1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
7 class Arvados::V1::GroupsControllerTest < ActionController::TestCase
9 test "attempt to delete group that cannot be seen" do
10 Rails.configuration.Users.RoleGroupsVisibleToAll = false
11 authorize_with :active
12 post :destroy, params: {id: groups(:empty_lonely_group).uuid}
16 test "attempt to delete group without read or write access" do
17 authorize_with :active
18 post :destroy, params: {id: groups(:empty_lonely_group).uuid}
22 test "attempt to delete group without write access" do
23 authorize_with :active
24 post :destroy, params: {id: groups(:all_users).uuid}
28 test "get list of projects" do
29 authorize_with :active
30 get :index, params: {filters: [['group_class', '=', 'project']], format: :json}
31 assert_response :success
33 json_response['items'].each do |group|
34 assert_equal 'project', group['group_class']
35 group_uuids << group['uuid']
37 assert_includes group_uuids, groups(:aproject).uuid
38 assert_includes group_uuids, groups(:asubproject).uuid
39 assert_includes group_uuids, groups(:private).uuid
40 assert_not_includes group_uuids, groups(:system_group).uuid
41 assert_not_includes group_uuids, groups(:private_and_can_read_foofile).uuid
44 test "get list of groups that are not projects" do
45 authorize_with :active
46 get :index, params: {filters: [['group_class', '!=', 'project']], format: :json}
47 assert_response :success
49 json_response['items'].each do |group|
50 assert_not_equal 'project', group['group_class']
51 group_uuids << group['uuid']
53 assert_not_includes group_uuids, groups(:aproject).uuid
54 assert_not_includes group_uuids, groups(:asubproject).uuid
57 test "get list of groups with bogus group_class" do
58 authorize_with :active
60 filters: [['group_class', '=', 'nogrouphasthislittleclass']],
63 assert_response :success
64 assert_equal [], json_response['items']
65 assert_equal 0, json_response['items_available']
68 def check_project_contents_response disabled_kinds=[]
69 assert_response :success
70 assert_operator 2, :<=, json_response['items_available']
71 assert_operator 2, :<=, json_response['items'].count
72 kinds = json_response['items'].collect { |i| i['kind'] }.uniq
73 expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job' - disabled_kinds
74 assert_equal expect_kinds, (expect_kinds & kinds)
76 json_response['items'].each do |i|
77 if i['kind'] == 'arvados#group'
78 assert(i['group_class'] == 'project',
79 "group#contents returned a non-project group")
83 disabled_kinds.each do |d|
84 assert_equal true, !kinds.include?(d)
88 test 'get group-owned objects' do
89 authorize_with :active
90 get :contents, params: {
91 id: groups(:aproject).uuid,
94 check_project_contents_response
97 test "user with project read permission can see project objects" do
98 authorize_with :project_viewer
99 get :contents, params: {
100 id: groups(:aproject).uuid,
103 check_project_contents_response
106 test "list objects across projects" do
107 authorize_with :project_viewer
108 get :contents, params: {
110 filters: [['uuid', 'is_a', 'arvados#specimen']]
112 assert_response :success
113 found_uuids = json_response['items'].collect { |i| i['uuid'] }
114 [[:in_aproject, true],
115 [:in_asubproject, true],
116 [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
118 assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
120 refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
125 test "list trashed collections and projects" do
126 authorize_with :active
127 get(:contents, params: {
131 ['uuid', 'is_a', ['arvados#collection', 'arvados#group']],
132 ['is_trashed', '=', true],
136 assert_response :success
137 found_uuids = json_response['items'].collect { |i| i['uuid'] }
138 assert_includes found_uuids, groups(:trashed_project).uuid
139 refute_includes found_uuids, groups(:aproject).uuid
