assert_includes(403..422, response.status)
199 test "user with project read permission can't add users to it" do
200 authorize_with :project_viewer
201 check_new_project_link_fails(tail_uuid: users(:spectator).uuid)
204 test "user with project read permission can't add items to it" do
205 authorize_with :project_viewer
206 check_new_project_link_fails(tail_uuid: collections(:baz_file).uuid)
209 test "user with project read permission can't rename items in it" do
210 authorize_with :project_viewer
211 @controller = Arvados::V1::LinksController.new
213 id: jobs(:running).uuid,
214 name: "Denied test name",
216 assert_includes(403..404, response.status)
219 test "user with project read permission can't remove items from it" do
220 @controller = Arvados::V1::PipelineTemplatesController.new
221 authorize_with :project_viewer
223 id: pipeline_templates(:two_part).uuid,
225 owner_uuid: users(:project_viewer).uuid,
231 test "user with project read permission can't delete it" do
232 authorize_with :project_viewer
233 post :destroy, {id: groups(:aproject).uuid}
237 test 'get group-owned objects with limit' do
238 authorize_with :active
240 id: groups(:aproject).uuid,
244 assert_response :success
245 assert_operator 1, :<, json_response['items_available']
246 assert_equal 1, json_response['items'].count
249 test 'get group-owned objects with limit and offset' do
250 authorize_with :active
252 id: groups(:aproject).uuid,
257 assert_response :success
258 assert_operator 1, :<, json_response['items_available']
259 assert_equal 0, json_response['items'].count
262 test 'get group-owned objects with additional filter matching nothing' do
263 authorize_with :active
265 id: groups(:aproject).uuid,
266 filters: [['uuid', 'in', ['foo_not_a_uuid','bar_not_a_uuid']]],
269 assert_response :success
270 assert_equal [], json_response['items']
271 assert_equal 0, json_response['items_available']
274 %w(offset limit).each do |arg|
275 ['foo', '', '1234five', '0x10', '-8'].each do |val|
276 test "Raise error on bogus #{arg} parameter #{val.inspect}" do
277 authorize_with :active
279 :id => groups(:aproject).uuid,
288 test 'get writable_by list for owned group' do
289 authorize_with :active
291 id: groups(:aproject).uuid,
294 assert_response :success
295 assert_not_nil(json_response['writable_by'],
296 "Should receive uuid list in 'writable_by' field")
297 assert_includes(json_response['writable_by'], users(:active).uuid,
298 "owner should be included in writable_by list")
301 test 'no writable_by list for group with read-only access' do
302 authorize_with :rominiadmin
304 id: groups(:testusergroup_admins).uuid,
307 assert_response :success
308 assert_equal([json_response['owner_uuid']],
309 json_response['writable_by'],
310 "Should only see owner_uuid in 'writable_by' field")
313 test 'get writable_by list by admin user' do
314 authorize_with :admin
316 id: groups(:testusergroup_admins).uuid,
319 assert_response :success
320 assert_not_nil(json_response['writable_by'],
321 "Should receive uuid list in 'writable_by' field")
322 assert_includes(json_response['writable_by'],
324 "Current user should be included in 'writable_by' field")
327 test 'creating subproject with duplicate name fails' do
328 authorize_with :active
332 owner_uuid: users(:active).uuid,
333 group_class: 'project',
337 response_errors = json_response['errors']
338 assert_not_nil response_errors, 'Expected error in response'
339 assert(response_errors.first.include?('duplicate key'),
340 "Expected 'duplicate key' error in #{response_errors.first}")
343 test 'creating duplicate named subproject succeeds with ensure_unique_name' do
344 authorize_with :active
348 owner_uuid: users(:active).uuid,
349 group_class: 'project',
351 ensure_unique_name: true
353 assert_response :success
354 new_project = json_response
355 assert_not_equal(new_project['uuid'],
356 groups(:aproject).uuid,
357 "create returned same uuid as existing project")
358 assert_equal(new_project['name'],
360 "new project name '#{new_project['name']}' was expected to be 'A Project (2)'")