140 assert_includes found_uuids, collections(:expired_collection).uuid
141 refute_includes found_uuids, collections(:w_a_z_file).uuid
144 test "list objects in home project" do
145 authorize_with :active
146 get :contents, params: {
149 id: users(:active).uuid
151 assert_response :success
152 found_uuids = json_response['items'].collect { |i| i['uuid'] }
153 assert_includes found_uuids, specimens(:owned_by_active_user).uuid, "specimen did not appear in home project"
154 refute_includes found_uuids, specimens(:in_asubproject).uuid, "specimen appeared unexpectedly in home project"
157 test "list collections in home project" do
158 authorize_with :active
159 get(:contents, params: {
162 ['uuid', 'is_a', 'arvados#collection'],
165 id: users(:active).uuid,
167 assert_response :success
168 found_uuids = json_response['items'].collect { |i| i['uuid'] }
169 assert_includes found_uuids, collections(:collection_owned_by_active).uuid, "collection did not appear in home project"
170 refute_includes found_uuids, collections(:collection_owned_by_active_past_version_1).uuid, "collection appeared unexpectedly in home project"
173 test "list collections in home project, including old versions" do
174 authorize_with :active
175 get(:contents, params: {
177 include_old_versions: true,
179 ['uuid', 'is_a', 'arvados#collection'],
182 id: users(:active).uuid,
184 assert_response :success
185 found_uuids = json_response['items'].collect { |i| i['uuid'] }
186 assert_includes found_uuids, collections(:collection_owned_by_active).uuid, "collection did not appear in home project"
187 assert_includes found_uuids, collections(:collection_owned_by_active_past_version_1).uuid, "old collection version did not appear in home project"
190 test "user with project read permission can see project collections" do
191 authorize_with :project_viewer
192 get :contents, params: {
193 id: groups(:asubproject).uuid,
196 ids = json_response['items'].map { |item| item["uuid"] }
197 assert_includes ids, collections(:baz_file_in_asubproject).uuid
201 ['collections.name', 'asc', :<=, "name"],
202 ['collections.name', 'desc', :>=, "name"],
203 ['name', 'asc', :<=, "name"],
204 ['name', 'desc', :>=, "name"],
205 ['collections.created_at', 'asc', :<=, "created_at"],
206 ['collections.created_at', 'desc', :>=, "created_at"],
207 ['created_at', 'asc', :<=, "created_at"],
208 ['created_at', 'desc', :>=, "created_at"],
209 ].each do |column, order, operator, field|
210 test "user with project read permission can sort projects on #{column} #{order}" do
211 authorize_with :project_viewer
212 get :contents, params: {
213 id: groups(:asubproject).uuid,
215 filters: [['uuid', 'is_a', "arvados#collection"]],
216 order: "#{column} #{order}"
218 sorted_values = json_response['items'].collect { |item| item[field] }
220 # Here we avoid assuming too much about the database
221 # collation. Both "alice"<"Bob" and "alice">"Bob" can be
222 # correct. Hopefully it _is_ safe to assume that if "a" comes
223 # before "b" in the ascii alphabet, "aX">"bY" is never true for
224 # any strings X and Y.
225 reliably_sortable_names = sorted_values.select do |name|
226 name[0] >= 'a' && name[0] <= 'z'
230 # Preserve order of sorted_values. But do not use &=. If
231 # sorted_values has out-of-order duplicates, we want to preserve
232 # them here, so we can detect them and fail the test below.
233 sorted_values.select! do |name|
234 reliably_sortable_names.include? name
237 assert_sorted(operator, sorted_values)
241 def assert_sorted(operator, sorted_items)
242 actually_checked_anything = false
244 sorted_items.each do |entry|
246 assert_operator(previous, operator, entry,
247 "Entries sorted incorrectly.")
248 actually_checked_anything = true
252 assert actually_checked_anything, "Didn't even find two items to compare."
255 # Even though the project_viewer tests go through other controllers,
256 # I'm putting them here so they're easy to find alongside the other
258 def check_new_project_link_fails(link_attrs)
259 @controller = Arvados::V1::LinksController.new
260 post :create, params: {
262 link_class: "permission",
264 head_uuid: groups(:aproject).uuid,
267 assert_includes(403..422, response.status)
270 test "user with project read permission can't add users to it" do
271 authorize_with :project_viewer
272 check_new_project_link_fails(tail_uuid: users(:spectator).uuid)
275 test "user with project read permission can't add items to it" do
276 authorize_with :project_viewer
277 check_new_project_link_fails(tail_uuid: collections(:baz_file).uuid)
280 test "user with project read permission can't rename items in it" do
281 authorize_with :project_viewer
282 @controller = Arvados::V1::LinksController.new
283 post :update, params: {
284 id: jobs(:running).uuid,
285 name: "Denied test name",
287 assert_includes(403..404, response.status)
290 test "user with project read permission can't remove items from it" do
291 @controller = Arvados::V1::PipelineTemplatesController.new
292 authorize_with :project_viewer
293 post :update, params: {
294 id: pipeline_templates(:two_part).uuid,
296 owner_uuid: users(:project_viewer).uuid,
302 test "user with project read permission can't delete it" do
303 authorize_with :project_viewer
304 post :destroy, params: {id: groups(:aproject).uuid}
308 test 'get group-owned objects with limit' do
309 authorize_with :active
310 get :contents, params: {
311 id: groups(:aproject).uuid,
315 assert_response :success
316 assert_operator 1, :<, json_response['items_available']
317 assert_equal 1, json_response['items'].count
320 test 'get group-owned objects with limit and offset' do
321 authorize_with :active
322 get :contents, params: {
323 id: groups(:aproject).uuid,
328 assert_response :success
329 assert_operator 1, :<, json_response['items_available']
330 assert_equal 0, json_response['items'].count
333 test 'get group-owned objects with additional filter matching nothing' do
334 authorize_with :active
335 get :contents, params: {
336 id: groups(:aproject).uuid,
337 filters: [['uuid', 'in', ['foo_not_a_uuid','bar_not_a_uuid']]],
340 assert_response :success
341 assert_equal [], json_response['items']
342 assert_equal 0, json_response['items_available']
345 %w(offset limit).each do |arg|
346 ['foo', '', '1234five', '0x10', '-8'].each do |val|
347 test "Raise error on bogus #{arg} parameter #{val.inspect}" do
348 authorize_with :active
349 get :contents, params: {
350 :id => groups(:aproject).uuid,
359 test "Collection contents don't include manifest_text or unsigned_manifest_text" do
360 authorize_with :active
361 get :contents, params: {
362 id: groups(:aproject).uuid,
363 filters: [["uuid", "is_a", "arvados#collection"]],
366 assert_response :success
367 refute(json_response["items"].any? { |c| not c["portable_data_hash"] },
368 "response included an item without a portable data hash")
369 refute(json_response["items"].any? { |c| c.include?("manifest_text") },
370 "response included an item with manifest_text")
371 refute(json_response["items"].any? { |c| c.include?("unsigned_manifest_text") },
372 "response included an item with unsigned_manifest_text")
375 test 'get writable_by list for owned group' do
376 authorize_with :active
378 id: groups(:aproject).uuid,
381 assert_response :success
382 assert_not_nil(json_response['writable_by'],
383 "Should receive uuid list in 'writable_by' field")
384 assert_includes(json_response['writable_by'], users(:active).uuid,
385 "owner should be included in writable_by list")
388 test 'no writable_by list for group with read-only access' do
389 authorize_with :rominiadmin
391 id: groups(:testusergroup_admins).uuid,
394 assert_response :success
395 assert_equal([json_response['owner_uuid']],
396 json_response['writable_by'],
397 "Should only see owner_uuid in 'writable_by' field")
400 test 'get writable_by list by admin user' do
401 authorize_with :admin
403 id: groups(:testusergroup_admins).uuid,
406 assert_response :success
407 assert_not_nil(json_response['writable_by'],
408 "Should receive uuid list in 'writable_by' field")
409 assert_includes(json_response['writable_by'],
411 "Current user should be included in 'writable_by' field")
414 test 'creating subproject with duplicate name fails' do
415 authorize_with :active
416 post :create, params: {
419 owner_uuid: users(:active).uuid,
420 group_class: 'project',
424 response_errors = json_response['errors']
425 assert_not_nil response_errors, 'Expected error in response'
426 assert(response_errors.first.include?('duplicate key'),
427 "Expected 'duplicate key' error in #{response_errors.first}")
430 test 'creating duplicate named subproject succeeds with ensure_unique_name' do
431 authorize_with :active
432 post :create, params: {
435 owner_uuid: users(:active).uuid,
436 group_class: 'project',
438 ensure_unique_name: true
440 assert_response :success
441 new_project = json_response
442 assert_not_equal(new_project['uuid'],
443 groups(:aproject).uuid,
444 "create returned same uuid as existing project")
445 assert_match(/^A Project \(\d{4}-\d\d-\d\dT\d\d:\d\d:\d\d\.\d{3}Z\)$/,
450 [['owner_uuid', '!=', 'zzzzz-tpzed-xurymjxw79nv3jz'], 200,
451 'zzzzz-d1hrv-subprojpipeline', 'zzzzz-d1hrv-1xfj6xkicf2muk2'],
452 [["pipeline_instances.state", "not in", ["Complete", "Failed"]], 200,
453 'zzzzz-d1hrv-1xfj6xkicf2muk2', 'zzzzz-d1hrv-i3e77t9z5y8j9cc'],
454 [['container_requests.requesting_container_uuid', '=', nil], 200,
455 'zzzzz-xvhdp-cr4queuedcontnr', 'zzzzz-xvhdp-cr4requestercn2'],
456 [['container_requests.no_such_column', '=', nil], 422],
457 [['container_requests.', '=', nil], 422],
458 [['.requesting_container_uuid', '=', nil], 422],
459 [['no_such_table.uuid', '!=', 'zzzzz-tpzed-xurymjxw79nv3jz'], 422],
460 ].each do |filter, expect_code, expect_uuid, not_expect_uuid|
461 test "get contents with '#{filter}' filter" do
462 authorize_with :active
463 get :contents, params: {filters: [filter], format: :json}
464 assert_response expect_code
465 if expect_code == 200
466 assert_not_empty json_response['items']
467 item_uuids = json_response['items'].collect {|item| item['uuid']}
468 assert_includes(item_uuids, expect_uuid)
469 assert_not_includes(item_uuids, not_expect_uuid)
474 test 'get contents with jobs and pipeline instances disabled' do
475 Rails.configuration.API.DisabledAPIs = ConfigLoader.to_OrderedOptions(
476 {'jobs.index'=>{}, 'pipeline_instances.index'=>{}})
478 authorize_with :active
479 get :contents, params: {
480 id: groups(:aproject).uuid,
483 check_project_contents_response %w'arvados#pipelineInstance arvados#job'
486 test 'get contents with low max_index_database_read' do
487 # Some result will certainly have at least 12 bytes in a
489 Rails.configuration.API.MaxIndexDatabaseRead = 12
490 authorize_with :active
491 get :contents, params: {
492 id: groups(:aproject).uuid,
495 assert_response :success
496 assert_not_empty(json_response['items'])
497 assert_operator(json_response['items'].count,
498 :<, json_response['items_available'])
501 test 'get contents, recursive=true' do
502 authorize_with :active
504 id: groups(:aproject).uuid,
508 get :contents, params: params
509 owners = json_response['items'].map do |item|
512 assert_includes(owners, groups(:aproject).uuid)
513 assert_includes(owners, groups(:asubproject).uuid)
516 [false, nil].each do |recursive|
517 test "get contents, recursive=#{recursive.inspect}" do
518 authorize_with :active
520 id: groups(:aproject).uuid,
523 params[:recursive] = false if recursive == false
524 get :contents, params: params
525 owners = json_response['items'].map do |item|
528 assert_includes(owners, groups(:aproject).uuid)
529 refute_includes(owners, groups(:asubproject).uuid)
533 test 'get home project contents, recursive=true' do
534 authorize_with :active
535 get :contents, params: {
536 id: users(:active).uuid,
540 owners = json_response['items'].map do |item|
543 assert_includes(owners, users(:active).uuid)
544 assert_includes(owners, groups(:aproject).uuid)
545 assert_includes(owners, groups(:asubproject).uuid)
548 [:afiltergroup, :private_role].each do |grp|
549 test "delete non-project group #{grp}" do
550 authorize_with :admin
551 assert_not_nil Group.find_by_uuid(groups(grp).uuid)
552 assert !Group.find_by_uuid(groups(grp).uuid).is_trashed
553 post :destroy, params: {
554 id: groups(grp).uuid,
557 assert_response :success
558 # Should not be trashed
559 assert_nil Group.find_by_uuid(groups(grp).uuid)
564 [false, :inactive, :private_role, false],
565 [false, :spectator, :private_role, false],
566 [false, :admin, :private_role, true],
567 [true, :inactive, :private_role, false],
568 [true, :spectator, :private_role, true],
569 [true, :admin, :private_role, true],
570 # project (non-role) groups are invisible even when RoleGroupsVisibleToAll is true
571 [true, :inactive, :private, false],
572 [true, :spectator, :private, false],
573 [true, :admin, :private, true],
574 ].each do |visibleToAll, userFixture, groupFixture, visible|
575 test "with RoleGroupsVisibleToAll=#{visibleToAll}, #{groupFixture} group is #{visible ? '' : 'in'}visible to #{userFixture} user" do
576 Rails.configuration.Users.RoleGroupsVisibleToAll = visibleToAll
577 authorize_with userFixture
578 get :show, params: {id: groups(groupFixture).uuid, format: :json}
580 assert_response :success
587 ### trashed project tests ###
592 # trashed_project (zzzzz-j7d0g-trashedproject1)
593 # trashed_subproject (zzzzz-j7d0g-trashedproject2)
594 # trashed_subproject3 (zzzzz-j7d0g-trashedproject3)
595 # zzzzz-xvhdp-cr5trashedcontr
598 :admin].each do |auth|
599 # project: to query, to untrash, is visible, parent contents listing success
601 [:trashed_project, [], false, true],
602 [:trashed_project, [:trashed_project], true, true],
603 [:trashed_subproject, [], false, false],
604 [:trashed_subproject, [:trashed_project], true, true],
605 [:trashed_subproject3, [:trashed_project], false, true],
606 [:trashed_subproject3, [:trashed_subproject3], false, false],
607 [:trashed_subproject3, [:trashed_project, :trashed_subproject3], true, true],
608 ].each do |project, untrash, visible, success|
610 test "contents listing #{project} #{untrash} as #{auth}" do
613 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
615 get :contents, params: {
616 id: groups(project).owner_uuid,
620 assert_response :success
621 item_uuids = json_response['items'].map do |item|
625 assert_includes(item_uuids, groups(project).uuid)
627 assert_not_includes(item_uuids, groups(project).uuid)
634 test "contents of #{project} #{untrash} as #{auth}" do
637 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
639 get :contents, params: {
640 id: groups(project).uuid,
644 assert_response :success
650 test "index #{project} #{untrash} as #{auth}" do
653 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
655 get :index, params: {
658 assert_response :success
659 item_uuids = json_response['items'].map do |item|
663 assert_includes(item_uuids, groups(project).uuid)
665 assert_not_includes(item_uuids, groups(project).uuid)
669 test "show #{project} #{untrash} as #{auth}" do
672 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
675 id: groups(project).uuid,
679 assert_response :success
685 test "show include_trash=false #{project} #{untrash} as #{auth}" do
688 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
691 id: groups(project).uuid,
696 assert_response :success
702 test "show include_trash #{project} #{untrash} as #{auth}" do
705 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
708 id: groups(project).uuid,
712 assert_response :success
715 test "index include_trash #{project} #{untrash} as #{auth}" do
718 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
720 get :index, params: {
724 assert_response :success
725 item_uuids = json_response['items'].map do |item|
728 assert_includes(item_uuids, groups(project).uuid)
732 test "delete project #{auth}" do
734 [:trashed_project].each do |pr|
735 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
737 assert !Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
738 post :destroy, params: {
739 id: groups(:trashed_project).uuid,
742 assert_response :success
743 assert Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
746 test "untrash project #{auth}" do
748 assert Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
749 post :untrash, params: {
750 id: groups(:trashed_project).uuid,
753 assert_response :success
754 assert !Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
757 test "untrash project with name conflict #{auth}" do
759 [:trashed_project].each do |pr|
760 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
762 gc = Group.create!({owner_uuid: "zzzzz-j7d0g-trashedproject1",
763 name: "trashed subproject 3",
764 group_class: "project"})
765 post :untrash, params: {
766 id: groups(:trashed_subproject3).uuid,
768 ensure_unique_name: true
770 assert_response :success
771 assert_match /^trashed subproject 3 \(\d{4}-\d\d-\d\d.*?Z\)$/, json_response['name']
774 test "move trashed subproject to new owner #{auth}" do
776 assert_nil Group.readable_by(users(auth)).where(uuid: groups(:trashed_subproject).uuid).first
777 put :update, params: {
778 id: groups(:trashed_subproject).uuid,
780 owner_uuid: users(:active).uuid
785 assert_response :success
786 assert_not_nil Group.readable_by(users(auth)).where(uuid: groups(:trashed_subproject).uuid).first
790 # the group class overrides the destroy method. Make sure that the destroyed
793 {group_class: "project"},
794 {group_class: "role"},
795 {group_class: "filter", properties: {"filters":[]}},
797 test "destroy group #{params} returns object" do
798 authorize_with :active
800 group = Group.create!(params)
802 post :destroy, params: {
806 assert_response :success
807 assert_not_nil json_response
808 assert_equal group.uuid, json_response["uuid"]
812 test 'get shared owned by another user' do
813 authorize_with :user_bar_in_sharing_group
815 act_as_system_user do
817 tail_uuid: users(:user_bar_in_sharing_group).uuid,
818 link_class: 'permission',
820 head_uuid: groups(:project_owned_by_foo).uuid)
823 get :shared, params: {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"}
825 assert_equal 1, json_response['items'].length
826 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
828 assert_equal 1, json_response['included'].length
829 assert_equal json_response['included'][0]["uuid"], users(:user_foo_in_sharing_group).uuid
832 test 'get shared, owned by unreadable project' do
833 authorize_with :user_bar_in_sharing_group
835 act_as_system_user do
836 Group.find_by_uuid(groups(:project_owned_by_foo).uuid).update!(owner_uuid: groups(:aproject).uuid)
838 tail_uuid: users(:user_bar_in_sharing_group).uuid,
839 link_class: 'permission',
841 head_uuid: groups(:project_owned_by_foo).uuid)
844 get :shared, params: {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"}
846 assert_equal 1, json_response['items'].length
847 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
849 assert_equal 0, json_response['included'].length
852 test 'get shared, add permission link' do
853 authorize_with :user_bar_in_sharing_group
855 act_as_system_user do
856 Link.create!(tail_uuid: groups(:group_for_sharing_tests).uuid,
857 head_uuid: groups(:project_owned_by_foo).uuid,
858 link_class: 'permission',
862 get :shared, params: {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"}
864 assert_equal 1, json_response['items'].length
865 assert_equal groups(:project_owned_by_foo).uuid, json_response['items'][0]["uuid"]
867 assert_equal 1, json_response['included'].length
868 assert_equal users(:user_foo_in_sharing_group).uuid, json_response['included'][0]["uuid"]
871 ### contents with exclude_home_project
873 test 'contents, exclude home owned by another user' do
874 authorize_with :user_bar_in_sharing_group
876 act_as_system_user do
878 tail_uuid: users(:user_bar_in_sharing_group).uuid,
879 link_class: 'permission',
881 head_uuid: groups(:project_owned_by_foo).uuid)
883 tail_uuid: users(:user_bar_in_sharing_group).uuid,
884 link_class: 'permission',
886 head_uuid: collections(:collection_owned_by_foo).uuid)
889 get :contents, params: {:include => "owner_uuid", :exclude_home_project => true}
891 assert_equal 2, json_response['items'].length
892 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
893 assert_equal json_response['items'][1]["uuid"], collections(:collection_owned_by_foo).uuid
895 assert_equal 1, json_response['included'].length
896 assert_equal json_response['included'][0]["uuid"], users(:user_foo_in_sharing_group).uuid
899 test 'contents, exclude home, owned by unreadable project' do
900 authorize_with :user_bar_in_sharing_group
902 act_as_system_user do
903 Group.find_by_uuid(groups(:project_owned_by_foo).uuid).update!(owner_uuid: groups(:aproject).uuid)
905 tail_uuid: users(:user_bar_in_sharing_group).uuid,
906 link_class: 'permission',
908 head_uuid: groups(:project_owned_by_foo).uuid)
911 get :contents, params: {:include => "owner_uuid", :exclude_home_project => true}
913 assert_equal 1, json_response['items'].length
914 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
916 assert_equal 0, json_response['included'].length
919 test 'contents, exclude home, add permission link' do
920 authorize_with :user_bar_in_sharing_group
922 act_as_system_user do
923 Link.create!(tail_uuid: groups(:group_for_sharing_tests).uuid,
924 head_uuid: groups(:project_owned_by_foo).uuid,
925 link_class: 'permission',
929 get :contents, params: {:include => "owner_uuid", :exclude_home_project => true}
931 assert_equal 1, json_response['items'].length
932 assert_equal groups(:project_owned_by_foo).uuid, json_response['items'][0]["uuid"]
934 assert_equal 1, json_response['included'].length
935 assert_equal users(:user_foo_in_sharing_group).uuid, json_response['included'][0]["uuid"]
938 test 'contents, exclude home, with parent specified' do
939 authorize_with :active
941 get :contents, params: {id: groups(:aproject).uuid, :include => "owner_uuid", :exclude_home_project => true}
946 test "include_trash does not return trash inside frozen project" do
947 authorize_with :active
948 trashtime = Time.now - 1.second
949 outerproj = Group.create!(group_class: 'project')
950 innerproj = Group.create!(group_class: 'project', owner_uuid: outerproj.uuid)
951 innercoll = Collection.create!(name: 'inner-not-trashed', owner_uuid: innerproj.uuid)
952 innertrash = Collection.create!(name: 'inner-trashed', owner_uuid: innerproj.uuid, trash_at: trashtime)
953 innertrashproj = Group.create!(group_class: 'project', name: 'inner-trashed-proj', owner_uuid: innerproj.uuid, trash_at: trashtime)
954 outertrash = Collection.create!(name: 'outer-trashed', owner_uuid: outerproj.uuid, trash_at: trashtime)
955 innerproj.update_attributes!(frozen_by_uuid: users(:active).uuid)
956 get :contents, params: {id: outerproj.uuid, include_trash: true, recursive: true}
957 assert_response :success
958 uuids = json_response['items'].collect { |item| item['uuid'] }
959 assert_includes uuids, outertrash.uuid
960 assert_includes uuids, innerproj.uuid
961 assert_includes uuids, innercoll.uuid
962 refute_includes uuids, innertrash.uuid
963 refute_includes uuids, innertrashproj.uuid
projects / arvados.git / blob